########################
# # # #9. openssh-server####
########################
# # # #1. openssh-server####
Function: Allow remote host to access sshd service over the network, start a secure shell
# # # #2. Client Connection Method # # #
SSH remote host user @ remote host IP
[[email protected] ~]# ssh [email protected]
The authenticity of host ' 172.25.0.11 (172.25.0.11) ' can ' t be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Is you sure want to continue connecting (yes/no)? Yes # #连接陌生主机时需要建立认证关系
warning:permanently added ' 172.25.0.11 ' (ECDSA) to the list of known hosts.
[email protected] ' s password: # #远程用户密码
Last Login:mon Oct 3 03:13:47 2016
[Email protected] ~]# # #登陆成功
SSH remote host user @ remote host Ip-x # #调用远程主机图形工具
SSH remote host user @ Remote host IP Command # #直接在远程主机运行某条命令
650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M02/9C/FE/wKiom1l4kxvwcKzsAABywwsSs1A352.png "title=" Screenshot from 2017-07-26 21-01-46.png "alt=" Wkiom1l4kxvwckzsaabywwsss1a352.png "/>
# # # #3. Sshkey Encryption # # #
1. Generating the public key private key
[Email protected] ~]# Ssh-keygen # #生成公钥私钥工具
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA): [Enter] # #加密字符保存文件 (default is recommended)
Created directory '/root/.ssh '.
Enter passphrase (empty for no passphrase): [Enter] # #密钥密码, must be >4 characters
Enter same passphrase again: [Enter] # #确认密码
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
ab:3c:73:2e:c8:0b:75:c8:39:3a:46:a2:22:34:84:81 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
|o |
| E. |
|.. |
|. . o |
|. O. *. S |
|OO.O O. |
|+ =. . . |
|o. oo.+. |
| .. o*. |
+-----------------+
[Email protected] ~]# ls/root/.ssh/
Id_rsa id_rsa.pub
Id_rsa # #私钥 is the key
Id_rsa.pub # #公钥 is the lock
2. Add key authentication method
[Email protected] ~]# ssh-copy-id-i/root/.ssh/id_rsa.pub [email protected]
Ssh-copy-id # #添加key认证方式的工具
-I # #指定加密key文件
/root/.ssh/id_rsa.pub # #加密key
Root # #加密用户为root
172.25.0.11 # #被加密主机ip
3. Distribute the key to the client host
[Email protected] ~]# Scp/root/.ssh/id_rsa [email protected]:/root/.ssh/
650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9C/FE/wKioL1l4kRezNpdqAABanK7RJZ4901.png "title=" Screenshot from 2017-07-26 14-59-34.png "alt=" Wkiol1l4kreznpdqaabank7rjz4901.png "/>4. Test
[[email protected] ~]# ssh [email protected] # #通过id_rsa直接连接不需要输入用户密码
Last Login:mon Oct 3 03:58:10 from 172.25.0.250
[Email protected] ~]#
650) this.width=650; "src=" Https://s5.51cto.com/wyfs02/M01/9C/FE/wKiom1l4kXORf2vjAADCMSmshHg561.png "title=" Screenshot from 2017-07-26 14-58-58.png "alt=" Wkiom1l4kxorf2vjaadcmsmshhg561.png "/>### #4. Raising the security level of OpenSSH # # # #
1.openssh-server configuration file
/etc/ssh/sshd_config
Passwordauthentication Yes|no # #是否开启用户密码认证, yes to support no for off
Permitrootlogin Yes|no # #是否允许超级用户登陆
Allowusers Student Westos # #用户白名单, only users appearing on the list can use sshd to build the shell
Denyusers Westos # #用户黑名单
This article is from the "13122425" blog, please be sure to keep this source http://13132425.blog.51cto.com/13122425/1951237
Linux Cloud Automation Operations Basics 9 (Openssh-server)