当前位置: 首页 > article >正文

【Linux操作系统】Linux配置OpenSSH服务器步骤记录

article 2024/10/28 0:16:07

1.安装OpenSSH服务器软件包

用指令查询,已经全部安装。

编辑/etc/ssh/sshd_config文件:

#       $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $



# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.



# This sshd was compiled with PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin



# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options override the

# default value.



# If you want to change the port on a SELinux system, you have to tell

# SELinux about this change.

# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER

#

#Port 22

#AddressFamily any

#ListenAddress 0.0.0.0

#ListenAddress ::



HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_ecdsa_key

#In FIPS mode Ed25519 keys are not supported, please comment out the next line

HostKey /etc/ssh/ssh_host_ed25519_key



# Ciphers and keying

#RekeyLimit default none



# This system is following system-wide crypto policy. The changes to

# crypto properties (Ciphers, MACs, ...) will not have any effect here.

# They will be overridden by command-line options passed to the server

# on command line.

# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).



# Logging

#SyslogFacility AUTH

SyslogFacility AUTHPRIV

#LogLevel INFO



# Authentication:



#LoginGraceTime 2m

PermitRootLogin yes

#StrictModes yes

#MaxAuthTries 6

#MaxSessions 10



#PubkeyAuthentication yes



# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2

# but this is overridden so installations will only check .ssh/authorized_keys

AuthorizedKeysFile      .ssh/authorized_keys



#AuthorizedPrincipalsFile none



#AuthorizedKeysCommand none

#AuthorizedKeysCommandUser nobody



# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# HostbasedAuthentication

#IgnoreUserKnownHosts no

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes



# To disable tunneled clear text passwords, change to no here!

#PasswordAuthentication yes

#PermitEmptyPasswords no

PasswordAuthentication yes



# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

ChallengeResponseAuthentication no



# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

#KerberosUseKuserok yes



# GSSAPI options

GSSAPIAuthentication yes

GSSAPICleanupCredentials no

#GSSAPIStrictAcceptorCheck yes

#GSSAPIKeyExchange no

#GSSAPIEnablek5users no



# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

# WARNING: 'UsePAM no' is not supported in RHEL and may cause several

# problems.

UsePAM yes



#AllowAgentForwarding yes

#AllowTcpForwarding yes

#GatewayPorts no

X11Forwarding yes

#X11DisplayOffset 10

#X11UseLocalhost yes

#PermitTTY yes



# It is recommended to use pam_motd in /etc/pam.d/sshd instead of PrintMotd,

# as it is more configurable and versatile than the built-in version.

PrintMotd no



#PrintLastLog yes

#TCPKeepAlive yes

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

#UseDNS no

#PidFile /var/run/sshd.pid

#MaxStartups 10:30:100

#PermitTunnel no

#ChrootDirectory none

#VersionAddendum none



# no default banner path

#Banner none



# Accept locale-related environment variables

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE

AcceptEnv XMODIFIERS



# override default of no subsystems

Subsystem       sftp    /usr/libexec/openssh/sftp-server



# Example of overriding settings on a per-user basis

#Match User anoncvs

#       X11Forwarding no

#       AllowTcpForwarding no

#       PermitTTY no

#       ForceCommand cvs server







Port 22

ListenAddress 192.168.0.2

PermitEmptyPasswords no

DenyUsers lisi

出现问题:E325: ATTENTION Found a swap file by the name "/etc/ssh/.sshd_config.swp"

查询后发现是上次修改内容没有保存,意外退出造成的,生成了一个.swp文件。解决方法:

 rm -f /etc/ssh/.sshd_config.swp

删掉这个备份文件,然后重新编辑

命令行输入

sudo gedit /etc/ssh/sshd_config

3.启动sshd服务

Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.

Subject: sshd.service 单元已开始启动

-- Defined-By: systemd

-- Support: https://access.redhat.com/support

--

-- sshd.service 单元已开始启动。

10月 20 17:56:13 rhel sshd[32022]: error: Bind to port 22 on 192.168.0.2 failed>

10月 20 17:56:13 rhel sshd[32022]: fatal: Cannot bind any address.

10月 20 17:56:13 rhel systemd[1]: sshd.service: Main process exited, code=exite>

10月 20 17:56:13 rhel systemd[1]: sshd.service: Failed with result 'exit-code'.

-- Subject: Unit failed

-- Defined-By: systemd

-- Support: https://access.redhat.com/support

--

-- The unit sshd.service has entered the 'failed' state with result 'exit-code'.

10月 20 17:56:13 rhel systemd[1]: Failed to start OpenSSH server daemon.

-- Subject: sshd.service 单元已失败

-- Defined-By: systemd

-- Support: https://access.redhat.com/support

--

-- sshd.service 单元已失败。

--

-- 结果为“failed”。

systemctl status sshd.service

● sshd.service - OpenSSH server daemon

   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset>

   Active: activating (auto-restart) (Result: exit-code) since Sun 2024-10-20 1>

     Docs: man:sshd(8)

           man:sshd_config(5)

  Process: 33661 ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY (code=exit>

 Main PID: 33661 (code=exited, status=255)

10月 20 17:59:02 rhel systemd[1]: sshd.service: Main process exited, code=exite>

10月 20 17:59:02 rhel systemd[1]: sshd.service: Failed with result 'exit-code'.

10月 20 17:59:02 rhel systemd[1]: Failed to start OpenSSH server daemon.

重装能解决100%的问题。

5.PuTTY显示中文字符

设置为UTF-8


http://www.kler.cn/news/367963.html

相关文章:

  • logback 如何将日志输出到文件
  • 解读数字化转型的敏捷架构:从理论到实践的深度分析
  • 【AI大模型】深入解析 存储和展示地理数据(.kmz)文件格式:结构、应用与项目实战
  • Qt:QtCreator使用
  • spring整体框架+IOC+Bean 学习笔记
  • C++中红黑树的实现
  • 【Linux】操作系统初步理解与Linux指令入门
  • CesiumJS 案例 P6:添加图片图层、添加图片图层并覆盖指定区域
  • Kafka文档阅读笔记之基本操作
  • js构造函数和原型对象,ES6中的class,四种继承方式
  • FreeSWITCH 简单图形化界面30 - 使用MYODBC时可能遇到的错误
  • 宝塔-修改docker加速镜像-daemon.json配置文件格式错误!
  • android 与网页交互通过网页修改宿主布局和异常处理——未来之窗行业应用跨平台架构
  • 【OpenAI】第五节(图像生成)利用 OpenAI 的 DALL·E 实现自动化图像生成:从文本到图像的完整教程
  • 【报错解决】C++ 出现错误error: default argument given for parameter的解决办法
  • 15分钟学 Go 第 14 天:切片
  • 详细解读 CVPR2024:VideoBooth: Diffusion-based Video Generation with Image Prompts
  • Matlab 疲劳检测系统【源码 GUI】
  • HarmonyOS 相对布局(RelativeContainer)
  • 【达梦数据库】两台或多台服务器之间免密登录设置-【dmdba用户】
  • 【Ubuntu更换镜像源】
  • 机器视觉-相机、镜头、光源(总结)
  • 48页PPT数字政府智慧政务一网通办解决方案
  • vue2 使用环境变量
  • 34. 在排序数组中查找元素的第一个和最后一个位置
  • Primate:自由灵活的Web框架