轉自:http://hi.baidu.com/angivo/blog/item/7f43bef5ade0e42fbc3109f7.html
轉載:http://hi.baidu.com/qiraosky/blog/item/35a7f144d9f3488ab3b7dc2e.html
著作權歸 原創作者所有。
sshd服務是一種安全連線,它能讓你訪問伺服器上的命令列介面。Windows本身沒有提供該服務,所以我們可以通過 cygwin 來進行安裝。
安裝 cygwin
首先安裝 cygwin。安裝時間為 2006-10-8,Cygwin DLL版本為 1.5.21-1。除了預設的軟體包之外,又增加了以下軟體包。
- Admin
- cron-3.0.1-19
- cygrunsrv-1.17-1
- shutdown-1.7-1
- syslog-ng-1.6.11-1
- Archive
- Devel
- Editors:
- Interpreters
- gawk-3.1.5-4
- perl-5.8.7-5
- expat-1.95.8-1
- Libs
- Net
- lftp-3.5.1-1
- openssh-4.4p1-1
- openssl-0.98d-1
- openssl097-0.9.7l-1
- ping-1.0-1
- netcat-1.10-2
- Shells
- ash-20040127-3
- bsah-3.1-9
- bash-completion-20060301-1
- mc-4.6.1-2
- Utils
- Web
安裝
用管理使用者登入,啟動 cygwin 命令列,執行以下命令。
$ ssh-host-config
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read /usr/doc/openssh/README.privsep.
Shall privilege separation be used? (yes/no) yes
Warning: The following function requires administrator privileges!
Shall this script create a local user 'sshd' on this machine? (yes/no) yes
Generating /etc/sshd_config file
Added ssh to /cygdrive/c/WINDOWS/system32/drivers/etc/services
Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) yes
Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "ntsec". CYGWIN=binmode ntsec tty
The service has been installed under LocalSystem account.
To start the service, call `net start sshd' or `cygrunsrc -S ssdh'.
Host configuration finished. Have fun!
配置 sshd
在 cygwin 的命令列中輸入以下命令:
$ cd /etc
$ chmod 666 sshd_config
$ vi sshd_config
修改 sshd_config 的以下配置。
PermitRootLogin no # 禁止root登入
StrictModes yes # CYGWIN=ntsec時的安全配置
RhostsRSAAuthentication no # 禁止 rhosts 認證
IgnoreRhosts yes # 禁止 rhosts 認證
PasswordAuthentication no # 禁止密碼認證
ChallengeResponseAuthentication no # 禁止密碼認證
PermitEmptyPasswords no # 禁止空密碼使用者登入
最後將 sshd_config 的許可權修改回 644。
$ chmod 644 sshd_config
啟動 sshd 伺服器。
$ cygrunsrv -S sshd
產生公開金鑰和密鑰
由於我們上面的設定僅允許密鑰方式認證,所以要為我們的使用者產生一對公開金鑰和密鑰。
在 cygwin 的控制台中執行以下命令,產生 ssh1 的公開金鑰和密鑰。
$ ssh-keygen -t rsa1
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/charlee/.ssh/identity):
Enterpassphrase (empty for no passphrase): 輸入密碼
Enter same passphrase again: 再次輸入密碼
Your identification has been sabed in /home/charlee/.ssh/identity
Your public key has been saved in /home/charlee/.ssh/identity.pub
類似的方法,使用下面的命令產生 ssh2 的公開金鑰和密鑰。
$ ssh-keygen -t rsa
$ ssh-keygen -t dsa
將公開金鑰匯入到認證公開金鑰中:
$ cd .ssh
$ cat identity.pub >> authorized_keys
$ cat id_rsa.pub >> authorized_keys
$ cat id_dsa.pub >> authorized_keys
因為我們在 /etc/sshd_config 的配置中使用了 StrictModes yes 的設定,所以要修改目錄許可權,命令如下。
$ chmod 755 /home/charlee
然後將密鑰 identity、id_rsa、id_dsa 檔案用某種方式複製到用戶端。我使用的用戶端是 Linux,因此只要將這三個檔案複製到用戶端的 $HOME/.ssh 目錄下即可。
登入伺服器。在用戶端上輸入以下命令,即可登入伺服器。
$ ssh 192.168.0.2
常見問題
2008-12-11更新
Q: cygrunsrv -S sshd不能啟動,報告
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.
