Linux ssh
http://s1.运维网.com/images/20180301/1519918190627639.pnghttp://s1.运维网.com/images/20180301/1519918194203935.pnghttp://s1.运维网.com/images/20180301/1519918198794876.png
http://s1.运维网.com/images/20180301/1519918220497393.png
http://s1.运维网.com/images/20180301/1519918225187720.png
http://s1.运维网.com/images/20180301/1519918232586705.png
http://s1.运维网.com/images/20180301/1519918236575283.png
版本不同,连不上
http://s1.运维网.com/images/20180301/1519918252675703.png
http://s1.运维网.com/images/20180301/1519918257357111.png
http://s1.运维网.com/images/20180301/1519918265686195.png
http://s1.运维网.com/images/20180301/1519918272494390.png
http://s1.运维网.com/images/20180301/1519918278941008.png
http://s1.运维网.com/images/20180301/1519918282377678.png
http://s1.运维网.com/images/20180301/1519918289417290.png
http://s1.运维网.com/images/20180301/1519918293830547.png
http://s1.运维网.com/images/20180301/1519918298862979.png
http://s1.运维网.com/images/20180301/1519918302239596.png
改22端口 监听内网安全
http://s1.运维网.com/images/20180301/1519918311172028.png
http://s1.运维网.com/images/20180301/1519918316763431.png
http://s1.运维网.com/images/20180301/1519918323209179.png
http://s1.运维网.com/images/20180301/1519918327503918.png
http://s1.运维网.com/images/20180301/1519918331587157.png
http://s1.运维网.com/images/20180301/1519918334330075.png
http://s1.运维网.com/images/20180301/1519918341522953.png
http://s1.运维网.com/images/20180301/1519918346331307.png
http://s1.运维网.com/images/20180301/1519918350507105.png
看不懂
#sed -ir '13 iPort 57788\nPermitRootLogin no\nPermitEmptyPasswords no\nUseDNS no \nGSSAPIAuthentication no' /etc/ssh/sshd_config
将其他几个虚拟机也优化下
http://s1.运维网.com/images/20180301/1519918370874588.png
把配置文件里面改成允许root用户登录就行
这里建用户来试验
http://s1.运维网.com/images/20180301/1519918379365390.png
http://s1.运维网.com/images/20180301/1519918384523021.png
http://s1.运维网.com/images/20180301/1519918389748063.png
http://s1.运维网.com/images/20180301/1519918402768600.png
http://s1.运维网.com/images/20180301/1519918406561972.png
http://s1.运维网.com/images/20180301/1519918411225314.png
http://s1.运维网.com/images/20180301/1519918415951626.png
http://s1.运维网.com/images/20180301/1519918423366116.png
http://s1.运维网.com/images/20180301/1519918431886276.png
http://s1.运维网.com/images/20180301/1519918435659401.png
http://s1.运维网.com/images/20180301/1519918440801435.png
r拷目录
p保持属性
http://s1.运维网.com/images/20180301/1519918451646876.png
http://s1.运维网.com/images/20180301/1519918457943048.png
http://s1.运维网.com/images/20180301/1519918461236206.png
http://s1.运维网.com/images/20180301/1519918466800969.png
http://s1.运维网.com/images/20180301/1519918477369060.png
当然也可以指定到哪个目录下
http://s1.运维网.com/images/20180301/1519918586407402.png
windows上传
http://s1.运维网.com/images/20180301/1519918597581871.png
http://s1.运维网.com/images/20180301/1519918603510899.png
也可以get,到crt设置的下载目录
http://s1.运维网.com/images/20180301/1519918620763235.png
http://s1.运维网.com/images/20180301/1519918626413860.png
http://s1.运维网.com/images/20180301/1519918631242423.png
要求
http://s1.运维网.com/images/20180301/1519918642547509.png
http://s1.运维网.com/images/20180301/1519918650997069.png
http://s1.运维网.com/images/20180301/1519918654538022.png
http://s1.运维网.com/images/20180301/1519918659926417.png
