質問編集履歴
1
sshd_configの中身追加
test
CHANGED
File without changes
|
test
CHANGED
@@ -35,3 +35,303 @@
|
|
35
35
|
|
36
36
|
|
37
37
|
調べたところ、ほとんどの回答が/etc/ssh/sshd_configでポート番号をを編集するというものでしたが、初心者すぎるのか、編集の仕方が全くわかりません。。。編集の仕方を含め、上記の問題について解決策をご教示いただけたらと思います。よろしくおねがいします。
|
38
|
+
|
39
|
+
|
40
|
+
|
41
|
+
### 追加
|
42
|
+
|
43
|
+
sshd_configの中身ですが、役に立ちますでしょうか。ただ変更を加えようとすると、You don’t own the file “sshd_config” and don’t have permission to write to it. You can duplicate this document and edit the duplicate. Only the duplicate will include your changes.というアラートが出ます。
|
44
|
+
|
45
|
+
```
|
46
|
+
|
47
|
+
# $OpenBSD: sshd_config,v 1.95 2015/04/27 21:42:48 djm Exp $
|
48
|
+
|
49
|
+
|
50
|
+
|
51
|
+
# This is the sshd server system-wide configuration file. See
|
52
|
+
|
53
|
+
# sshd_config(5) for more information.
|
54
|
+
|
55
|
+
|
56
|
+
|
57
|
+
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
|
58
|
+
|
59
|
+
|
60
|
+
|
61
|
+
# The strategy used for options in the default sshd_config shipped with
|
62
|
+
|
63
|
+
# OpenSSH is to specify options with their default value where
|
64
|
+
|
65
|
+
# possible, but leave them commented. Uncommented options override the
|
66
|
+
|
67
|
+
# default value.
|
68
|
+
|
69
|
+
|
70
|
+
|
71
|
+
# See sshd_config(5) for details on setting the Port and Listen values on Mac OS X
|
72
|
+
|
73
|
+
#Port 22
|
74
|
+
|
75
|
+
#AddressFamily any
|
76
|
+
|
77
|
+
#ListenAddress 0.0.0.0
|
78
|
+
|
79
|
+
#ListenAddress ::
