在VMware安裝一個CentOS的Sever版,終端里的內容不可滾動,不方便。在win下遠程登錄不錯(win下有個Xshell)。默認安裝ssh是有的。只是hosts訪問問題。
1.在hosts.deny文件尾添加sshd:ALL
意思是拒絕所有訪問請求
[root@localhost ~]# vi /etc/hosts.deny
修改后看起來如下:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd:ALL
2.在hosts.allow文件尾添加sshd:192.168.0.
意思是允許192.168.0.1 到254的主機,內網。
[root@localhost ~]# vi /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd:192.168.0.
3.重啟ssh
[root@localhost ~]# /etc/rc.d/init.d/sshd restart
停止 sshd: [ 確定 ]
啟動 sshd [ 確定 ]
好了,用putty和Xshell(Xmanager)可以登錄了。^_^
4.ssh增強配置
[root@localhost ~]# vi /etc/ssh/sshd_config ← 用vi打開SSH的配置文件
#Protocol 2,1 ← 找到此行將行頭“#”刪除,再將行末的“,1”刪除,只允許SSH2方式的連接
Protocol 2 ← 修改后變為此狀態,僅使用SSH2
#ServerKeyBits 768 ← 找到這一行,將行首的“#”去掉,并將768改為1024
ServerKeyBits 1024 ← 修改后變為此狀態,將ServerKey強度改為1024比特
#PermitRootLogin yes ← 找到這一行,將行首的“#”去掉,并將yes改為no
PermitRootLogin no ← 修改后變為此狀態,不允許用root進行登錄
#PasswordAuthentication yes ← 找到這一行,將yes改為no
PasswordAuthentication no ← 修改后變為此狀態,不允許密碼方式的登錄
#PermitEmptyPasswords no ← 找到此行將行頭的“#”刪除,不允許空密碼登錄
PermitEmptyPasswords no ← 修改后變為此狀態,禁止空密碼進行登錄
參考:
http://www.centospub.com/make/sshd.html
posted on 2008-05-01 10:13
流浪汗 閱讀(12561)
評論(0) 編輯 收藏 所屬分類:
Linux