配置Solaris允许SSH远程登录

1、 配置/etc/ssh/sshd_config的PermitRootLogin参数## gedit /etc/ssh/sshd_config# cat /et艘早祓胂c/ssh/sshd_config# Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.## ident "@(#)sshd_config 1.10 10/10/19 SMI"## Configuration file for sshd(1m)# Protocol versions supported## The sshd shipped in this release of Solaris has support for major versions# 1 and 2. It is recommended due to security weaknesses in the v1 protocol# that sites run only v2 if possible. Support for v1 is provided to help sites# with existing ssh v1 clients/servers to transition.# Support for v1 may not be available in a future release of Solaris.## To enable support for v1 an RSA1 key must be created with ssh-keygen(1).# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they# do not already exist, RSA1 keys for protocol v1 are not automatically created.# Uncomment ONLY ONE of the following Protocol statements.# Only v2 (recommended)Protocol 2# Both v1 and v2 (not recommended)#Protocol 2,1# Only v1 (not recommended)#Protocol 1# Listen port (the IANA registered port number for ssh is 22)Port 22# The default listen address is all interfaces, this may need to be changed# if you wish to restrict the interfaces sshd listens on for a multi homed host.# Multiple ListenAddress entries are allowed.# IPv4 only#ListenAddress 0.0.0.0# IPv4 & IPv6ListenAddress ::# Port forwardingAllowTcpForwarding no# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.# This allows the local port forwarding to work when connections are received# from any remote host.GatewayPorts no# X11 tunneling optionsX11Forwarding yesX11DisplayOffset 10X11UseLocalhost yes# The maximum number of concurrent unauthenticated connections to sshd.# start:rate:full see sshd(1) for more information.# The default is 10 unauthenticated clients.#MaxStartups 10:30:60# Banner to be printed before authentication starts.#Banner /etc/issue# Should sshd print the /etc/motd file and check for mail.# On Solaris it is assumed that the login shell will do these (eg /etc/profile).PrintMotd no# KeepAlive specifies whether keep alive messages are sent to the client.# See sshd(1) for detailed description of what this means.# Note that the client may also be sending keep alive messages to the server.KeepAlive yes# Syslog facility and levelSyslogFacility authLogLevel info## Authentication configuration## Host private key files# Must be on a local disk and readable only by the root user (root:sys 600).HostKey /etc/ssh/ssh_host_rsa_keyHostKey /etc/ssh/ssh_host_dsa_key# Length of the server key# Default 768, Minimum 512ServerKeyBits 768# sshd regenerates the key every KeyRegenerationInterval seconds.# The key is never stored anywhere except the memory of sshd.# The default is 1 hour (3600 seconds).KeyRegenerationInterval 3600# Ensure secure permissions on users .ssh directory.StrictModes yes# Length of time in seconds before a client that hasn't completed# authentication is disconnected.# Default is 600 seconds. 0 means no time limit.LoginGraceTime 600# Maximum number of retries for authentication# Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2MaxAuthTries 6MaxAuthTriesLog 3# Are logins to accounts with empty passwords allowed.# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK# to pam_authenticate(3PAM).PermitEmptyPasswords no# To disable tunneled clear text passwords, change PasswordAuthentication to no.PasswordAuthentication yes# Use PAM via keyboard interactive method for authentication.# Depending on the setup of pam.conf(4) this may allow tunneled clear text# passwords even when PasswordAuthentication is set to no. This is dependent# on what the individual modules request and is out of the control of sshd# or the protocol.PAMAuthenticationViaKBDInt yes# Are root logins permitted using sshd.# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user# maybe denied access by a PAM module regardless of this setting.# Valid options are yes, without-password, no.# PermitRootLogin noPermitRootLogin yes# sftp subsystemSubsystem sftp internal-sftp# SSH protocol v1 specific options## The following options only apply to the v1 protocol and provide# some form of backwards compatibility with the very weak security# of /usr/bin/rsh. Their use is not recommended and the functionality# will be removed when support for v1 protocol is removed.# Should sshd use .rhosts and .shosts for password less authentication.IgnoreRhosts yesRhostsAuthentication no# Rhosts RSA Authentication# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.# If the user on the client side is not root then this won't work on# Solaris since /usr/bin/ssh is not installed setuid.RhostsRSAAuthentication no# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.#IgnoreUserKnownHosts yes# Is pure RSA authentication allowed.# Default is yesRSAAuthentication yes

2、 重启SSH服务，使配置生效# svcadm restart ssh

3、 重启系统可能需要重启Solaris后，root才可以远程登录。# reboot

4、 远程瞌蕞凿鸠登录Last login: Wed Jan 7 17:14:15 2015 from 192.168.137.105Oracle Corporation SunOS 5.10 Generic Patch January 2005