OPENSSH的简介
简介
OpenSSH 是 SSH(Secure SHell) 协议的
免费开源实现。它用安全、加密的网络
连接工具代替了telnet、ftp、rlogin、
rsh和rcp工具。该协议默认使用RSA钥匙
OpenSSH支持SSH协议的版本1.3、1.5和
2。自从OpenSSH的版本2.9以来,默认的 协议是版本2。最新OpenSSH版本:3.9
OPENSSH优点
加密方式传输
传输数据经过压缩,可加快传输速
可实现远程控制、数据传输(拷贝及FTP方式)
需求
SSH 服务实验
1. 设置一台主机作为 SSH 服务器(192.168.1.177)
2. 将该机作为 SSH 服务的服务器端并启动 SSH 服务
3. 将其服务端口改为 1500
4. 只允许 SSH 2 协议工作
5. 没有认证的准备登陆的最大允许连接数为 10
环境情况
1. 操作系统:red hat as 4.0
2. 服务器软件包:
openssh-3.9p1-8.RHEL4.1
openssh-askpass-3.9p1-8.RHEL4.1 openssh-clients-3.9p1-8.RHEL4.1 openssh-server-3.9p1-8.RHEL4.1
openssh-askpass-gnome-3.9p1-8.RHEL4.1
//查看ssh服务器包是否安装
[root@localhost ~]# rpm -qa|grep openssh
openssh-3.9p1-8.RHEL4.1
openssh-server-3.9p1-8.RHEL4.1
openssh-askpass-3.9p1-8.RHEL4.1
openssh-clients-3.9p1-8.RHEL4.1
openssh-askpass-gnome-3.9p1-8.RHEL4.1
openssh-3.9p1-8.RHEL4.1
openssh-server-3.9p1-8.RHEL4.1
openssh-askpass-3.9p1-8.RHEL4.1
openssh-clients-3.9p1-8.RHEL4.1
openssh-askpass-gnome-3.9p1-8.RHEL4.1
//安装ssh服务器软件包
[root@localhost ~]# rpm -ivh openssh-* --force
warning: openssh-3.9p1-8.RHEL4.1.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... ########################################### [100%]
1:openssh ########################################### [ 20%]
2:openssh-askpass ########################################### [ 40%]
3:openssh-askpass-gnome ########################################### [ 60%]
4:openssh-clients ########################################### [ 80%]
5:openssh-server ########################################### [100%]
warning: openssh-3.9p1-8.RHEL4.1.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... ########################################### [100%]
1:openssh ########################################### [ 20%]
2:openssh-askpass ########################################### [ 40%]
3:openssh-askpass-gnome ########################################### [ 60%]
4:openssh-clients ########################################### [ 80%]
5:openssh-server ########################################### [100%]
//修改/etc/ssh/sshd-config
[root@localhost ~]# vi /etc/ssh/sshd_config
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 1500 //修改服务端口为 1500(默认为 22)
Protocol 2 //只允许 SSH2 协议工作,提高安全
#ListenAddress 0.0.0.0
#ListenAddress ::
....
....
....
# Authentication:
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 1500 //修改服务端口为 1500(默认为 22)
Protocol 2 //只允许 SSH2 协议工作,提高安全
#ListenAddress 0.0.0.0
#ListenAddress ::
....
....
....
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes //允许 ROOT 用户远端登陆
#StrictModes yes
#MaxAuthTries 6
PermitRootLogin yes //允许 ROOT 用户远端登陆
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
....
....
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
MaxStartups 10 //将准备连接的最大允许数设为 10 防止拒绝服务攻击
#ShowPatchLevel no
#AllowGroups shellusers
#PubkeyAuthentication yes
....
....
#ClientAliveCountMax 3
#UseDNS yes
#PidFile /var/run/sshd.pid
MaxStartups 10 //将准备连接的最大允许数设为 10 防止拒绝服务攻击
#ShowPatchLevel no
#AllowGroups shellusers
//重新启动ssh服务.并测试是否启动成功
[root@localhost ~]# service sshd restart
åœæ¢ sshd: [ 确定 ]
å¯åŠ¨ sshd [ 确定 ]
[root@localhost ~]# ssh root@192.168.1.177 -p 1500
The authenticity of host '192.168.1.177 (192.168.1.177)' can't be established.
RSA key fingerprint is f4:f3:5d:d5:23:58:4d:e2:11:d3:66:f7:b6:27:b1:8c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.177' (RSA) to the list of known hosts.
root@192.168.1.177's password:
Last login: Fri Nov 3 20:26:52 2006
åœæ¢ sshd: [ 确定 ]
å¯åŠ¨ sshd [ 确定 ]
[root@localhost ~]# ssh root@192.168.1.177 -p 1500
The authenticity of host '192.168.1.177 (192.168.1.177)' can't be established.
RSA key fingerprint is f4:f3:5d:d5:23:58:4d:e2:11:d3:66:f7:b6:27:b1:8c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.177' (RSA) to the list of known hosts.
root@192.168.1.177's password:
Last login: Fri Nov 3 20:26:52 2006
ps:此帖绝对是本人原创...
转载时..
请注明:
转至http://blog.csdn.net/Kipen/ 作者:flyshitou(石の頭丶)
请尊重他人的劳动果实..
谢谢..
--by flyshitou (石の頭丶)
转载时..
请注明:
转至http://blog.csdn.net/Kipen/ 作者:flyshitou(石の頭丶)
请尊重他人的劳动果实..
谢谢..
--by flyshitou (石の頭丶)