I installed PCBSD9 on my HP PC. To use ssh to access it, I removed # before ssh in /etc/inetd.conf.
and set sshd_enable="YES" in /etc/rc.conf
Now, in PCBSD console, I can use ssh to access itself by using its local network ip. But I could not use ssh to access it from other pcs.The message is always "Connection refused!". But I can ping it from other machines.
Here is my /etc/ssh/sshd_config:
|
Code:
|
# $OpenBSD: sshd_config,v 1.82 2010/09/06 17:10:19 naddy Exp $
# $FreeBSD$
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
# Note that some of FreeBSD's defaults differ from OpenBSD's, and
# FreeBSD has a few additional options.
#VersionAddendum FreeBSD-20110503
Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# The default requires explicit activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 1024
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Change to yes to enable built-in password authentication.
PasswordAuthentication yes
PermitEmptyPasswords no
# Change to no to disable PAM authentication
#ChallengeResponseAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'no' to disable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
#ChrootDirectory none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# Disable HPN tuning improvements.
#HPNDisabled no
# Buffer size for HPN to non-HPN connections.
#HPNBufferSize 2048
# TCP receive socket buffer polling for HPN. Disable on non autotuning kernels.
#TcpRcvBufPoll yes
# Allow the use of the NONE cipher.
#NoneEnabled no
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server |
I got PF firewall enabled, here is my /etc/pf.conf
|
Code:
|
set skip on lo0
set block-policy return
scrub in all
antispoof quick for lo0 inet
block in from no-route to any
# Block all other incoming
block in log
# Allow all outgoing traffic
pass out keep state
# Block blacklist
table <blacklist> persist file "/etc/blacklist"
block from <blacklist> to any
# Enable ICMP for IPv4 IPv6
pass proto icmp all
pass proto icmp6 all
# Nic Specific Rules
pass in quick on nfe0 proto {tcp,udp} from any to any port 49152:65535 keep state
pass in quick on nfe0 proto udp from any to (nfe0) port 137 keep state
pass in quick on nfe0 proto udp from any to (nfe0) port 138 keep state
pass in quick on nfe0 proto udp from any to (nfe0) port 111 keep state
pass in quick on nfe0 proto udp from any to (nfe0) port 1110 keep state
pass in quick on nfe0 proto udp from any to (nfe0) port 2049 keep state
pass in quick on nfe0 proto udp from any to (nfe0) port 4045 keep state
pass in quick on nfe0 proto udp from any to (nfe0) port 5353 keep state
pass in quick on nfe0 proto udp from any to 224.0.0.251/32 port 5353 keep state
pass in quick on nfe0 proto tcp from any to (nfe0) port 445 keep state
pass in quick on nfe0 proto tcp from any to (nfe0) port 137 keep state
pass in quick on nfe0 proto tcp from any to (nfe0) port 139 keep state
pass in quick on nfe0 proto tcp from any to (nfe0) port 111 keep state
pass in quick on nfe0 proto tcp from any to (nfe0) port 1110 keep state
pass in quick on nfe0 proto tcp from any to (nfe0) port 4045 keep state
pass in quick on nfe0 proto tcp from any to (nfe0) port 5353 keep state
pass in quick on urtw0 proto {tcp,udp} from any to any port 49152:65535 keep state
pass in quick on urtw0 proto udp from any to (urtw0) port 137 keep state
pass in quick on urtw0 proto udp from any to (urtw0) port 138 keep state
pass in quick on urtw0 proto udp from any to (urtw0) port 111 keep state
pass in quick on urtw0 proto udp from any to (urtw0) port 1110 keep state
pass in quick on urtw0 proto udp from any to (urtw0) port 2049 keep state
pass in quick on urtw0 proto udp from any to (urtw0) port 4045 keep state
pass in quick on urtw0 proto udp from any to (urtw0) port 5353 keep state
pass in quick on urtw0 proto udp from any to 224.0.0.251/32 port 5353 keep state
pass in quick on urtw0 proto tcp from any to (urtw0) port 445 keep state
pass in quick on urtw0 proto tcp from any to (urtw0) port 137 keep state
pass in quick on urtw0 proto tcp from any to (urtw0) port 139 keep state
pass in quick on urtw0 proto tcp from any to (urtw0) port 111 keep state
pass in quick on urtw0 proto tcp from any to (urtw0) port 1110 keep state
pass in quick on urtw0 proto tcp from any to (urtw0) port 4045 keep state
pass in quick on urtw0 proto tcp from any to (urtw0) port 5353 keep state
pass in quick on lagg0 proto {tcp,udp} from any to any port 49152:65535 keep state
pass in quick on lagg0 proto udp from any to (lagg0) port 137 keep state
pass in quick on lagg0 proto udp from any to (lagg0) port 138 keep state
pass in quick on lagg0 proto udp from any to (lagg0) port 111 keep state
pass in quick on lagg0 proto udp from any to (lagg0) port 1110 keep state
pass in quick on lagg0 proto udp from any to (lagg0) port 2049 keep state
pass in quick on lagg0 proto udp from any to (lagg0) port 4045 keep state
pass in quick on lagg0 proto udp from any to (lagg0) port 5353 keep state
pass in quick on lagg0 proto udp from any to 224.0.0.251/32 port 5353 keep state
pass in quick on lagg0 proto tcp from any to (lagg0) port 445 keep state
pass in quick on lagg0 proto tcp from any to (lagg0) port 137 keep state
pass in quick on lagg0 proto tcp from any to (lagg0) port 139 keep state
pass in quick on lagg0 proto tcp from any to (lagg0) port 111 keep state
pass in quick on lagg0 proto tcp from any to (lagg0) port 1110 keep state
pass in quick on lagg0 proto tcp from any to (lagg0) port 4045 keep state
pass in quick on lagg0 proto tcp from any to (lagg0) port 5353 keep state |
I do not have any experience with BSD. Do I need to set the firewall or somewhere in other config file? Thanks in advance
cannot use ssh to access PCBSD9
Linear Mode
