设置无密码登陆时注意:chmod 0700 .ssh chmod 600 ~/.ssh/authorized_keys cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys (将id_rsa.pub的内容追加到 authorized_keys 中, 注意不要用 > ,否则会清空原有的内容,使其他人无法使用原有的密钥登录)这三点很重要
http://www.2cto.com/os/201205/133514.html 教程
Fedora19的SSH服务是默认关闭的,安装后我们需要打通它。
首先,编辑/etc/ssh/sshd_config,把下面黑体字部分打开注释,如下:
# $OpenBSD: sshd_config,v 1.89 2013/02/06
00:20:42 dtucker Exp $
# This is the sshd server system-wide
configuration file. See
# sshd_config(5) for more information.
#
This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy
used for options in the default sshd_config shipped with
# OpenSSH is to
specify options with their default value where
# possible, but leave them
commented. Uncommented options override the
# default value.
#
If you want to change the port on a SELinux system, you have to tell
#
SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp
#PORTNUMBER
#
Port 22
AddressFamily
any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default
requires explicit activation of protocol 1
#Protocol 2
# HostKey for
protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol
version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey
/etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#
Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval
1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and
FascistLogging
#SyslogFacility AUTH
SyslogFacility
AUTHPRIV
#LogLevel INFO
#
Authentication:
#LoginGraceTime 2m
PermitRootLogin
yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions
10
#RSAAuthentication yes
#PubkeyAuthentication yes
# The
default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but
this is overridden so installations will only check
.ssh/authorized_keys
AuthorizedKeysFile
.ssh/authorized_keys
#AuthorizedPrincipalsFile
none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser
nobody
# For this to work you will also need host keys in
/etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for
protocol version 2
#HostbasedAuthentication no
# Change to yes if you
don‘t trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and
HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don‘t read the user‘s
~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled
clear text passwords, change to no here!
#PasswordAuthentication
yes
PermitEmptyPasswords
no
PasswordAuthentication yes
# Change to no
to disable s/key passwords
#ChallengeResponseAuthentication
yes
ChallengeResponseAuthentication no
# Kerberos
options
#KerberosAuthentication no
#KerberosOrLocalPasswd
yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken
no
#KerberosUseKuserok yes
# GSSAPI options
#GSSAPIAuthentication
no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials
yes
GSSAPICleanupCredentials
yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
#
Set this to ‘yes‘ to enable PAM authentication, account processing,
# and
session processing. If this is enabled, PAM authentication will
# be allowed
through the ChallengeResponseAuthentication and
#
PasswordAuthentication. Depending on your PAM configuration,
# PAM
authentication via ChallengeResponseAuthentication may bypass
# the setting
of "PermitRootLogin without-password".
# If you just want the PAM account and
session checks to run without
# PAM authentication, then enable this but set
PasswordAuthentication
# and ChallengeResponseAuthentication to ‘no‘.
#
WARNING: ‘UsePAM no‘ is not supported in Fedora and may cause several
#
problems.
#UsePAM no
UsePAM
yes
#AllowAgentForwarding yes
#AllowTcpForwarding
yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding
yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd
yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin
no
UsePrivilegeSeparation
sandbox # Default
for new installations.
#PermitUserEnvironment no
#Compression
delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel
no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups
10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum
none
# no default banner path
#Banner none
# Accept
locale-related environment variables
AcceptEnv LANG LC_CTYPE
LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS
LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION
LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
#
override default of no
subsystems
Subsystem
sftp /usr/libexec/openssh/sftp-server
#
Uncomment this if you want to use .local domain
#Host
*.local
# CheckHostIP no
# Example
of overriding settings on a per-user basis
#Match User
anoncvs
# X11Forwarding
no
# AllowTcpForwarding
no
# ForceCommand cvs server
然后,保存退出。再使用命令
#service sshd start打开服务。
在使用以下命令让SSHD开机启动。
# chkconfig sshd --level 35 on
Note: Forwarding
request to ‘systemctl enable sshd.service‘.
以后Linux服务器开机后,就可以用PUTY,SecureCRT等直接连通了。
原文:http://www.cnblogs.com/johnnyflute/p/3642285.html