1、安装时选择上SSH,或者源码安装SSH
2、使用root登陆系统
3、使用ee编辑器编辑/etc/inetd.conf,去掉ssh前的#,按ctrl+c,再输入exit保存退出
4、编辑/etc/rc.conf,添加一行sshd_enable="YES"
5、编辑/etc/ssh/sshd_config,将
#PermitRootLogin no改为PermitRootLogin yes //允许root登陆
#PasswordAuthentication no改为PasswordAuthentication yes//使用系统PAM认证
#PermitEmptyPasswords no改为PermitEmptyPasswords no//不允许空密码
保存退出
6、启动SSHD服务,/etc/rc.d/sshd start
7、查看服务是否启动,netstat -an,如果看到22端口有监听,恭喜!!!
8、准备好你的账号和ssh客户端登录吧!
下面是相应的配置文件:
inetd.conf
..............................................................
# $FreeBSD: release/9.0.0/etc/inetd.conf 206039 2010-04-01 13:13:09Z des $
#
# Internet server configuration database
#
# Define *both* IPv4 and IPv6 entries for dual-stack support.
# To disable a service, comment it out by prefixing the line with '#'.
# To enable a service, remove the '#' at the beginning of the line.
#
#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
#ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
#shell stream tcp nowait root /usr/libexec/rshd rshd
#shell stream tcp6 nowait root /usr/libexec/rshd rshd
#login stream tcp nowait root /usr/libexec/rlogind rlogind
#login stream tcp6 nowait root /usr/libexec/rlogind rlogind
#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
#
# run comsat as root to be able to print partial mailbox contents w/ biff,
# or use the safer tty:tty to just print that new mail has been received.
#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat
#
# ntalk is required for the 'talk' utility to work correctly
#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
#bootps dgram udp wait root /usr/libexec/bootpd bootpd
#
# "Small servers" -- used to be standard on, but we're more conservative
# about things due to Internet security concerns. Only turn on what you
# need.
#
#daytime stream tcp nowait root internal
#daytime stream tcp6 nowait root internal
#daytime dgram udp wait root internal
#daytime dgram udp6 wait root internal
#time stream tcp nowait root internal
#time stream tcp6 nowait root internal
#time dgram udp wait root internal
#time dgram udp6 wait root internal
#echo stream tcp nowait root internal
#echo stream tcp6 nowait root internal
#echo dgram udp wait root internal
#echo dgram udp6 wait root internal
#discard stream tcp nowait root internal
#discard stream tcp6 nowait root internal
#discard dgram udp wait root internal
#discard dgram udp6 wait root internal
#chargen stream tcp nowait root internal
#chargen stream tcp6 nowait root internal
#chargen dgram udp wait root internal
#chargen dgram udp6 wait root internal
#
# CVS servers - for master CVS repositories only! You must set the
# --allow-root path correctly or you open a trivial to exploit but
# deadly security hole.
#
#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver
#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here kserver
#
# RPC based services (you MUST have rpcbind running to use these)
#
#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd
#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd
#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld
#pcnfsd/1-2 dgram rpc/udp wait root /usr/local/libexec/rpc.pcnfsd rpc.pcnfsd
#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd
#
# example entry for the optional pop3 server
#
#pop3 stream tcp nowait root /usr/local/libexec/popper popper
#
# example entry for the optional imap4 server
#
#imap4 stream tcp nowait root /usr/local/libexec/imapd imapd
#
# example entry for the optional nntp server
#
#nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd
#
# example entry for the optional uucpd server
#
#uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd
#
# Return error for all "ident" requests
#
#auth stream tcp nowait root internal
#auth stream tcp6 nowait root internal
#
# Provide internally a real "ident" service which provides ~/.fakeid support,
# provides ~/.noident support, reports UNKNOWN as the operating system type
# and times out after 30 seconds.
#
#auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30
#auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30
#
# Example entry for an external ident server
#
#auth stream tcp wait root /usr/local/sbin/identd identd -w -t120
#
# Example entry for the optional qmail MTA
# NOTE: This is no longer the correct way to handle incoming SMTP
# connections for qmail. Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
# instead.
#
#smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd
#
# Enable the following two entries to enable samba startup from inetd
# (from the Samba documentation). Enable the third entry to enable the swat
# samba configuration tool.
#
#netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd
#netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd
#swat stream tcp nowait/400 root /usr/local/sbin/swat swat
sshd_config
.............................................................
$OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
# $FreeBSD: release/9.0.0/crypto/openssh/sshd_config 224638 2011-08-03 19:14:22Z brooks $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
#VersionAddendum FreeBSD-20110503
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
#Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# Change to yes to enable built-in password authentication.
PasswordAuthentication yes
PermitEmptyPasswords no
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Disable HPN tuning improvements.
#HPNDisabled no
# Buffer size for HPN to non-HPN connections.
#HPNBufferSize 2048
# TCP receive socket buffer polling for HPN. Disable on non autotuning kernels.
#TcpRcvBufPoll yes
# Allow the use of the NONE cipher.
#NoneEnabled no
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
rc.conf
.............................................................
hostname="freebsd"
ifconfig_em0="DHCP"
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
