zoukankan      html  css  js  c++  java
  • linux 系统的ssh服务

    ssh服务由服务端软件Openssh和客户端(常见的有ssh,SecureCRT,putty,xshell)组成,ssh服务默认使用22端口提供服务,它有两个不兼容的ssh协议版本,分别是1.x和2.x

    下面我们看下服务端上的ssh相关软件

    [root@greymouster ~]# rpm -qa openssh
    openssh-5.3p1-104.el6.i686
    [root@greymouster ~]# rpm -qa |grep openssh
    openssh-askpass-5.3p1-104.el6.i686
    openssh-clients-5.3p1-104.el6.i686
    openssh-server-5.3p1-104.el6.i686
    openssh-5.3p1-104.el6.i686
    [root@greymouster ~]# rpm -qa openssh openssl
    openssl-1.0.1e-30.el6.i686
    openssh-5.3p1-104.el6.i686
    [root@greymouster ~]# ps -ef |grep ssh
    root      1483     1  0 12:48 ?        00:00:00 /usr/sbin/sshd
    root      6234  1483  0 20:42 ?        00:00:00 sshd: root@pts/0 
    root      6461  6237  0 21:50 pts/0    00:00:00 grep ssh

    ssh客户端包含ssh程序以及scp(远程拷贝)、slogin(远程登录)、sftp(安全FTP文件传输)等应用程序

    Openssh是ssh服务端的软件之一,可同时支持ssh1和ssh2协议,可以在配置文件中使用protocol指令指定只支持其中一种或两种都支持,默认情况下centos5.x系统默认配置的是仅支持ssh2协议

    [root@greymouster ~]# less /etc/ssh/sshd_config
    # Disable legacy (protocol version 1) support in the server for new
    # installations. In future the default will change to require explicit
    # activation of protocol 1
    Protocol 2

     查看ssh的端口

    [root@greymouster ~]# netstat -lntup|grep ssh
    tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1526/sshd           
    tcp        0      0 :::22                       :::*                        LISTEN      1526/sshd 
    

    linux客户端通过ssh连接

    [root@greymouster ~]# ssh -p22 root@192.168.1.199
    [root@greymouster ~]# ssh -p22 root@192.168.1.199  /user/bin/free 命令(全路径)  到其他机器上执行命令(不会切换到机器上)
    The authenticity of host '[192.168.1.199]:60222 ([192.168.1.199]:22)' can't be established.
    RSA key fingerprint is d2:ad:69:ef:5e:55:43:c2:2d:c7:cc:fd:79:cd:af:c2.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '[192.168.1.199]:22' (RSA) to the list of known hosts.
    reverse mapping checking getaddrinfo for 69.169.37.106.static.bjtelecom.net [192.168.1.199] failed - POSSIBLE BREAK-IN ATTEMPT!
    root@192.168.1.199's password: 
    Last login: Tue Jan  3 21:48:32 2017 from 1.180.212.133
    

    当第一次连接的时候,本地会产生一个密钥文件 ~/.ssh/known_hosts

    ssh客户端附带的远程拷贝scp命令

    scp的基本语法使用:scp -secure copy

    推:PUSH

    scp -P22 -r -p /temp/data  root@192.168.1.199:/tmp

    拉:PULL

    scp -P22 -rp root@192.168.1.169:/tmp/data /opt/

    [root@greymouster tmp]# cat /tmp/a.text
     1111
     1111
     1111
    [root@greymouster tmp]# scp -P22 /tmp/a.text root@192.168.1.199:/opt
    把当前机器的 /tmp/a.text 文件拷贝到192.168.1.199 /opt 目录下
    The authenticity of host '192.168.1.199 (192.168.1.199)' can't be established. RSA key fingerprint is 32:0a:c0:7e:2a:a3:e2:dd:56:81:ca:d1:65:ba:a0:0b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.199' (RSA) to the list of known hosts. root@192.168.1.199's password: a.text 100% 15 0.0KB/s 00:00 [root@greymouster tmp]#
    [root@greymouster tmp]# scp -P22 root@192.168.1.199:/opt/b.text /tmp/
    把192.168.1.199上的/opt/b.text文件拷贝到本机器的 /tmp/目录下
    root@192.168.1.199's password: b.text 100% 4 0.0KB/s 00:00 [root@greymouster tmp]# ls /tmp

