以下是基本信息:
$ which ssh
/opt/local/bin/ssh
之所以如此,是因为我使用的是 MacPorts,而且它确实安装在那里。我做了sudo port load openssh
执行 netstat -an | 时 重新启动时 grep LISTEN。我有这个:
tcp4 0 0 *.2222 *.* LISTEN
tcp6 0 0 *.2222 *.* LISTEN
tcp46 0 0 *.5900 *.* LISTEN
tcp4 0 0 *.88 *.* LISTEN
tcp6 0 0 *.88 *.* LISTEN
tcp4 0 0 *.631 *.* LISTEN
tcp6 0 0 *.631 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp4 0 0 *.139 *.* LISTEN
tcp4 0 0 *.445 *.* LISTEN
tcp4 0 0 *.548 *.* LISTEN
tcp6 0 0 *.548 *.* LISTEN
tcp4 0 0 127.0.0.1.631 *.* LISTEN
tcp6 0 0 ::1.631 *.* LISTEN
那么这里是nmap的结果:
-pierre@evian.local ~ nmap -p 22 localhost 0 --15:23--
Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 0.19 seconds
-pierre@evian.local ~ nmap -p 2222 localhost 0 --15:24--
Starting Nmap 5.50 ( http://nmap.org ) at 2011-02-10 15:25 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000072s latency).
PORT STATE SERVICE
2222/tcp open EtherNet/IP-1
Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds
现在当我尝试在本地主机上 ssh 时会发生什么
-pierre@evian.local ~ ssh localhost 0 --15:30--
Connection closed by 127.0.0.1
指定 2222 端口时。
-pierre@evian.local ~ ssh localhost -p 2222 255 --15:31--
Last login: Thu Feb 10 15:18:00 2011 from localhost
成功!原因:我在 /opt/local/etc/ 位置的 sshd_config 文件中找到了它。端口 2222 这里的文件:
-pierre@evian.local ~ cat /opt/local/etc/ssh/sshd_config | less 0 --15:29--
# $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
Port 2222
所以我决定将该文件中的端口更改为 22
使用卸载/加载重新启动服务,如下所示:
-pierre@evian.local /opt/local/etc/ssh ssh localhost -p 2222 0 --15:35--
Last login: Thu Feb 10 15:32:15 2011 from localhost
-pierre@evian.local ~ sudo port unload openssh 0 --15:35--
-pierre@evian.local ~ sudo port load openssh 0 --15:36--
-pierre@evian.local ~ ssh localhost -p 2222 0 --15:36--
ssh: connect to host localhost port 2222: Connection refused
好吧,我很幸运,我尝试 ssh localhost
-pierre@evian.local ~ ssh localhost 255 --15:36--
Connection closed by 127.0.0.1
我想没有运气这样的事情。这是命令的 -vv:
-pierre@evian.local ~ ssh -vv localhost 255 --15:37--
OpenSSH_5.6p1, OpenSSL 1.0.0c 2 Dec 2010
debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_rsa type 1
debug1: identity file /Users/pierre/.ssh/id_rsa-cert type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /Users/pierre/.ssh/id_dsa type 2
debug1: identity file /Users/pierre/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_5.2
debug1: match: OpenSSH_5.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 127/256
debug2: bits set: 520/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /Users/pierre/.ssh/known_hosts:1
debug2: bits set: 534/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /Users/pierre/.ssh/id_rsa (0x10030e540)
debug2: key: /Users/pierre/.ssh/id_dsa (0x10031dcf0)
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /Users/pierre/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
Connection closed by 127.0.0.1
你怎么认为?
OS Xsshd已经自带。如果您在“共享”下的“系统偏好设置”中启用“远程登录”,它就会运行。
如果你想做的只是让它监听一个非默认端口,诀窍如下:
/System/Library/LaunchDaemons/ssh.plist在您喜欢的文本编辑器中打开。
找到SockServiceName钥匙。
将字符串值更改为类似ssh-alt,然后保存 plist 文件。
ssh-alt在/etc/services文件中添加一个条目。
进入“共享”首选项窗格并关闭并重新打开“远程登录”复选框。您会发现本机sshd现在正在侦听另一个端口。
你会认为你可以通过编辑来避免这一切/etc/sshd_config,但你错了。本机sshd只关注 plist 文件。