配置Solaris允许SSH远程登录

1)  配置/etc/ssh/sshd_config的PermitRootLogin参数

#

# gedit /etc/ssh/sshd_config

# cat /etc/ssh/sshd_config

# Copyright (c) 2001, 2010, Oracle and/or its affiliates. All   rights reserved.

#

# ident "@(#)sshd_config    1.10    10/10/19   SMI"

#

# Configuration file for sshd(1m)

# Protocol versions supported

#

# The sshd shipped in this release of Solaris has support for   major versions

# 1 and 2.  It is   recommended due to security weaknesses in the v1 protocol

# that sites run only v2 if possible. Support for v1 is provided   to help sites

# with existing ssh v1 clients/servers to transition.

# Support for v1 may not be available in a future release of   Solaris.

#

# To enable support for v1 an RSA1 key must be created with   ssh-keygen(1).

# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd   if they

# do not already exist, RSA1 keys for protocol v1 are not   automatically created.

# Uncomment ONLY ONE of the following Protocol statements.

# Only v2 (recommended)

Protocol 2

# Both v1 and v2 (not recommended)

#Protocol 2,1

# Only v1 (not recommended)

#Protocol 1

# Listen port (the IANA registered port number for ssh is 22)

Port 22

# The default listen address is all interfaces, this may need to   be changed

# if you wish to restrict the interfaces sshd listens on for a   multi homed host.

# Multiple ListenAddress entries are allowed.

# IPv4 only

#ListenAddress 0.0.0.0

# IPv4 & IPv6

ListenAddress ::

# Port forwarding

AllowTcpForwarding no

# If port forwarding is enabled, specify if the server can bind   to INADDR_ANY.

# This allows the local port forwarding to work when connections   are received

# from any remote host.

GatewayPorts no

# X11 tunneling options

X11Forwarding yes

X11DisplayOffset 10

X11UseLocalhost yes

# The maximum number of concurrent unauthenticated connections   to sshd.

# start:rate:full see sshd(1) for more information.

# The default is 10 unauthenticated clients.

#MaxStartups 10:30:60

# Banner to be printed before authentication starts.

#Banner /etc/issue

# Should sshd print the /etc/motd file and check for mail.

# On Solaris it is assumed that the login shell will do these   (eg /etc/profile).

PrintMotd no

# KeepAlive specifies whether keep alive messages are sent to   the client.

# See sshd(1) for detailed description of what this means.

# Note that the client may also be sending keep alive messages   to the server.

KeepAlive yes

# Syslog facility and level

SyslogFacility auth

LogLevel info

#

# Authentication configuration

#

# Host private key files

# Must be on a local disk and readable only by the root user   (root:sys 600).

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_dsa_key

# Length of the server key

# Default 768, Minimum 512

ServerKeyBits 768

# sshd regenerates the key every KeyRegenerationInterval   seconds.

# The key is never stored anywhere except the memory of sshd.

# The default is 1 hour (3600 seconds).

KeyRegenerationInterval 3600

# Ensure secure permissions on users .ssh directory.

StrictModes yes

# Length of time in seconds before a client that hasn't   completed

# authentication is disconnected.

# Default is 600 seconds. 0 means no time limit.

LoginGraceTime 600

# Maximum number of retries for authentication

# Default is 6. Default (if unset) for MaxAuthTriesLog is   MaxAuthTries / 2

MaxAuthTries    6

MaxAuthTriesLog 3

# Are logins to accounts with empty passwords allowed.

# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK

# to pam_authenticate(3PAM).

PermitEmptyPasswords no

# To disable tunneled clear text passwords, change   PasswordAuthentication to no.

PasswordAuthentication yes

# Use PAM via keyboard interactive method for authentication.

# Depending on the setup of pam.conf(4) this may allow tunneled   clear text

# passwords even when PasswordAuthentication is set to no. This   is dependent

# on what the individual modules request and is out of the   control of sshd

# or the protocol.

PAMAuthenticationViaKBDInt yes

# Are root logins permitted using sshd.

# Note that sshd uses pam_authenticate(3PAM) so the root (or any   other) user

# maybe denied access by a PAM module regardless of this   setting.

# Valid options are yes, without-password, no.

# PermitRootLogin no

PermitRootLogin yes

# sftp subsystem

Subsystem   sftp    internal-sftp

# SSH protocol v1 specific options

#

# The following options only apply to the v1 protocol and   provide

# some form of backwards compatibility with the very weak   security

# of /usr/bin/rsh.  Their   use is not recommended and the functionality

# will be removed when support for v1 protocol is removed.

# Should sshd use .rhosts and .shosts for password less   authentication.

IgnoreRhosts yes

RhostsAuthentication no

# Rhosts RSA Authentication

# For this to work you will also need host keys in   /etc/ssh/ssh_known_hosts.

# If the user on the client side is not root then this won't   work on

# Solaris since /usr/bin/ssh is not installed setuid.

RhostsRSAAuthentication no

# Uncomment if you don't trust ~/.ssh/known_hosts for   RhostsRSAAuthentication.

#IgnoreUserKnownHosts yes

# Is pure RSA authentication allowed.

# Default is yes

RSAAuthentication yes

2)  重启SSH服务，使配置生效

# svcadm restart ssh

3)  重启系统

可能需要重启Solaris后，root才可以远程登录。

# reboot

4)  远程登录

Last login: Wed Jan  7   17:14:15 2015 from 192.168.137.105

Oracle Corporation        SunOS 5.10      Generic   Patch   January 2005