sshd_config 文件配置

sshd_config 文件配置
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key

有人能解释一下如果我们评论上述所有主机键会发生什么吗?

答案1

因此在测试系统上,我HostKey从中删除了所有行sshd_config。然后终止当前 sshd 进程并使用 以调试模式手动启动它sshd -d

我的发行版上的 sshd 守护进程似乎足够智能,/etc/ssh/如果密钥具有标准文件名,它会尝试读取密钥。即使您没有使用指令引用它们HostKey

但如果你删除这些行删除所有现有的主机密钥,那么您将无法连接远程客户端。

HostKeys 配置已移除,密钥已从中删除/etc/ssh

debug1: sshd version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': No such file or directory
Could not load host key: /etc/ssh/ssh_host_rsa_key
debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': No such file or directory
Could not load host key: /etc/ssh/ssh_host_dsa_key
debug1: could not open key file '/etc/ssh/ssh_host_ecdsa_key': No such file or directory
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-d'
Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: inetd sockets after dupping: 3, 3
# incoming client connection
Connection from 127.0.0.1 port 44636
debug1: Client protocol version 2.0; client software version OpenSSH_6.0p1 Debian-4+deb7u2
debug1: match: OpenSSH_6.0p1 Debian-4+deb7u2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
debug1: permanently_set_uid: 101/65534 [preauth]
debug1: list_hostkey_types:  [preauth]
No supported key exchange algorithms [preauth]
debug1: do_cleanup [preauth]
debug1: do_cleanup
debug1: Killing privsep child 45384

那么,解释一下发生了什么。OpenSSH 似乎对 Hostkeys 有一些硬编码的默认值。如果您不提供任何 Hostkeys 配置,它将在标准位置查找文件。如果找不到任何文件,它仍将启动,但无法建立任何传入连接。

相关内容