A: 很可能是/var/log的使用權限設定不正確。首先執行 mkpasswd 和 mkgroup 重建許可權資訊,再刪除sshd服務,重新設定:
$ mkpasswd -l > /etc/passwd
$ mkgroup -l > /etc/group
$ cygrunsrv -R sshd
$ ssh-host-config -y
$ cygrunsrv -S sshd
Q: 用公開金鑰登入時老是說Permission denied (publickey).,怎麼辦?
A: 可以在Windows的事件記錄(我的電腦->右鍵->管理->事件檢視器)中看到sshd產生的錯誤資訊。常見的問題是 .ssh/authorized_keys使用權限設定不正確,該檔案必須設定為 0644 才能正常登入
##########################################################################
我遇到的問題
sshd服務無法開啟?
解決,按照上面的提示
1)對/var/log目錄 賦權
2)執行使用者映射
3)刪除sshd服務
4)配置sshd服務
5)開啟sshd服務
1)對/var/log目錄 賦權
Administrator@8a0dbeec9a074e1 /var
$ ls -rlat log
total 7284
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache2
drwxrwxrwx 1 SYSTEM Administrators 0 Oct 23 17:59 exim
drwxr-xr-x 1 Administrator Administrators 0 Oct 24 20:06 squid
-rwxrwxrwx 1 Administrator None 0 Oct 24 20:48 setup.log.postin
stallXa05528
-rwxr--r--+ 1 Administrator None 0 Oct 26 08:36 wtmp
-rw-r--r--+ 1 Administrator None 0 Oct 26 08:37 messages
drwxr-xr-x 1 Administrator Administrators 0 Oct 26 08:44 ..
-rw-r--r-- 1 Administrator None 0 Oct 26 11:20 lastlog
-rw-r--r-- 1 Administrator None 1257 Oct 26 13:51 setup.log.full
-rw-r--r-- 1 Administrator None 7449455 Oct 26 13:51 setup.log
drwxrwxrwx+ 1 Administrator Administrators 0 Oct 27 21:24 .
-rw-r--r-- 1 SYSTEM Administrators 1050 Oct 28 17:37 sshd.log
Administrator@8a0dbeec9a074e1 /var
$ chown Administrator:Administrators /log
Administrator@8a0dbeec9a074e1 /var/log
$ ls -rlt
total 7284
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache2
drwxrwxrwx 1 SYSTEM Administrators 0 Oct 23 17:59 exim
drwxr-xr-x 1 Administrator Administrators 0 Oct 24 20:06 squid
-rwxrwxrwx 1 Administrator None 0 Oct 24 20:48 setup.log.postin
stallXa05528
-rwxr--r--+ 1 Administrator None 0 Oct 26 08:36 wtmp
-rw-r--r--+ 1 Administrator None 0 Oct 26 08:37 messages
-rw-r--r-- 1 Administrator None 0 Oct 26 11:20 lastlog
-rw-r--r-- 1 Administrator None 1257 Oct 26 13:51 setup.log.full
-rw-r--r-- 1 Administrator None 7449455 Oct 26 13:51 setup.log
-rw-r--r-- 1 SYSTEM Administrators 1050 Oct 28 17:37 sshd.log
Administrator@8a0dbeec9a074e1 /var/log
$ chown -R Administrator:Administrators *
Administrator@8a0dbeec9a074e1 /var/log
$ ls -rtl
total 7284
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache2
drwxrwxrwx 1 Administrator Administrators 0 Oct 23 17:59 exim
drwxr-xr-x 1 Administrator Administrators 0 Oct 24 20:06 squid
-rwxrwxrwx 1 Administrator Administrators 0 Oct 24 20:48 setup.log.postin
stallXa05528
-rwxr--r--+ 1 Administrator Administrators 0 Oct 26 08:36 wtmp
-rw-r--r--+ 1 Administrator Administrators 0 Oct 26 08:37 messages
-rw-r--r-- 1 Administrator Administrators 0 Oct 26 11:20 lastlog
