Linux 之 SSH 理解
SSH 理解一、服务端sshd_conf配置文件理解
Port 22 #ssh 连接默认端口
PermitRootLogin yes #是否允许root用户登陆
PermitEmptyPasswords no #禁止空密码登陆
UserDNS no #不使用DNS反解释
GSSAPIAuthentication no #禁用可加快初始连接的等待时间
ListenAddress10.3.151. #只监控允许该网段的机器远程过来
#配置文件所在位置/etc/ssh/sshd_config
二、快速创建无密码远程登陆其它主机
1、主机环境
10.3.151.193可直接控制访问10.3.151.222
2、在10.3.151.193上创建密钥对
# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
95:b4:14:45:60:9e:39:b2:89:02:d9:d4:55:3d:1f:80 root@localhost.localdomain
The key's randomart image is:
+--[ DSA 1024]----+
| .. ...BB+. |
| +.=E=o .|
|o . . Oo . |
| . . = ..|
| . . S |
| . |
| |
| |
| |
+-----------------+
备注:以下命令可直接快速创建密钥对
ssh-keygen -t dsa -P ' ' -f ~/.ssh/id_dsa > /dev/null 2>&1
# ls -al .ssh/
总用量 20
drwx------.2 root root 4096 6月 6 15:08 .
dr-xr-x---. 26 root root 4096 5月27 15:25 ..
-rw------- 1 root root668 6月 6 15:08 id_dsa #私钥
-rw-r--r-- 1 root root616 6月 6 15:08 id_dsa.pub #公钥
-rw-r--r-- 1 root root786 5月31 18:51 known_hosts
3、把公钥发送到要远程控制的主机
# ssh-copy-id -i .ssh/id_dsa.pubroot@10.3.151.222
The authenticity of host '10.3.151.222 (10.3.151.222)' can't be established.
RSA key fingerprint is 55:5c:2f:0d:67:6d:b0:64:3e:7a:81:dd:54:9d:07:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.3.151.222' (RSA) to the list of known hosts.
root@10.3.151.222's password:
Now try logging into the machine, with "ssh 'root@10.3.151.222'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
4、在被远程控制的机器上,查看.ssh下的文件
# ls -al .ssh/
总用量 16
drwx------.2 root root 4096 6月 6 15:11 .
dr-xr-x---. 24 root root 4096 5月23 15:21 ..
-rw-------.1 root root616 6月 6 15:11 authorized_keys #上传后生成的文件
-rw-r--r--.1 root root787 5月23 13:05 known_hosts
5.测试10.3.151.193的机器是否可以直接访问10.3.151.222的机器(不需要密码)
# ssh root@10.3.151.222 /sbin/ifconfig eth2
eth2 Link encap:EthernetHWaddr 00:50:56:B9:DA:C7
inet addr:10.3.151.222Bcast:10.3.151.255Mask:255.255.255.0
inet6 addr: fe80::250:56ff:feb9:dac7/64 Scope:Link
UP BROADCAST RUNNING MULTICASTMTU:1500Metric:1
RX packets:667797 errors:0 dropped:0 overruns:0 frame:0
TX packets:206514 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:341023267 (325.2 MiB)TX bytes:120677605 (115.0 MiB)
页:
[1]