本文共 2554 字,大约阅读时间需要 8 分钟。
SSH(安全外壳协议),为Secure Shell的缩写,SSH为建立在应用层和传输层基础上的安全协议。
默认端口:22
Linux中守护进程: sshd
安装服务:OpenSSH
服务端主程序:/usr/sbin/sshd
客户端主程序:/usr/bin/ssh
服务端配置文件:/etc/ssh/sshd_config
客户端配置文件:/etc/ssh/ssh_config
Port 22 # 监听端口ListenAssress 0.0.0.0 # 监听IP,0.0.0.0允许所有IPProtocol 2 # SSH版本HostKey /etc/ssh/ssh_host_rsa_key # 私钥保存位置ServerKeyBits 1024 # 私钥的位数SyslogFacility AUTH # 日志记录SSH登录情况LogLevel INFO # 日志等级GSSAAPIAuthentication yes # GSSAPI认证开启# 安全设定部分PermitRootLogin yes # 允许root通过ssh登录PubkeyAuthentication yes # 是否使用公钥验证AuthorizedKeysFile .ssh/authorized_keys # 公钥保存位置PasswordAuthentication yes # 允许使用密码验证登录PermitEmptyPasswords no # 不允许空密码登录
ssh 用户名@IP
# 下载scp root@192.168.2.11:root/test.txt /tmp# 上传scp -r /root/123.txt/ root@192.168.2.11:/root
[root@localhost ~]# sftp root@192.168.4.2Connecting to 111.204.156.11:9033...Connection established.To escape to local shell, press 'Ctrl+Alt+]'.Your current local directory isC:\Users\Jerry\Documents\NetSarang Computer\6\Xshell\SessionsType `help' to browse available commnands.sftp:/root>
进入ftp命令行之后,可以使用一下命令:
client端:- ssh-keygen -t rsaserver端:- 把公钥拷贝到服务器端(scp,sftp或ssh软件均可)- cat is_rsa.pub >> /root/.ssh/authorized_keys- chmod 600 /root/.ssh/authorized_keys
RSAAuthentication yes # 开启RSA验证PubkeyAuthentication yes # 使用公钥验证AuthorizedKeysFile .ssh/authorized_keys # 公钥保存位置PasswordAuthentication no # 禁止使用密码验证登录
[root@localhost .ssh]# vim /etc/selinux/config # This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=disabled # 停用SELinux服务# SELINUXTYPE= can take one of three values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection.SELINUXTYPE=targeted
注意:编辑完成后,需要重启系统。
systemctl restart sshd
转载地址:http://dwsoi.baihongyu.com/