systemd

  系统的初始化程序,系统开始额第一个进程,pid为1

 

systemctl 命令

  systemctl list-units          列出当前系统服务的状态

  systemctl list-unit-files      列出服务的开机状态

  systemctl status sshd          查看指定服务的状态

  systemctl stop sshd            关闭指定服务

  systemctl start sshd           开启指定服务

  systemctl restart sshd         重新启指制定服务

  systemctl enable sshd          设定指定服务开机开启

  systemctl disable sshd         设定指定服务开机关闭

  systemctl reload sshd          使制定服务重新加载配置

  systemctl list-dependences sshd   查看制定服务的依赖关系

  sysytemctl mask sshd           冻结指定服务

  sysytemcrl unmask sshd         启用服务

  systemctl set-defult multi-user.target      开机不开启图形

  systemctl set-defult graphical.target      开机开启图形

 

服务状态

  systemctl status serviceName 

  loaded                  系统服务已经初始化完成,加载过配置

  active(running)       正有一个或多个程序正在系统中执行

                             vsftpd就是这种模式

  active(exited)        仅执行一次就正常结束的服务

                           目前并没有任何程序在系统中执行

  active(waiting)       正在执行当中

                           不过还在等待其他事件才能继续处理

  inactive                服务关闭

  enabled                 服务开机启动

  disabled                服务开机不自启

  static                  服务开机启动项不可被管理

openssh-server

  openssh-server

 

    功能:让远程主机可以通过网络访问ssh服务,开始一个安全的shell

 

  客户端连接方式

    ssh远程主机用户@远程主机ip

 

  实验:用desktop机远程控制server机

    [root@localhost .ssh]# ssh root@172.25.28.11                         连接远程主机用户

    The authenticity of host '172.25.28.11 (172.25.28.11)' can't be established.

    ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

    Are you sure you want to continue connecting (yes/no)? yes            连接陌生主机需要建立认证关系

    Warning: Permanently added '172.25.28.11' (ECDSA) to the list of known hosts.

    root@172.25.28.11's password:                                           远程主机用户密码

    [root@localhost ~]#                                                     连接成功

 

    *在desktop机的.ssh/下会生成known_hosts,里面记录你访问过客户端的公钥。删除(>known_hosts)后,再次访问该客户端,需重新建立认证关系。

   ssh 远程主机用户名@远程主机ip -X  调用运城主机图形工具

 

  在server机打开

  [root@localhost .ssh]# vim /etc/motd

  输入内容

  在desktop机远程控制server机时,就会出现该输入内容。

  [root@localhost .ssh]# ssh root@172.25.28.11

  root@172.25.28.11's password:

  Last login: Sun Nov  6 22:34:14 2016 from 172.25.28.10

  输入的内容

 

  

  ssh-keygen  (用此种方式验证登陆)

    在server机中

      生成公钥私钥

      [root@localhost .ssh]# ssh-keygen                                     生成公钥私钥工具

      Generating public/private rsa key pair.

      Enter file in which to save the key (/root/.ssh/id_rsa): [enter]       加密字符保存文件(建议使用默认)

      Enter passphrase (empty for no passphrase): [enter]                    密码钥匙,必须>4个字符(也可以输入空格)

      Enter same passphrase again: [enter]                                   确认密码

      Your identification has been saved in /root/.ssh/id_rsa.

      Your public key has been saved in /root/.ssh/id_rsa.pub.

      The key fingerprint is:

      d5:e5:dc:98:ed:d6:fe:c5:4e:bc:c7:25:a6:21:f4:90 root@localhost

      The key's randomart image is:

      +--[ RSA 2048]----+

      |              .  |

      |           . + = |

      |          ... = o|

      |         .E    ..|

      |        S. o    +|

      |          . o o=.|

      |           . + oB|

      |            .  o*|

      |               .+|

      +-----------------+

      [root@localhost .ssh]# ls/root/.ssh/

        id_rsa                           私钥。就是钥匙

        id_rsa.pub                       公钥。就是锁

 

    添加key认证方式

      [root@localhost .ssh]# ssh-copy-id  -i /root/.ssh/id_rsa.pub  root@172.25.28.11

      /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

      /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

      root@172.25.28.11's password:

      Permission denied, please try again.

      root@172.25.28.11's password:

 

      Number of key(s) added: 1

 

      Now try logging into the machine, with:   "ssh 'root@172.25.28.11'"

      and check to make sure that only the key(s) you wanted were added.

 

      [root@localhost .ssh]# ls

      authorized_keys  id_rsa  id_rsa.pub  known_hosts

      [root@localhost .ssh]#

 

    ssh-copy-id  添加key认证方式的工具

    -i                            指定加密key文件

    /root/.ssh/id_rsa.pub        加密key

    root                        加密用户为root

    172.25.28.11                  被加密主机ip

 

      分发钥匙给client主机

      [root@localhost ~]# scp /root/.ssh/id_rsa root@172.25.28.10:/root/.ssh/

      root@172.25.28.10's password:

      id_rsa                                        100% 1675     1.6KB/s   00:00  

 

      测试

      用desktop机

      [root@localhost ~]# ssh root@172.25.28.11        通过id_sra直接连接不需要输入密码(如果在生成钥匙中)

      Last login: Mon Nov  7 00:32:45 2016 from 172.25.28.10

      [root@localhost ~]# su - student

      [student@localhost ~]$ ssh @172.25.28.11

      usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]

                 [-D [bind_address:]port] [-E log_file] [-e escape_char]

                 [-F configfile] [-I pkcs11] [-i identity_file]

                 [-L [bind_address:]port:host:hostport] [-Q protocol_feature]

                 [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]

                 [-R [bind_address:]port:host:hostport] [-S ctl_path]

                 [-W host:port] [-w local_tun[:remote_tun]]

                 [user@]hostname [command]

 

 

  sshd服务的简单配置

    vim /etc/ssh/sshd_config              sshd服务的配置文件

 

    48 PermitRootLogin yes|no              是否允许root用户通过sshd的认证

    78 PasswordAuthentication yes|no      开启或关闭用户密码认证

    AllowUsers student westos              用户白名单,只允许在名单中出现的用户使用sshd服务

    systemctl restart sshd                  从新加载配置

  改ip

  ifconfig eth0 172.25.28.200 netmask 255.255.255.0      临时更改ip

 

  nm-connection-editor          图形界面改ip(永久的)

  systemctl restart network      重启网络

 

  nmtui                  文本界面改ip(永久的)

  systemctl restart network      重启