终端
终端:接受用户的指令
- TTY终端
- 虚拟终端:
- ssh:22,可以把通信双发的信息加密
- telnet:23,不加密
解释器:shell
OpenSSH服务器
-
SSH(Secure Shell)协议
- 安全外壳协议
- 是一种安全通道协议
- 对通信数据进行了加密处理,用于远程管理
-
OpenSSH
- 服务名称:sshd
- 服务端主程序:/usr/sbin/sshd
- 服务端配置文件:/etc/ssh/sshd_config
-
服务监听选项
- 端口号、协议版本、监听IP地址
- 一切网络程序都有对应的端口号
- 禁用反向解析
- 端口号、协议版本、监听IP地址
[root@localhost ~]# vim /etc/ssh/sshd config
Port 22 //监听端口为 22
ListenAddress 172.16.16.22 //监听地址为172.16.16.22
Protocol 2 //使用 SSH V2 协议
...... //省略部分内容
UseDNS no //禁用 DNS 反向解析
构建密钥对验证的SSH体系
在客户端创建密钥对
[zhangsan@localhost ~]$ ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/zhangsan/.ssh/id ecdsa):
//指定私钥位置
Created directory 'home/zhangsan/.ssh'
Enter passphrase (empty for no passphrase): //设置私钥短语
Enter same passphrase again: //确认所设置的短语
Your identification has been saved in /home/zhangsan/.ssh/id ecdsa.
Your public key has been saved in /home/zhangsan/.ssh/id ecdsa.pub
The key fingerprint is: //省略部分内容
[zhangsan@localhost ~]$ ls -lh ~/.ssh/id ecdsa* //确认生成的密钥文件
-mw-1 zhangsan zhangsan 227 8月14 19:45 /home/zhangsan.ssh/id ecdsa
-rw-r--r--1 zhangsan zhangsan 1928月 1419:45 /home/zhangsan/.ssh/id ecdsa.pub
将公钥文件上传至服务器
[zhangsan@localhost ~]$ scp ~.ssh/id ecdsa.pub root@172.16.16.22:/tmp
[root@localhost ~]# mkdir /home/lisi/.ssh/
[root@localhost ~]# cat /tmp/id ecdsa.pub >>/home/lisi/.sshauthorized keys
[root@localhost ~]# tail -1 /home/lisil.ssh/authorized keys
ecdsa-sha2-nistp256
AAAAE2ViZHNhLXNOYTItbmIzdHAyNTYAAAAIbmIzdHAYNTYAAABBBLJSnBhscYBfnnHxSYAJEBD4SNKTLMF7itCFGM33RdeXU89QNQKMnCrCJHZAIZURrzDXG6Mp62mz9aRXUnARk8s
zhangsan@localhost
在客户端使用密钥验证
[zhangsan@localhost ~]$ ssh lisi@192.168.10.101
[lisi@localhost ~]$ whoami
lisi //成功登录服务器
[zhangsan@locahost ~]$ ssh-copy-id -i~/.ssh/id_ecdsa.pub lisi@192.168.10.101
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter
out any that are already installed/bin/ssh-copy-id: lNFO: 1 key(s) remain to be installed -- if you are
prompted now it is to install the new keys
lisi@192.168.10.101's password: //输入 lisi 的密码
Number of key(s) added: 1
Now try logging into the machine, with:"ssh 'lisi@192.168.10.101'"
\and check to make sure that only the key(s) you wanted were added.