怎么配置SSH

主要是 /etc/hosts.allow 和 ／etc/hosts.deny问题 最好两个都设置一下。

因为有些系统是先load hosts.allow 再 load hosts.allow .有些相反。

hosts.allow:

ALL:ALL:allow sshd sshd1 sshd2:ALL:allow #ssh:0.0.0.0/0.0.0.0 sshd:192.168.1.:allow hosts.deny sshd[2760]:

# you should know that NFS uses portmap!

ALL:ALL EXCEPT 127.0.0.1:DENY to ALL:ALL EXCEPT 127.0.0.1 AND 192.168.1.111:DENY

完成后。重启sshd :

service sshd restart /etc/init.d/sshd restart

如果还不行就查一下syslog

位置在 /var/log/syslog

在那可以看到为什么不行。再改一下。再测试一下。反正都要多试几种方法

....

....refused connect from ::ffff:192.168.*.*...

方法二

修改/etc/hosts.allow文件，加入 sshd:ALL。

设置域名:Router (config)# ip domain-name abc.com

配置加密方式为RSA:Router (config)# crypto key generate rsa

开启AAA认证：Router (config)# aaa new-model

设置客户吗与密码：Router (config)# username test password test

设置SSH超时：Router (config)# ip ssh time-out

开启SSH认证：Router (config)# ip ssh authentication-retries

进入Telnet接口配置模式：Router (config)# line vty 0 4

在Telnet接口模式下使用SSH认证：Router (config-line)# transport input SSH

若要用SSH2，配置SSH的版本号：Router (config)#ip ssh version 2

在配置SSH登录时，要生成一1024位RSA key，那么key的名字是以路由器的名字与DNS域名相接合为名字。

命令如下：

Outside(config)#ip domain-name zlinux.org

Outside(config)#crypto key generate rsa

The name for the keys will be: Outside.zlinux.org

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

Outside(config)#

*Mar 1 00:03:09.675: %SSH-5-ENABLED: SSH 1.99 has been enabled

Outside(config)#

Outside(config)#end

Outside#show crypto key mypubkey rsa

% Key pair was generated at: 00:03:09 UTC Mar 1 2002

Key name: Outside.zlinux.org

Storage Device: not specified

Usage: General Purpose Key

Key is not exportable.

Key Data:

30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00ABC75B

3B2F9A30 338242EA 6F0538F2 389A03DC 5CF47EA0 BDC2B35E 1DF74655 03D474CC

77FDB463 96FAAB42 809343AC 7588A955 D2332BE5 C1E7DE71 F62CA321 8E9466BF

C91A0125 835290AC 9841510F C8C16287 4B52ED40 370CB853 F6D05883 60B89034

1F60604C C9D05193 A4945570 70EB10E9 BF4E2A0A 3D3467E9 E92546A2 BD020301 0001

% Key pair was generated at: 00:03:10 UTC Mar 1 2002

Key name: Outside.zlinux.org.server

Temporary key

Usage: Encryption Key

Key is not exportable.

Key Data:

307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00CDA161 D646F693

0A617A97 1B2604CD 461380C6 6797514A 216EB48B BC8B5182 9BEC8310 12ADC711

0788211C 2D27FAF8 F1DE6EFE 3AF2FA08 D063D002 759054E5 79597CF4 5FF2485F

8DAD92C6 97421767 89D2EBE8 4A78B46F F28C8FEE D08AD141 6F020301 0001

---