Home > Developer > Linux

Linux (Radhat) Basic Learning-system service control and SSHD services

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

1. System Services

1. What is a service

系统服务(system services)是指执行指定系统功能的程序、例程或进程,以便支持其他程序,尤其是底层(接近硬件)程序。通过网络提供服务时,服务可以在Active Directory(活动目录)中发布,从而促进了以服务为中心的管理和使用。

2. Control Services

1.systemd    系统初始化程序,系统开始的第一个进程,pid为12.pstree    显示系统中的进程树3.systemctl 命令(服务控制命令)    systemctl status sshd            查看指定服务状态    systemctl start sshd              开启指定服务    systemctl stop sshd               关闭指定服务    systemctl restart sshd          从新启动服务    systemctl reload sshd           使指定服务从新加载配置    systemctl mask sshd          冻结指定服务    systemctl unmask sshd       启用服务    systemctl enable sshd           设定指定服务开机开启    systemctl disable sshd         设定指定服务开机时不启动    systemctl list-units                              列出当前系统所有开启的服务的状态    systemctl list-unit-files                       列出所有服务的开机状态    systemctl list-dependencies sshd    查看指定服务的倚赖关系    systemctl set-default multi-user.target   设定系统启动时为多用户级别(不开启图形模式)    systemctl set-default graphical.target     设定系统启动时级别为图形模式    setterm命令                   文本界面相关颜色设定

3. Service Status

Systemctl Status Service Name

loaded                      系统服务已经初始化完成,加载过配置active(running) 正有一个或多个程序正在系统中执行,                                     vsftpd 就是这种模式atcive(exited)      仅执行一次就正常結束的服务,                                     目前并没有任何程序在系統中执行atcive(waiting)     正在执行当中,不过还再等待其他的事件才能继续处理masked      服务冻结inactive        服务关闭enbaled     服务开机启动disabled       服务开机不自启static          服务开机启动项不可被管理failed          系统配置错误

Raise a chestnut: View the state of the firewall

2.SSHD Service

To facilitate experimentation, rename two virtual machines to desktop and server

查看当前主机名:hostname更改主机名字:hostnamectl set-hostname 主机名ps:在更改后立即生效,但需要另外打开一个shell或重新打开一个shell才能看到名字更改

1.SSHD Introduction

sshd = secure shell功能:让远程主机可以通过网络访问sshd服务,开始一个安全shell sssh ------------------> sshdclient端                    server端

2. Client Connection mode

ssh 远程主机用户@远程主机ip                        文本模式(命令行)ssh 远程主机用户@远程主机ip   -X                 可以开启图形界面ssh 远程主机用户@远程主机ip   command   直接在远程主机运行某条命令注意:第一次连接陌生主机时需要建立认证文件,所以会询问是否建立,输入yes确认      再次连接此主机时,因为生成~/.ssh/know_hosts文件,故没有询问

Are you sure you want to continue connecting (yes/no)? yes  ----------> 第一次连接陌生主机时需要建立认证关系Warning: Permanently added ‘172.25.254.77‘ (ECDSA) to the list of known hosts.[email protected]‘s password:  -----------> 远程用户密码Last login: Mon Oct  3 03:13:47 2016[[email protected] ~]#           ----------> 登陆成功
3.ssh Key Encryption

1. Generating the public key private key

Ssh-keygen----------> Generate public Key Private key

Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):[enter]     ---------> 加密字符保存文件(建议用默认)Created directory ‘/root/.ssh‘.Enter passphrase (empty for no passphrase):         [enter]     ----------> 密钥密码,必须>4个字符(建议默认)Enter same passphrase again:                [enter]     ------ --->确认密码Your identification has been saved in /root/.ssh/id_rsa(私钥).Your public key has been saved in /root/.ssh/id_rsa.pub(公钥).The key fingerprint is:                     ab:3c:73:2e:c8:0b:75:c8:39:3a:46:a2:22:34:84:81 [email protected]The key‘s randomart image is:......


To view the generated files:

which

id_rsa          ##私钥,就是钥匙id_rsa.pub  ##公钥,就是锁

2. Add key authentication method (encryption service)

Ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]

Explain:

ssh-copy-id     ##添加key认证方式的工具-i          ##指定加密key文件/root/.ssh/id_rsa.pub   ##加密keyauthorized_keys     ##出现这个文件表示加米完成root            ##加密用户为root172.25.254.77       ##被加密主机ip

3. Distribute the key to the client host (here Instant Desktop virtual machine)

Scp/root/.ssh/id_rsa [Email protected]:/root/.ssh/
A private key is now in the/root/.ssh/directory of the desktop virtual machine.

4. Testing

 ssh [email protected]     ##客户机(即desktop)连接服务机(server)通过id_rsa直接连接不需要输入用户密码

4. Elevate the security level of SSH

1. configuration file:/etc/ssh/sshd_config

78 PasswordAuthentication yes|no        ##是否开启用户密码进行sshd认证,yes为支持no为关闭48 PermitRootLogin yes|no                   ##是否允许root用户通过输入密码进行sshd认证49 AllowUsers student westos              ##用户白名单,只有在名单中出现的用户可以使用sshd建立shell。白名单出现,不再其中的用户不被允许sshd认证登陆50 DenyUsers westos                         ##用户黑名单重启服务:systemctl restart sshd.service

2.ssh Landing Prompt Modification

vim /etc/motd       ##文件内容就是登陆后显示内容hello world       ##在登陆后就会显示这个字符
4. User Login Audit

1.

w          ##查看使用系统的当前用户有那些w -f        ##查看使用地点w -i        ##显示ip              相关文件:/var/run/utmp


2.

last         ##查看用户登陆成功历史                相关文件:/var/log/wtmp


3.

lastb       ##查看用户登陆未成功历史                相关文件:/var/log/btmp

Linux (Radhat) Basic Learning-system service control and SSHD services

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
service sshd restart cisco asa content security and control csc security services module basic control structures power system dynamics stability and control how to restart sshd in linux web service basic authentication linux commands basic

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More