     scp 为远程拷贝文件或目录的命令

       -P(大写) 端口

       -r  表示拷贝目录

       -p  表示在拷贝前后保持文件或目录属性 

       注:scp是全量拷贝,效率不高       rsync 是增量拷贝

    linux sftp客户端连接sftp服务器

    [root@greymouster tmp]# sftp -oPort=22 root@192.168.1.199
    Connecting to 192.168.1.199...
    root@192.168.1.199's password: 
    sftp> ls -l
    -rw-------    1 root     root         1399 Dec  6 05:35 anaconda-ks.cfg
    -rw-r--r--    1 root     root        44227 Dec  6 05:35 install.log
    -rw-r--r--    1 root     root        10033 Dec  6 05:33 install.log.syslog
    sftp> put /tmp/a.text   将/tmp/a.text上传到192.168.1.199 的家目录
    Uploading /tmp/a.text to /root/a.text /tmp/a.text 100% 15 0.0KB/s 00:00 sftp> ls -l -rw-r--r-- 1 root root 15 Jan 11 01:04 a.text -rw------- 1 root root 1399 Dec 6 05:35 anaconda-ks.cfg -rw-r--r-- 1 root root 44227 Dec 6 05:35 install.log -rw-r--r-- 1 root root 10033 Dec 6 05:33 install.log.syslog sftp> get install.log 将192.168.1.199 的家目录install.log 下载到本机
    sftp> put /tmp/a.text /ceshi/ 上传到指定目录下
    sftp> get a.sh /home 下载到指定目录下

    windows客户端连接sftp的方法  

    点击SecureCRT 文件-->连接sftp标签

    sftp> put "C:a.txt" 
    正在把 a.txt 上传到 /root/a.txt
      100% 3 字节      3 字节/s 00:00:00     
    sftp>

      sftp> get /root/a.txt
      正在从 /root/a.txt 下载 a.txt
      100% 3 字节 3 字节/s 00:00:00
      sftp>

    过滤注释查看配置文件

    [root@greymouster home]# egrep -v "^#|^$" /etc/ssh/sshd_config
    

      

      

    更改ssh配置

    [root@greymouster ~]# vi /etc/ssh/sshd_config
    
    # sshd_config(5) for more information.
    
    
    # The strategy used for options in the default sshd_c
    onfig shipped with
    # OpenSSH is to specify options with their default va
    lue where
    # possible, but leave them commented.  Uncommented op
    tions change a
    # default value.
    
    #Port 22  #ssh连接默认端口22
    #PermitRootLogin no # root用户是否禁止远程登录
    #PermitEmptyPasswords no #禁止空密码登录
    #UseDNS no    #不使用DNS
    #GSSAPIAuthentication no #让ssh连接更快
    

    修改配置文件后要重启ssh服务

    [root@greymouster ~]# /etc/init.d/sshd restart
    停止 sshd:                                                [确定]
    正在启动 sshd:                                            [确定]
    

    扫描的软件安装  

    [root@greymouster ~]# yum install nmap -y 
    
    [root@greymouster ~]# nmap 192.168.1.199 -p1-65535
    
    Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-11 00:08 CST
    Nmap scan report for 192.168.1.199
    Host is up (0.000011s latency).
    Not shown: 65531 closed ports
    PORT STATE SERVICE
    22/tcp open ssh
    111/tcp open rpcbind
    3306/tcp open mysql
    54573/tcp open unknown
    
    Nmap done: 1 IP address (1 host up) scanned in 1.66 seconds
    

    禁止某个ip

    [root@greymouster ~]# iptables -A INPUT ! -s 10.0.0.8 -j DROP 

  • 相关阅读:
    LayoutInflater介绍及例子
    Java对象转换为Json对象
    重写Object.equals()方法和Object.hashCode()方法
    初步理解一下:SOA, SOAP, Web Service, WSDL等
    JSP九大内置对象及四个作用域
    Visual Studio的导入和导出设置
    winform三态树的构建和使用
    关于android编程使用android.hardware.Camera 方向不对的问题
    xampp软件包如何重置mysql的 密码
    有关.NET中的config文件的一些问题
  • 原文地址:https://www.cnblogs.com/chenchenphp/p/6262035.html
Copyright © 2011-2022 走看看