sshd使用

Posted xiaofeng666

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sshd使用相关的知识,希望对你有一定的参考价值。

sshd服务

1.sshd介绍
     sshd为secure shell的简称;可以通过网络在主机中开机shell的服务

 连接方式(在客户端):ssh [email protected]  #文本模式
                    ssh -X [email protected]  #可以在链接成功后开启图形界面

 注意:
    第一次链接陌生主机是要建立认证文件,然后会询问是否建立,需要输入yes
    再次链接此台主机时,因为已经生成~/.ssh/know_hosts文件所以不需要再次输入yes

 远程复制:  格式 scp file [email protected]:dir(文件的上传)

                scp [email protected]:/dir file(文件的下载)

  •  示例:把177主机下/mnt/file1文件上传到 172.25.254.97主机的/root/Desktop/目录下:   

   [[email protected] mnt]# ls niu/
   file1  file2  file3  file4  file5
   [[email protected] mnt]# scp niu/file1 [email protected]:/root/Desktop/
   file1                                         100%    0     0.0KB/s   00:00 

   此时可以在97主机下的桌面上看到file1: 

   [[email protected] ~]# cd /root/Desktop/
   [[email protected] Desktop]# ls
   file1
  •    示例:把97主机桌面下的file文件下载到177主机的/mnt/目录下: 
   [[email protected] ~]# scp [email protected]:/root/Desktop/file /mnt/
    file                                          100%    0     0.0KB/s   00:00

   此时可以在177主机上/mnt/目录下可以看到file文件

   [[email protected] ~]# ls /mnt/
   file  niu  [email protected]

2.sshd 的key认证

【1】生成认证KEY

  生成密钥的命令:ssh-keygen

[[email protected] ~]# rm -rf .ssh/
[[email protected] ~]# ls -a
.                .bash_logout   .config    Downloads      Music     Templates
..               .bash_profile  .cshrc     .esd_auth      Pictures  Videos
anaconda-ks.cfg  .bashrc        Desktop    .ICEauthority  Public    .viminfo
.bash_history    .cache         Documents  .local         .tcshrc
[[email protected] ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
8c:23:ee:39:11:6b:e6:af:a3:76:b1:00:a5:6e:d1:d3 [email protected]
The key‘s randomart image is:
+--[ RSA 2048]----+
|                 |
|  .              |
| o. .            |
|o. o.E o         |
|... ooo S        |
| o..*. .         |
|.  =.+           |
|  ..*.           |
| ..o+=.          |
+-----------------+

 

【2】加密服务 

使用命令:ssh-copy-id -i /root/.ssh/id_rsa.pub  [email protected]

[[email protected] ~]# cd .ssh/
[[email protected] .ssh]# ls
id_rsa  id_rsa.pub
[[email protected] .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
The authenticity of host ‘172.25.254.97 (172.25.254.97)‘ can‘t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]‘s password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh ‘[email protected]‘"
and check to make sure that only the key(s) you wanted were added.
[[email protected] .ssh]# ls 
authorized_keys  id_rsa  id_rsa.pub  known_hosts

(此时authorized_keys文件,生成代表97主机加密成功;id-rsa为钥匙,id_rsa.pub为锁) 

【3】分发钥匙

使用命令: scp /root/.ssh/id_rsa [email protected]:/root/.ssh/

[[email protected] .ssh]# ls 
authorized_keys  id_rsa  id_rsa.pub  known_hosts
[[email protected] .ssh]# scp id_rsa [email protected]:/root/.ssh/
The authenticity of host ‘172.25.254.177 (172.25.254.177)‘ can‘t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘172.25.254.177‘ (ECDSA) to the list of known hosts.
[email protected]‘s password: 
id_rsa                                        100% 1679     1.6KB/s   00:00 

**在177主机下进行验证:

[[email protected] ~]# ls .ssh/
id_rsa  known_hosts

【4】测试
在客户主机中(172.25.254.177)输入命令:ssh [email protected]

[[email protected] ~]# ssh [email protected]
Last login: Wed Jul 25 23:10:43 2018
此时不需要进行root用户的登陆,直接连接成功   

3.sshd的安全设定 
      PasswordAuthentication yes|no ##是否允许用户通过登陆系统的密码做sshd的认证,(在78行也可登录其他用户密码)
      PermitRootLogin yes|no ##是否允许root用户通过sshd服务的认证(48行)
      Allowusers student westos ##设定用户白名单,白名单出现默认不再名单中的用户不能使用sshd 
      Denyusers westos ##设定用户黑名单,黑名单出现默认不再名单中的用户可以使用sshd 

      注意:在服务端修改文件的配置:vim /etc/ssh/sshd_config 
           配置完成之后要重启服务:systemctl restart sshd.service 

此文为装载

以上是关于sshd使用的主要内容,如果未能解决你的问题,请参考以下文章

Linux基础服务sshd简介

Linux——配置sshd服务

Linux基础服务sshd常见优化选项

Android上sshd的使用

Kali2022.01 配置sshd 服务并使用xshell 连接

Kali2022.01 配置sshd 服务并使用xshell 连接