http://s1.运维网.com/images/20180301/1519918665401144.png
默认的是ssh-copy-id -i id_dsa.pub panqissh@172.16.1.61
但如果改了端口号
http://s1.运维网.com/images/20180301/1519918680693324.png
也可以将id_dsa.pub用scp拷到对应用户的家目录下的.ssh目录下
改成叫authorized_keys
前提是权限要对600
http://s1.运维网.com/images/20180301/1519918748771191.png
如果机子较多,这样比较慢,要一台台拷,可以用expect度娘吧。。。。
http://s1.运维网.com/images/20180301/1519918781786652.png
http://s1.运维网.com/images/20180301/1519918795242662.png
http://s1.运维网.com/images/20180301/1519918801797639.png
接前面scp Premission denied
http://s1.运维网.com/images/20180301/1519918820430208.png
http://s1.运维网.com/images/20180301/1519918824933211.png
http://s1.运维网.com/images/20180301/1519918829836120.png
http://s1.运维网.com/images/20180301/1519918834604466.png
第三种工作中正常不用 了解
http://s1.运维网.com/images/20180301/1519918847867341.png
http://s1.运维网.com/images/20180301/1519918851673757.png
第二种sudo
http://s1.运维网.com/images/20180301/1519918862281843.png
echo "panqissh ALL= NOPASSWD:/usr/bin/rsync" >>/etc/sudoers
visudo -c
http://s1.运维网.com/images/20180301/1519918872529082.png
http://s1.运维网.com/images/20180301/1519918877860934.png
-t 远程sudo
http://s1.运维网.com/images/20180301/1519918891988338.png
http://s1.运维网.com/images/20180301/1519918895575956.png
http://s1.运维网.com/images/20180301/1519918901895940.png
http://s1.运维网.com/images/20180301/1519918905906982.png
http://s1.运维网.com/images/20180301/1519918910772282.png
http://s1.运维网.com/images/20180301/1519918917870531.png
通道模式
http://s1.运维网.com/images/20180301/1519918929537212.png
增量、加密、相比scp多了增量
分发脚本
http://s1.运维网.com/images/20180301/1519918943296001.png
http://s1.运维网.com/images/20180301/1519918949687591.png
传参:
http://s1.运维网.com/images/20180301/1519918965578111.png
批量管理
http://s1.运维网.com/images/20180301/1519918976751395.png
http://s1.运维网.com/images/20180301/1519918980601228.png
http://s1.运维网.com/images/20180301/1519918987734703.png
1、利用root做ssh key验证
优点:简单,易用
缺点:安全差,同时无法禁止root远程连接这个功能
中小企业应用较多
2、利用普通用户来做
先把文件拷到服务器用户家目录,然后sudo提权拷贝分发的文件到客户服务器的对应权根目录
优点:安全,无需停止root远程连接这个功能
缺点:配置较复杂
3、用suid对固定命令提权
优点:相对安全
缺点:复杂,任何人都可以处理带有suid权根的命令
非交互式一键批量安装软件前提:
1、useradd panqissh888
echo 100909 | passwd --stdin panqissh888
2、sudo提权每台机子
http://s1.运维网.com/images/20180301/1519919002353434.png
3、su - panqissh888
4、m01创建密钥对(脚本里自动),且安装有expect软件
http://s1.运维网.com/images/20180301/1519919013712214.png
http://s1.运维网.com/images/20180301/1519919017482430.png
作用单纯分发公钥
http://s1.运维网.com/images/20180301/1519919027548193.png
http://s1.运维网.com/images/20180301/1519919031635171.png
http://s1.运维网.com/images/20180301/1519919035461905.png
实现:不需要输入密码了
http://s1.运维网.com/images/20180301/1519919044191286.png
http://s1.运维网.com/images/20180301/1519919048681564.png
作用批量分发
http://s1.运维网.com/images/20180301/1519919060436337.png
实现一键发送多台
http://s1.运维网.com/images/20180301/1519919068423080.png
优化后,加入自动生成密钥对,一键分发多台
http://s1.运维网.com/images/20180301/1519919079122914.png
http://s1.运维网.com/images/20180301/1519919083945794.png
一键自动化 还可以加入分发脚本,执行安装 例子
http://s1.运维网.com/images/20180301/1519919103636574.png
一键给多台机子装ftp
http://s1.运维网.com/images/20180301/1519919137580546.png
http://s1.运维网.com/images/20180301/1519919141904727.png
http://s1.运维网.com/images/20180301/1519919147703556.png
页:
[1]