第九单元
1.什么是openssh
它是一个提供远程访问控制的软件
2.如何实现远程访问
ssh 远程主机用户@远程主机ip地址
ssh root@172.25.254.1
-X 开启图形连接
如 ssh root@172.25.254.1 -X
cheese 1的显示屏就开启了
The authenticity of host '172.25.254.1 (172.25.254.1)' can't be established.
ECDSA key fingerprint is 55:dd:43:ce:bf:94:dd:91:49:e7:97:29:63:3d:02:02.
Are you sure you want to continue connecting (yes/no)? yes ##建立安全传输key
root@172.25.254.1's password: ##密码输入没有回显
Last failed login: Sun Oct 11 16:56:29 CST 2015 from 172.25.254.206 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Oct 11 16:55:46 2015 from 172.25.254.206
[root@foundation1 ~]# ###登陆成功
ctrl +d |logout ###退出
[root@foundation1 ~]# logout
Connection to 172.25.254.1 closed.
[root@localhost ~]# vim /etc/motd ###设定登陆显示字符
#######生成key###########
ssh的key认证
[test@foundation0 ~]$ ssh-keygen 生成公钥和私钥的工具
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):『enter』 指定加密字符保存文件,直接回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): ###输入密码,必须大于4位
Enter same passphrase again: ###再次输入密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is: ###确认密码
a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| .*+ |
| +. o . |
| .. . E . |
| o + + * |
| S + * + |
| . * . o |
| . . |
| |
| |
+-----------------+
/root/.ssh ##生成密钥存放位置
[test@foundation0 Desktop]$cd /root/.ssh/
[test@foundation0 .ssh]$ ls
id_rsa id_rsa.pub ####id_rsa位私钥,id_rsa.pub位公钥
相当于钥匙 相当于锁
ifconfig eth0 看自己id
#####################使用key加密目标主机的目标用户############
[test@foundation0 ~]$ ssh-copy-id -i /root/.ssh/id_rsa.pub westos@172.25.254.1
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes ##输入yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
westos@172.25.254.1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'westos@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
ssh-copy-id 上传key的工具
-i 指定使用的公钥
/root/.ssh/id_rsa.pub 公钥的名称
root 被管理的目标用户
172.25.254.16 被管理用户所在主机的ip
authorized_keys 此文件在目标用户加目录的.ssh中,这个文件就是目标用户被加密的标识,文件内容位公钥内容。
[test@foundation0 .ssh]$ssh-copy-id -i id_rsa.pub root@172.25.254.1 ###上锁
[test@foundation0 .ssh]$scp id_rsa root@172.25.254.11:/root/.ssh ###把自己密码给11 11在进1不需要输入密码
服务器 客户端
1 11
1. ssh-keygen
2. cd /root/.ssh/
3. ls
4. ssh-copy-id -i id_rsa.pub root@自己
5. scp id_rsa root@172.25.254.11(要给的):/root/.ssh/
2.sshd服务的简单配置
vim /etc/ssh/sshd_config sshd服务的配置文件
48 PermitRootLogin yes|no 是否允许root用户通过sshd的认证
78 PasswordAuthentication yes|no 开启或关闭用户密码认证
Allowusers student westos 用户白名单,只允许在名单中出现的用户使用sshd服务
systemctl restart sshd 重新加载配置
重新安装ssh服务 yum reinstall openssh-server -y
若有错误则 yum install openssh-server -y
<<<第九单元练习>>>
1.在desktop主机中建立用户westos,并设定其密码为westoslinux
[root@desktop15 Desktop]#useradd westos
[root@desktop15 Desktop]#passwd westos
Changing pasword for user westos
New password:westoslinux 密码
Retype new password:westoslinux 再次输入密码
passwd:all authentication tokens updated successfully 成功
2.配置desktop中的sshd服务要求如下:
*)设定sshd服务只允许westos用户可以被访问使用
*)创建westos用户的key认证方式
*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式
[root@desktop15 Desktop]#vim /etc/ssh/sshd_config
加一行 Allowusers westos
wq 退出保存
[root@desktop15 Desktop]#systemctl restart sshd
[root@desktop15 Desktop]#ssh-keygen
[root@desktop15 Desktop]#cd /root/.ssh/
[root@desktop15 .ssh]#ls
authorized_keys id_rsa id_rsa.pub
[root@desktop15 Desktop]#ssh-copy-id -i id_rsa.pub westos@172.25.15.10
[root@desktop15 Desktop]#vim /etc/ssh/sshd_config
78 PasswordAuthentication no
wq 退出保存
[root@desktop15 Desktop]#systemctl restart sshd
