SSH(ArchLinux) 的简单配置

安装ssh

pacman -S openssh


配置ssh

配置文件 /etc/ssh/ssh_config

#   $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ 
 
# This is the ssh client system-wide configuration file.  See 
# ssh_config(5) for more information.  This file provides defaults for 
# users, and the values can be changed in per-user configuration files 
# or on the command line. 
 
# Configuration data is parsed as follows: 
#  1. command line options 
#  2. user-specific file 
#  3. system-wide file 
# Any configuration value is only changed the first time it is set. 
# Thus, host-specific definitions should be at the beginning of the 
# configuration file, and defaults at the end. 
 
# Site-wide defaults for various options 
 
# Host * 
#   ForwardAgent no 
#   ForwardX11 no 
#   RhostsRSAAuthentication no 
#   RSAAuthentication yes 
#   PasswordAuthentication yes 
#   HostbasedAuthentication no 
#   BatchMode no 
#   CheckHostIP yes 
#   AddressFamily any 
#   ConnectTimeout 0 
#   StrictHostKeyChecking ask 
#   IdentityFile ~/.ssh/identity 
#   IdentityFile ~/.ssh/id_rsa 
#   IdentityFile ~/.ssh/id_dsa 
#   Port 22 
#   Protocol 2,1 
#   Cipher 3des 
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc 
#   EscapeChar ~
 /etc/ssh/sshd_config
 
#   $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $ 
 
# This is the sshd server system-wide configuration file.  See 
# sshd_config(5) for more information. 
 
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 
 
# The strategy used for options in the default sshd_config shipped with 
# OpenSSH is to specify options with their default value where 
# possible, but leave them commented.  Uncommented options change a 
# default value. 
 
#Port 22 
#Protocol 2,1 
ListenAddress 0.0.0.0 
#ListenAddress :: 
 
# HostKey for protocol version 1 
#HostKey /etc/ssh/ssh''host''key 
# HostKeys for protocol version 2 
#HostKey /etc/ssh/ssh''host''rsa_key 
#HostKey /etc/ssh/ssh''host''dsa_key 
 
# Lifetime and size of ephemeral version 1 server key 
#KeyRegenerationInterval 1h 
#ServerKeyBits 768 
 
# Logging 
#obsoletes ~QuietMode and ~FascistLogging 
#SyslogFacility AUTH 
#LogLevel INFO 
 
# Authentication: 
 
#LoginGraceTime 2m 
#PermitRootLogin yes 
#StrictModes yes 
#MaxAuthTries 6 
 
#RSAAuthentication yes 
#PubkeyAuthentication yes 
#AuthorizedKeysFile     .ssh/authorized_keys 
 
# For this to work you will also need host keys in /etc/ssh/ssh''known''hosts 
#RhostsRSAAuthentication no 
# similar for protocol version 2 
#HostbasedAuthentication no 
# Change to yes if you don't trust ~/.ssh/known_hosts for 
# RhostsRSAAuthentication and HostbasedAuthentication 
#IgnoreUserKnownHosts no 
# Don't read the user's ~/.rhosts and ~/.shosts files 
#IgnoreRhosts yes 
 
# To disable tunneled clear text passwords, change to no here! 
#PasswordAuthentication yes 
#PermitEmptyPasswords no 
 
# Change to no to disable s/key passwords 
#ChallengeResponseAuthentication yes 
 
# Kerberos options 
#KerberosAuthentication no 
#KerberosOrLocalPasswd yes 
#KerberosTicketCleanup yes 
#KerberosGetAFSToken no 
 
# GSSAPI options 
#GSSAPIAuthentication no 
#GSSAPICleanupCredentials yes 
 
# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ~ChallengeResponseAuthentication mechanism. 
# Depending on your PAM configuration, this may bypass the setting of 
# PasswordAuthentication, ~PermitEmptyPasswords, and 
# "PermitRootLogin without-password". If you just want the PAM account and 
# session checks to run without PAM authentication, then enable this but set 
# ChallengeResponseAuthentication=no 
#UsePAM no 
 
#AllowTcpForwarding yes 
#GatewayPorts no 
#X11Forwarding no 
#X11DisplayOffset 10 
#X11Uselok.me yes 
#PrintMotd yes 
#PrintLastLog yes 
#TCPKeepAlive yes 
#UseLogin no 
#UsePrivilegeSeparation yes 
#PermitUserEnvironment no 
#Compression yes 
#ClientAliveInterval 0 
#ClientAliveCountMax 3 
#UseDNS yes 
#PidFile /var/run/sshd.pid 
#MaxStartups 10 
 
# no default banner path 
#Banner /some/path 
 
# override default of no subsystems 
Subsystem       sftp    /usr/lib/ssh/sftp-server

然后配置 /etc/hosts.allow

ssh:ALL //没这个的话,会有很多错误。”Server unexpectedly closed network connection”
启动sshd

/etc/rc.d/sshd restart
开机自动开启sshd

DAEMONS=(… … … … … sshd … … …)