|
80
|
+
|
81
|
+
|
82
|
+
|
83
|
+
# The default requires explicit activation of protocol 1
|
84
|
+
|
85
|
+
#Protocol 2
|
86
|
+
|
87
|
+
|
88
|
+
|
89
|
+
# HostKey for protocol version 1
|
90
|
+
|
91
|
+
#HostKey /etc/ssh/ssh_host_key
|
92
|
+
|
93
|
+
# HostKeys for protocol version 2
|
94
|
+
|
95
|
+
#HostKey /etc/ssh/ssh_host_rsa_key
|
96
|
+
|
97
|
+
#HostKey /etc/ssh/ssh_host_dsa_key
|
98
|
+
|
99
|
+
#HostKey /etc/ssh/ssh_host_ecdsa_key
|
100
|
+
|
101
|
+
#HostKey /etc/ssh/ssh_host_ed25519_key
|
102
|
+
|
103
|
+
|
104
|
+
|
105
|
+
# Lifetime and size of ephemeral version 1 server key
|
106
|
+
|
107
|
+
#KeyRegenerationInterval 1h
|
108
|
+
|
109
|
+
#ServerKeyBits 1024
|
110
|
+
|
111
|
+
|
112
|
+
|
113
|
+
# Ciphers and keying
|
114
|
+
|
115
|
+
#RekeyLimit default none
|
116
|
+
|
117
|
+
|
118
|
+
|
119
|
+
# Logging
|
120
|
+
|
121
|
+
# obsoletes QuietMode and FascistLogging
|
122
|
+
|
123
|
+
SyslogFacility AUTHPRIV
|
124
|
+
|
125
|
+
#LogLevel INFO
|
126
|
+
|
127
|
+
|
128
|
+
|
129
|
+
# Authentication:
|
130
|
+
|
131
|
+
|
132
|
+
|
133
|
+
#LoginGraceTime 2m
|
134
|
+
|
135
|
+
#PermitRootLogin no
|
136
|
+
|
137
|
+
#StrictModes yes
|
138
|
+
|
139
|
+
#MaxAuthTries 6
|
140
|
+
|
141
|
+
#MaxSessions 10
|
142
|
+
|
143
|
+
|
144
|
+
|
145
|
+
#RSAAuthentication yes
|
146
|
+
|
147
|
+
#PubkeyAuthentication yes
|
148
|
+
|
149
|
+
|
150
|
+
|
151
|
+
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
|
152
|
+
|
153
|
+
# but this is overridden so installations will only check .ssh/authorized_keys
|
154
|
+
|
155
|
+
AuthorizedKeysFile .ssh/authorized_keys
|
156
|
+
|
157
|
+
|
158
|
+
|
159
|
+
#AuthorizedPrincipalsFile none
|
160
|
+
|
161
|
+
|
162
|
+
|
163
|
+
#AuthorizedKeysCommand none
|
164
|
+
|
165
|
+
#AuthorizedKeysCommandUser nobody
|
166
|
+
|
167
|
+
|
168
|
+
|
169
|
+
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
170
|
+
|
171
|
+
#RhostsRSAAuthentication no
|
172
|
+
|
173
|
+
# similar for protocol version 2
|
174
|
+
|
175
|
+
#HostbasedAuthentication no
|
176
|
+
|
177
|
+
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
178
|
+
|
179
|
+
# RhostsRSAAuthentication and HostbasedAuthentication
|
180
|
+
|
181
|
+
#IgnoreUserKnownHosts no
|
182
|
+
|
183
|
+
# Don't read the user's ~/.rhosts and ~/.shosts files
|
184
|
+
|
185
|
+
#IgnoreRhosts yes
|
186
|
+
|
187
|
+
|
188
|
+
|
189
|
+
# To disable tunneled clear text passwords both PasswordAuthentication and
|
190
|
+
|
191
|
+
# ChallengeResponseAuthentication must be set to "no".
|
192
|
+
|
193
|
+
#PasswordAuthentication no
|
194
|
+
|
195
|
+
#PermitEmptyPasswords no
|
196
|
+
|
197
|
+
|
198
|
+
|
199
|
+
# Change to no to disable s/key passwords
|
200
|
+
|
201
|
+
#ChallengeResponseAuthentication yes
|
202
|
+
|
203
|
+
|
204
|
+
|
205
|
+
# Kerberos options
|
206
|
+
|
207
|
+
#KerberosAuthentication no
|
208
|
+
|
209
|
+
#KerberosOrLocalPasswd yes
|
210
|
+
|
211
|
+
#KerberosTicketCleanup yes
|
212
|
+
|
213
|
+
#KerberosGetAFSToken no
|
214
|
+
|
215
|
+
|
216
|
+
|
217
|
+
# GSSAPI options
|
218
|
+
|
219
|
+
#GSSAPIAuthentication no
|
220
|
+
|
221
|
+
#GSSAPICleanupCredentials yes
|
222
|
+
|
223
|
+
#GSSAPIStrictAcceptorCheck yes
|
224
|
+
|
225
|
+
#GSSAPIKeyExchange no
|
226
|
+
|
227
|
+
|
228
|
+
|
229
|
+
# Set this to 'yes' to enable PAM authentication, account processing,
|
230
|
+
|
231
|
+
# and session processing. If this is enabled, PAM authentication will
|
232
|
+
|
233
|
+
# be allowed through the ChallengeResponseAuthentication and
|
234
|
+
|
235
|
+
# PasswordAuthentication. Depending on your PAM configuration,
|
236
|
+
|
237
|
+
# PAM authentication via ChallengeResponseAuthentication may bypass
|
238
|
+
|
239
|
+
# the setting of "PermitRootLogin without-password".
|
240
|
+
|
241
|
+
# If you just want the PAM account and session checks to run without
|
242
|
+
|
243
|
+
# PAM authentication, then enable this but set PasswordAuthentication
|
244
|
+
|
245
|
+
# and ChallengeResponseAuthentication to 'no'.
|
246
|
+
|
247
|
+
# Also, PAM will deny null passwords by default. If you need to allow
|
248
|
+
|
249
|
+
# null passwords, add the " nullok" option to the end of the
|
250
|
+
|
251
|
+
# securityserver.so line in /etc/pam.d/sshd.
|
252
|
+
|
253
|
+
#UsePAM yes
|
254
|
+
|
255
|
+
|
256
|
+
|
257
|
+
#AllowAgentForwarding yes
|
258
|
+
|
259
|
+
#AllowTcpForwarding yes
|
260
|
+
|
261
|
+
#GatewayPorts no
|
262
|
+
|
263
|
+
#X11Forwarding no
|
264
|
+
|
265
|
+
#XauthLocation xauth # Default is to search $PATH (set by launchd(8)). It is recommended that a full path be provided.
|
266
|
+
|
267
|
+
#X11DisplayOffset 10
|
268
|
+
|
269
|
+
#X11UseLocalhost yes
|
270
|
+
|
271
|
+
#PermitTTY yes
|
272
|
+
|
273
|
+
#PrintMotd yes
|
274
|
+
|
275
|
+
#PrintLastLog yes
|
276
|
+
|
277
|
+
#TCPKeepAlive yes
|
278
|
+
|
279
|
+
#UseLogin no
|
280
|
+
|
281
|
+
UsePrivilegeSeparation sandbox # Default for new installations.
|
282
|
+
|
283
|
+
#PermitUserEnvironment no
|
284
|
+
|
285
|
+
#Compression delayed
|
286
|
+
|
287
|
+
#ClientAliveInterval 0
|
288
|
+
|
289
|
+
#ClientAliveCountMax 3
|
290
|
+
|
291
|
+
#UseDNS no
|
292
|
+
|
293
|
+
#PidFile /var/run/sshd.pid
|
294
|
+
|
295
|
+
#MaxStartups 10:30:100
|
296
|
+
|
297
|
+
#PermitTunnel no
|
298
|
+
|
299
|
+
#ChrootDirectory none
|
300
|
+
|
301
|
+
#VersionAddendum none
|
302
|
+
|
303
|
+
|
304
|
+
|
305
|
+
# pass locale information
|
306
|
+
|
307
|
+
AcceptEnv LANG LC_*
|
308
|
+
|
309
|
+
|
310
|
+
|
311
|
+
# no default banner path
|
312
|
+
|
313
|
+
#Banner none
|
314
|
+
|
315
|
+
|
316
|
+
|
317
|
+
# override default of no subsystems
|
318
|
+
|
319
|
+
Subsystem sftp /usr/libexec/sftp-server
|
320
|
+
|
321
|
+
|
322
|
+
|
323
|
+
# Example of overriding settings on a per-user basis
|
324
|
+
|
325
|
+
#Match User anoncvs
|
326
|
+
|
327
|
+
# X11Forwarding no
|
328
|
+
|
329
|
+
# AllowTcpForwarding no
|
330
|
+
|
331
|
+
# PermitTTY no
|
332
|
+
|
333
|
+
# ForceCommand cvs server
|
334
|
+
|
335
|
+
|
336
|
+
|
337
|
+
```
|