- 论坛徽章:
- 0
|
1. 设置sshd用户和/var/empty目录 \r\n# mkdir /var/empty \r\n# chown root:sys /var/empty \r\n# chmod 755 /var/empty \r\n# groupadd sshd \r\n# useradd -g sshd -c \'sshd privsep\' -d /var/empty -s /bin/false sshd \r\n/var/empty目录应该为空 \r\n\r\n2. 需要以下软件(包括可选) \r\nopenssh-3.4p1-sol8-intel-local.gz \r\nopenssl-0.9.6d-sol8-intel-local.gz \r\ntcp_wrappers-7.6-sol8-intel-local.gz (optional, but recommended) \r\n(unless you are using IPV6 - see the tcp_wrappers listing for details on this issue) \r\nzlib-1.1.4-sol8-intel-local.gz \r\nperl-5.6.1-sol8-intel-local.gz (optional) \r\nprngd-0.9.25-sol8-intel-local.gz (optional) \r\negd-0.8-sol8-intel-local.gz (optional) \r\n\r\n3. 安装(假设已经安装配置完成tcp_wrapper7.6) \r\n# gunzip openssl-0.9.6d-sol8-intel-local.gz \r\n# gunzip zlib-1.1.4-sol8-intel-local.gz \r\n# pkgadd -d openssl-0.9.6d-sol8-intel-local \r\n# pkgadd -d zlib-1.1.4-sol8-intel-local \r\n\r\n4. # vi /etc/profile addition following line:\r\n \r\nLD_LIBRARY_PATH=:/usr/local/lib:/usr/local/ssl/lib:/usr/openwin/lib\r\nPATH=$PATH:/usr/local/bin:/usr/local/sbin\r\nexport PATH LD_LIBRARY_PATH\r\n\r\n#. /etc/profile\r\n上面这步很重要,不能少 \r\n\r\n5.下载 openssh-3.9p1.tar.gz(或者该软件包的最新版本)\r\n#gzip -d openssh-3.9p1.tar.gz\r\n #tar xvf openssh-3.9p1.tar\r\n#cd openssh-3.9p1\r\n#./configure --prefix=/usr/local/ssh --with-ssl-dir=/usr/local/ssl --with-ipv4-default\r\n# make \r\n# make install\r\n如果提示无make命令,则下载 gcc-3.3.2-sol8-sparc-local.gz 后,安装该包。\r\n该包是调试程序的工具。 \r\n\r\n6. 设置tcp_wrappers \r\n# vi /etc/hosts.deny \r\n 加入 sshd:all \r\n# vi /etc/hosts.allow \r\n 加入 \r\nsshd:允许访问的IP清单:banners /opt/tcp_wrappers_7.6/allow-messages \r\n\r\n7. 安装ssh和sshd(如果是源吗安装这些可以省略,因为编译安装完成会有提示): \r\n 确保/usr/local/bin和/opt/ssh在你的环境变量中 \r\n# ssh-keygen -t rsa1 -f /opt/ssh/etc/ssh_host_key -N \"\" \r\n# ssh-keygen -t dsa -f /opt/ssh/etc/ssh_host_dsa_key -N \"\" \r\n# ssh-keygen -t rsa -f /opt/ssh/etc/ssh_host_rsa_key -N \"\" \r\n\r\n8. 编写启动脚本: \r\n#vi /etc/rc2.d/S98sshd\r\n-----------------------------------------------------------------------------------\r\n#!/bin/sh\r\n\r\npid=`/usr/bin/ps -e | /usr/bin/grep sshd | /usr/bin/sed -e \'s/^ *//\' -e \'s/ .*//\'`\r\ncase $1 in\r\n\'start\')\r\n /usr/local/sbin/sshd\r\n ;;\r\n\'stop\')\r\n if [ \"${pid}\" != \"\" ]\r\n then\r\n /usr/bin/kill ${pid}\r\n fi\r\n ;;\r\n*)\r\n echo \"usage: /etc/init.d/sshd {start|stop}\"\r\n ;;\r\nesac\r\n--------------------------------------------------------------------------\r\n\r\n#chown root:sys /etc/rc2.d/S98sshd\r\n#chmod 755 /etc/rc2.d/S98sshd\r\n#/etc/rc2.d/S98sshd start\r\n\r\n9. 启动、检查、关闭 \r\n # /etc/rc2.d/S98sshd start \r\n # ps -ef | grep sshd \r\n # /etc/rc2.d/S98sshd stop \r\n\r\n 用ssh命令和sftp命令 |
|