OpenSSH

         SSH协议用于远程管理,协议端口号:22(可更改)

         OpenSSH

         服务名称:sshd

         服务端主程序:/usr/sbin/sshd

         客户端主程序:/usr/bin/ssh

         服务端配置文件:/etc/ssh/sshd_config

         客户端配置文件:/etc/ssh/ssh_config

[root@bogon ssh]# egrep -v"^#|^$" sshd_config

Port 22                                                                      //监听端口号

Protocol 2                                                                 //使用SSH V2协议

SyslogFacility AUTHPRIV                                     

PermitRootLogin no                                               //禁止root用户登录

PasswordAuthentication yes                              //启用密码验证

PermitEmptyPasswords no                                 //禁止空密码用户登录

UseDNS no                                                               //禁用DNS反向解析

LoginGraceTime 2m                                              //登陆验证时间为2分钟

MaxAuthTries 6                                                      //最大重试验证次数为6

….省略部分

SSH登陆验证分为密码验证和密钥对验证对密码验证就不在多做解释,其中密钥验证要求提供密钥信息才能通过验证,首先在客户机中创建密钥文件(公钥、私钥),然后将公钥文件放到服务器中的指定位置远程登录时使用密钥文件核对。

命令程序

sshscpsftp

SSH默认端口登录时

[root@bogon ~]# ssh maik@192.168.1.5

当修改了默认端口登录时

[root@bogon ~]# ssh  - p 23 maik@192.168.1.5

SCP:远程复制如下

[root@bogon ~]# scpmaik@192.168.1.5:/etc/passwd ./

reverse mapping checking getaddrinfo forbogon failed - POSSIBLE BREAK-IN ATTEMPT!

maik@192.168.1.5's password:

passwd

如果想复制目录在scp后面加上”-r”就好了

Sftp安全的ftp

[root@bogon ~]# sftp maik@192.168.1.5

进去后命令如同在ftp中一样。

密钥验证

由客户端创建密钥----然后上传公钥id_rsa.pub-----SSH服务器导入公钥信息~/.ssh/authorized_keys-----使用密钥登陆

1.在客户机中通过ssh-keygen工具创建密钥,可用RSADSA两种算法。-t用于指定算法如下

 

[root@bogon~]# ssh-keygen -t rsa                                                 //使用RSA算法加密

Generatingpublic/private rsa key pair.

Enterfile in which to save the key (/root/.ssh/id_rsa):           //指定密钥文件位置

Enterpassphrase (empty for no passphrase):                                   //设置私钥密码

Entersame passphrase again:                                                               //确认密码

Youridentification has been saved in /root/.ssh/id_rsa.

Yourpublic key has been saved in /root/.ssh/id_rsa.pub.

The keyfingerprint is:

7a:3e:1b:6c:87:4b:64:ba:c1:7e:bf:86:fe:ae:61:6eroot@bogon

[root@bogon~]# ll /root/.ssh/id_rsa*

-rw-------1 root root 1675 09-17 20:36 /root/.ssh/id_rsa                           //私钥文件

-rw-r--r--1 root root  392 09-17 20:36/root/.ssh/id_rsa.pub                //公钥文件

2.上传到SSH服务器(也就是要登陆的服务器)

[root@bogon~]# scp /root/.ssh/id_rsa.pub root@192.168.1.5:/tmp

Address192.168.1.5 maps to bogon, but this does not map back to the address - POSSIBLEBREAK-IN ATTEMPT!

root@192.168.1.5'spassword:

id_rsa.pub                  100%  392    0.4KB/s   00:00 

3.SSH服务器导入公钥

[root@localhost~]# mkdir -p /home/root/.ssh/

[root@localhost~]# cat /tmp/

.font-unix/             id_rsa.pub              vmware-root/

.ICE-unix/              mysql.sock              vmware-root-2117875122/

id_rsa                  VMwareDnD/             

[root@localhost~]# mkdir -p /home/root/.ssh/

[root@localhost~]# cat /tmp/id_rsa.pub >> /home/root/.ssh/authorized_keys

[root@localhost~]# ls -ld /home/root/.ssh/authorized_keys

-rw-r--r--1 root root 392 Sep 17 05:47 /home/root/.ssh/authorized_keys

这里要注意一定要把authorized_keys的权限改为750并且属主为你想登陆的用户,不然会验证失败。