首页 > 代码库 > 3、SSH高级服务

3、SSH高级服务

2024-08-25 08:20:22   221人阅读

  1. 1、ssh服务生成新的公钥和私钥[root@rhel6_80 ~]# ssh-keygen 
  2. Generating public/private rsa key pair.
  3. Enter file in which to save the key (/root/.ssh/id_rsa): 
  4. Enter passphrase (empty for no passphrase): 
  5. Enter same passphrase again: 
  6. Your identification has been saved in /root/.ssh/id_rsa.     #私钥存放地址
  7. Your public key has been saved in /root/.ssh/id_rsa.pub.     #公钥存放地址
  8. The key fingerprint is:
  9. 3e:ff:b3:68:de:e7:06:1b:fb:21:49:44:bb:38:76:e3 root@rhel6_80
  10. The key‘s randomart image is:
  11. +--[ RSA 2048]----+
  12. |            .    |
  13. |           . .   |
  14. |            o    |
  15. |           o .   |
  16. |        S + =    |
  17. |       . . =oo   |
  18. |        o   E=.  |
  19. |         o.o+.o. |
  20. |         o+.+Bo  |
  21. +-----------------+
  22. [root@rhel6_80 ~]# ls .ssh/
id_rsa  id_rsa.pub  known_hosts        #id_rsa私钥   id_rsa.pub公钥。

2、ssh服务 发布公钥
  1. [root@rhel6_80 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.3.84   #将公钥发布给84服务器后,80再次连接84就不需要再输入密码
  2. [root@rhel6_80 ~]# ssh 192.168.3.84
Last login: Thu May 19 20:33:21 2016 from 192.168.3.130
警告!哈哈哈哈哈哈
PATH=/root/:/usr/lib64/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin        #无需输密码连接成功
[root@rhel6_84 ~]#
 
3、如何防止暴力破解ssh远程服务。
  1. [root@rhel6_80 ~]# ls
  2. aa.sh            cc.sh  fail2ban-0.8.14.tar.gz  install.log         ss.sh  公共的  视频  文档  音乐
  3. anaconda-ks.cfg  dd.sh  hh.sh                   install.log.syslog  xx.sh  模板    图片  下载  桌面
  4. [root@rhel6_80 ~]# tar xf fail2ban-0.8.14.tar.gz 
  5. [root@rhel6_80 ~]# cd fail2ban-0.8.14
  6. [root@rhel6_80 fail2ban-0.8.14]# python -V
Python 2.6.6
[root@rhel6_80 fail2ban-0.8.14]# python setup.py stall
  7. **************
  8. [root@rhel6_80 fail2ban-0.8.14]# cp files/redhat-initd /etc/init.d/fail2ban
[root@rhel6_80 fail2ban-0.8.14]# chkconfig --add fail2ban                       #添加fail2ban 开机自启
[root@rhel6_80 fail2ban-0.8.14]# chkconfig --list fail2ban
fail2ban       	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
  9. [root@rhel6_80 fail2ban-0.8.14]# cd /etc/fail2ban/
[root@rhel6_80 fail2ban]# ls
action.d  fail2ban.conf  fail2ban.d  filter.d  jail.conf  jail.d

4、fail2ban 设置
  1. [root@rhel6_80 fail2ban]# fail2ban-client status    #查看当前fail2ban设置


5、SCP远程拷贝


6、xinetd 进程守护程序
  1. [root@rhel6_80 ~]# yum -y install xinetd
  2. [root@rhel6_80 ~]# vim /etc/xinetd.conf    #配置文件
  3. [root@rhel6_80 ~]# yum -y install telnet-server tftp-server rsync           #安装测试用程序,测试被xinetd管理的程序
  4. # default: off
# description: The rsync server is a good addition to an ftp server, as it \
  5. [root@rhel6_80 ~]# vim /etc/xinetd.d/rsync      #启动rsync服务
#       allows crc checksumming etc.
service rsync
{
        disable = no             #这里改成no,表示启动xinetd
        flags           = IPv6
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
  6. [root@rhel6_80 ~]# service xinetd restart                            #启动xinetd服务
停止 xinetd:                                              [失败]
正在启动 xinetd:                                          [确定]
  7. [root@rhel6_80 ~]# netstat -anptu |grep 873                            #检测是否正常监听873端口,有标示rsync服务正常启动。
tcp        0      0 :::873                      :::*                        LISTEN      3945/xinetd




来自为知笔记(Wiz)


3、SSH高级服务


联系
我们