首页 > 代码库 > unit 9

unit 9

                                    第九单元


1.什么是openssh

           它是一个提供远程访问控制的软件


2.如何实现远程访问


ssh 远程主机用户@远程主机ip地址

   ssh root@172.25.254.1

-X        开启图形连接

如        ssh root@172.25.254.1 -X   

     cheese  1的显示屏就开启了 


The authenticity of host ‘172.25.254.1 (172.25.254.1)‘ can‘t be established.

ECDSA key fingerprint is 55:dd:43:ce:bf:94:dd:91:49:e7:97:29:63:3d:02:02.

Are you sure you want to continue connecting (yes/no)? yes ##建立安全传输key

root@172.25.254.1‘s password: ##密码输入没有回显

Last failed login: Sun Oct 11 16:56:29 CST 2015 from 172.25.254.206 on ssh:notty

There was 1 failed login attempt since the last successful login.

Last login: Sun Oct 11 16:55:46 2015 from 172.25.254.206

[root@foundation1 ~]# ###登陆成功

ctrl +d |logout ###退出

[root@foundation1 ~]# logout

Connection to 172.25.254.1 closed.


[root@localhost ~]# vim /etc/motd ###设定登陆显示字符



#######生成key###########


 ssh的key认证


[test@foundation0 ~]$ ssh-keygen 生成公钥和私钥的工具

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):『enter』 指定加密字符保存文件,直接回车

Created directory ‘/root/.ssh‘.

Enter passphrase (empty for no passphrase): ###输入密码,必须大于4位

Enter same passphrase again:                      ###再次输入密码

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is: ###确认密码

a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com

The key‘s randomart image is:

+--[ RSA 2048]----+

|      .*+        |

|      +. o .     |

|     .. . E .    |

|       o + + *   |

|        S + * +  |

|       . * . o   |

|        . .      |

|                 |

|                 |

+-----------------+


/root/.ssh          ##生成密钥存放位置

[test@foundation0 Desktop]$cd /root/.ssh/

[test@foundation0 .ssh]$ ls

  id_rsa        id_rsa.pub       ####id_rsa位私钥,id_rsa.pub位公钥

相当于钥匙        相当于锁



ifconfig eth0 看自己id



#####################使用key加密目标主机的目标用户############


[test@foundation0 ~]$  ssh-copy-id -i /root/.ssh/id_rsa.pub westos@172.25.254.1


The authenticity of host ‘172.25.254.100 (172.25.254.100)‘ can‘t be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Are you sure you want to continue connecting (yes/no)? yes       ##输入yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

westos@172.25.254.1‘s password: 


Number of key(s) added: 1


Now try logging into the machine, with:   "ssh ‘westos@172.25.254.100‘"

and check to make sure that only the key(s) you wanted were added.






ssh-copy-id    上传key的工具

-i    指定使用的公钥

/root/.ssh/id_rsa.pub  公钥的名称

root          被管理的目标用户

172.25.254.16          被管理用户所在主机的ip



authorized_keys 此文件在目标用户加目录的.ssh中,这个文件就是目标用户被加密的标识,文件内容位公钥内容。



[test@foundation0 .ssh]$ssh-copy-id -i id_rsa.pub root@172.25.254.1   ###上锁

[test@foundation0 .ssh]$scp id_rsa root@172.25.254.11:/root/.ssh   ###把自己密码给11 11在进1不需要输入密码

               服务器   客户端

                1             11 

               1. ssh-keygen                

               2. cd /root/.ssh/

               3. ls 

               4. ssh-copy-id -i id_rsa.pub root@自己

               5. scp id_rsa root@172.25.254.11(要给的):/root/.ssh/



2.sshd服务的简单配置


vim /etc/ssh/sshd_config sshd服务的配置文件

48 PermitRootLogin yes|no 是否允许root用户通过sshd的认证

78 PasswordAuthentication yes|no 开启或关闭用户密码认证

Allowusers student westos 用户白名单,只允许在名单中出现的用户使用sshd服务

systemctl restart sshd 重新加载配置


重新安装ssh服务   yum reinstall openssh-server -y

若有错误则         yum install openssh-server -y



<<<第九单元练习>>>

1.在desktop主机中建立用户westos,并设定其密码为westoslinux


[root@desktop15 Desktop]#useradd westos

[root@desktop15 Desktop]#passwd westos

Changing pasword for user westos

New password:westoslinux      密码

Retype new password:westoslinux       再次输入密码

passwd:all authentication tokens updated successfully       成功


2.配置desktop中的sshd服务要求如下:

*)设定sshd服务只允许westos用户可以被访问使用

*)创建westos用户的key认证方式

*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式

[root@desktop15 Desktop]#vim /etc/ssh/sshd_config

加一行   Allowusers  westos

wq 退出保存

[root@desktop15 Desktop]#systemctl restart sshd

[root@desktop15 Desktop]#ssh-keygen

[root@desktop15 Desktop]#cd /root/.ssh/

[root@desktop15 .ssh]#ls

authorized_keys  id_rsa   id_rsa.pub

[root@desktop15 Desktop]#ssh-copy-id -i id_rsa.pub westos@172.25.15.10

[root@desktop15 Desktop]#vim /etc/ssh/sshd_config

78  PasswordAuthentication no


wq 退出保存

[root@desktop15 Desktop]#systemctl restart sshd










本文出自 “12115227” 博客,请务必保留此出处http://12125227.blog.51cto.com/12115227/1860167

unit 9