-rw-r--r-- 1 Administrator Administrators 1257 Oct 26 13:51 setup.log.full
-rw-r--r-- 1 Administrator Administrators 7449455 Oct 26 13:51 setup.log
-rw-r--r-- 1 Administrator Administrators 1050 Oct 28 17:37 sshd.log
Administrator@8a0dbeec9a074e1 /var/log
Administrator@8a0dbeec9a074e1 /var/log
$ cd ~
2)執行使用者映射
Administrator@8a0dbeec9a074e1 ~
$ mkpasswd -l > /etc/passwd
Administrator@8a0dbeec9a074e1 ~
$ mkgroup -l > /etc/group
3)刪除sshd服務
Administrator@8a0dbeec9a074e1 ~
$ cygrunsrv -R sshd
4)配置sshd服務
Administrator@8a0dbeec9a074e1 ~
$ ssh-host-config -y
*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/READ
ME.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file
*** Query: Overwrite existing /etc/inetd.d/sshd-inetd file? (yes/no) yes
*** Info: Creating default /etc/inetd.d/sshd-inetd file
*** Info: Updated /etc/inetd.d/sshd-inetd
*** Warning: The following functions require administrator privileges!
*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'. Otherwise, it
*** Info: will start automatically after the next reboot.
*** Info: Host configuration finished. Have fun!
5)開啟sshd服務
Administrator@8a0dbeec9a074e1 ~
$ cygrunsrv -S sshd
Administrator@8a0dbeec9a074e1 ~
$ cygrunsrv -S sshd
Administrator@8a0dbeec9a074e1 ~
$ ps -ef|grep sshd
SYSTEM 1316 6200 ? 19:42:30 /usr/sbin/sshd
Administrator@8a0dbeec9a074e1 ~
$ ssh root@172.16.4.132
The authenticity of host '172.16.4.132 (172.16.4.132)' can't be established.
RSA key fingerprint is b0:f3:36:d2:46:45:2f:04:7f:50:0b:e4:81:f2:5d:bf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.4.132' (RSA) to the list of known hosts.
root@172.16.4.132's password:
____________________, ______________________________________
.QQQQQQQQQQQQQQQQQQQQQQQQL_ | |
.gQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ__ | |
gQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ== | _.---.) |
QQQQQQQQQQQQQQQQQQQQQQQQQQQF= | (^--^)_.-" `; |
QQQQQQQQQ================! | ) ee ( | |
QQQQQQQQ | (_.__._) / |
QQQQQQQQ | `--', ,' |
QQQQQQQQ ~"jjj__, | jgs )_|--')_| |
QQQQQQQQ "jjjjjjjjjj___ | ""' ""' |
QQQQQQQQ ~jjjjjjjjjjjjjjjjj__ | |
QQQQQQQQ _jjjjjjjjjjjjjj/~~~~ | The Hippo says: Welcome to |
QQQQQQQQ .{jjjjjjj/~~~~~ | _ |
QQQQQQQQ .{/~~~~` | ____ _ _ ____ _ _ _ (_) ____ |
QQQQQQQQ | / ___)| | | | / _ || | | || || _ / |
QQQQQQQQ |( (___ | |_| |( (_| || | | || || | | ||
QQQQQQQQQL_______________, | /____) /__ | /___ | /___/ |_||_| |_||
QQQQQQQQQQQQQQQQQQQQQQQQQQQL___ | (___/ (____| |
4QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ___ | |
(=QQQQQQQQQQQQQQQQQQQQQQQQQQQQQ==== | -.-. -.-- --. .-- .. -. |
(QQQQQQQQQQQQQQQQQQQQQQQQF= |______________________________________|
root@8a0dbeec9a074e1 ~