SSH
ssh 服务是实现管路服务器的一种方式: 本地管理(安装系统,故障修复),ssh 远程连接
linux 可以是实现远程连接的方式:ssh 命令
windows 可以实现远程连接方式: xshell 、 xmanager 、putty、moba
ssh 的认证方式: 基于用户名、密码、密钥
基于密钥的配置:
在客户端生成密钥对
把公钥发送给服务器
linux 提供ssh 服务/ssh 客户端的软件:
[root@localhost ~]# rpm -qa | grep ssh
openssh-7.4p1-11.el7.x86_64
openssh-clients-7.4p1-11.el7.x86_64
openssh-server-7.4p1-11.el7.x86_64
[root@localhost ~]# ss -antp | grep sshd
LISTEN 0 128 *:22 *:* users:(("sshd",pid=1113,fd=3))
LISTEN 0 128 127.0.0.1:6010 *:* users:(("sshd",pid=2084,fd=9))
ESTAB 0 0 192.168.40.100:22 192.168.40.149:62515 users:(("sshd",pid=2415,fd=3))
ESTAB 0 0 192.168.40.100:22 192.168.40.149:62511 users:(("sshd",pid=2084,fd=3))
LISTEN 0 128 :::22 :::* users:(("sshd",pid=1113,fd=4))
LISTEN 0 128 ::1:6010 :::* users:(("sshd",pid=2084,fd=8))
远程连接主机
ssh + ip地址(如果做了域名解析,可直接ssh 主机名)
[root@localhost ~]# ssh 192.168.40.100
ssh + 地址 + 执行的操作
[root@localhost ~]# ssh 192.168.40.100 'hostname'
root@192.168.40.100's password:
server-1
ssh 配置文件
配置文件:/etc/ssh/sshd_config
1) 关闭SSH对主机名的解析
GSSAPIAuthentication no
UseDNS no
[root@node1 ~]# systemctl restart sshd
2) 禁用root用户远程连接
PermitRootLogin no --(root用户不能远程登录,如果想让root用户可以远程登录设置为yes)
3) 修改默认的SSH端口
Port 22345
ListenAddress 192.168.122.121
关于密钥的设置
在服务器上生成密钥
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JHnfdLBZthSBhlrujBKsQj+xZFlAktroj39l/PcdXhE root@server-1
The key's randomart image is:
+---[RSA 2048]----+
| .oo. ...*o |
| .. .. o oB . |
| + +o o+ .+ oE |
|o o = o+...o . .|
|.. + +..S+. . . |
| .. = .+. o .|
| o. .o.. ..|
| . . . . . o o|
| ... . .. o |
+----[SHA256]-----+
[root@localhost ~]# ls .ssh/
id_rsa id_rsa.pub known_hosts
id_rsa 私钥
id_rsa.pub 公钥
如果将本地生成的公钥拷贝到目的主机上下次登录不用输入密码
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.40.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.40.100's password: