1.systemctl 命令
systemctl list-units ##列出当前系统服务的状态
systemctl list-unit-files ##列出服务的开机状态
systemctl status sshd ##查看指定服务的状态
systemctl stop sshd ##关闭指定服务
systemctl start sshd ##开启指定服务
systemctl restart sshd ##从新启动服务
systemctl enable sshd ##设定指定服务开机开启
systemctl disable sshd ##设定指定服务开机关闭
systemctl reload sshd ##使指定服务从新加载配置
systemctl list-dependencies sshd ##查看指定服务的倚赖关系
systemctl mask sshd ##冻结指定服务
systemctl unmask sshd ##启
systemctl set-default multi-user.target ##开机不开启图形
systemctl set-default graphical.target ##开机启动图形
sshd的安全配置
1.禁止原始认证方式
打开/etc/ssh/ssh_config 文件
78 PasswordAuthentication no|yes ##开启或关闭ssh的默认认证方式
48 PermitRootLogin no|yes ##开启或关闭root用户的登陆权限
79 AllowUsers westos ##用户白名单,当前设定是只允许westos登陆
80 DenyUsers linux ##用户黑名单,当前设定是只不允许linux登陆
命令练习
1.[kiosk@foundation60 Desktop]$ systemctl list-units //列出当前系统服务状态
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable F
sys-devices-pci0000:00-0000:00:02.0-drm-card0-card0\x2deDP\x2d1-intel_backlight.
2.[kiosk@foundation60 Desktop]$ systemctl list-unit-files //列出服务的开机状态
UNIT FILE 33 STATE
proc-sys-fs-binfmt_misc.automount static
dev-hugepages.mount static
dev-mqueue.mount static
proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
tmp.mount disabled
var-lib-nfs-rpc_pipefs.mount static
brandbot.path disabled
cups.path enabled
systemd-ask-password-console.path static
3[kiosk@foundation60 Desktop]$ systemctl status sshd //查看sshd的服务状态
● sshd.service - OpenSSH server daemon
###loaded:系统初始化完成,加载过配置
###active(running) 正有一个或多个程序在系统中运行
###active(exited) 仅执行一次就正常结束服务
###active(waiting) 正在执行当中,要等其他事情处理完后,才能继续处理
###inactive 服务关闭
###enabled 服务开机启动
###disabled 服务开机不启动
###static 服务开机启动项不可被管理
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since 六 2018-04-07 09:46:04 CST; 4h 50min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1489 (sshd)
CGroup: /system.slice/sshd.service
└─1489 /usr/sbin/sshd -D
[kiosk@foundation60 Desktop]$ systemctl stop sshd //关闭sshd服务
4[kiosk@foundation60 Desktop]$ systemctl start sshd //开启sshd服务
[kiosk@foundation60 Desktop]$ systemctl enable sshd //设定开机时服务开启
PolicyKit daemon disconnected from the bus.
We are no longer a registered authentication agent.
Failed to execute operation: Message did not receive a reply (timeout by message bus)
[kiosk@foundation60 Desktop]$ systemctl disable sshd //设定开机时服务关闭
Removed symlink /etc/systemd/system/multi-user.target.wants/sshd.service.
[kiosk@foundation60 Desktop]$ systemctl reload sshd //从新加载配置
[kiosk@foundation60 Desktop]$ systemctl list-dependencies sshd //查看依耐关系
sshd.service
● ├─sshd-keygen.service
● ├─system.slice
● └─basic.target
● ├─alsa-restore.service
● ├─alsa-state.service
● ├─firewalld.service
● ├─microcode.service
● ├─rhel-autorelabel-mark.service
● ├─rhel-autorelabel.service
● ├─rhel-configure.service
● ├─rhel-dmesg.service
● ├─rhel-loadmodules.service
● ├─paths.target
● ├─slices.target
● │ ├─-.slice
● │ └─system.slice
● ├─sockets.target
● │ ├─avahi-daemon.socket
● │ ├─cups.socket
● │ ├─dbus.socket
● │ ├─dm-event.socket
● │ ├─iscsid.socket
[kiosk@foundation60 Desktop]$ systemctl mask sshd //冻结服务
Created symlink from /etc/systemd/system/sshd.service to /dev/null.
[kiosk@foundation60 Desktop]$ systemctl unmask sshd //启用服务
Removed symlink /etc/systemd/system/sshd.service.
[kiosk@foundation60 Desktop]$ systemctl set-default multi-user.target //开机时不开启图形
那我们可使用init 5来进入图形界面
Removed symlink /etc/systemd/system/default.target.
Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target.
[kiosk@foundation60 Desktop]$ systemctl set-default graphical.target //开机时启用图形界面
Removed symlink /etc/systemd/system/default.target.
Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/graphical.target.
#######
如何对外开放远程连接的接口
openssh //开启远程连接的接口
openssh sshd //开启服务端
openssh ssh //开启客户端
那么如何通过主机连接虚拟机
ssh username@id -X
[kiosk@foundation60 Desktop]$ ssh root@172.25.254.160 //连接客户端虚拟机
The authenticity of host '172.25.254.160 (172.25.254.160)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.160' (ECDSA) to the list of known hosts.
root@172.25.254.160's password:
Permission denied, please try again.
root@172.25.254.160's password: //输入密码
Last failed login: Sat Apr 7 03:55:29 EDT 2018 from 172.25.254.60 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Fri Apr 6 21:48:16 2018
本次连接未加-X,所以不能打开图形功能
[root@localhost ~]# gedit
(gedit:5635): Gtk-WARNING **: cannot open display:
那如何查看id 呢
ifconfig etho
[root@localhost Desktop]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.225 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:3c0b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:3c:0b txqueuelen 1000 (Ethernet)
RX packets 686 bytes 29124 (28.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10032 bytes 429917 (419.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
如何重置id呢?
[root@localhost Desktop]# nm-connection-editor //修改id
注意在修改id时,首先应删除原有的id,然后再去创建添加,选用internet便于信息的传送。
子网掩码:是一个32位的地址,用于屏蔽IP地址的一部分,用于网络标识和主机标识,Ip地址在局域网上,而不是远程网上。
ip是一种在Internet上的给主机编址的方式,也称为网络协议地址。常见的IP地址,分为IPv4与
IPv6两大1.IP地址(英语:Internet Protocol Addx种在Internet上的给主机编址的方式,也称为
网络协议地址。常见的IP地址,分为IPv4与IPv6两大
IP协议实际上是一套由软件程序组成的协议软件,它把各种不同“帧”统一转换成“IP数据报”格式,
这种转换是因特网的一个最重要的特点,使所有各种计算机都能在因特网上实现互通,即具有“开>放性”的特点。
(1)A类IP地址:A类IP地址就由1字节的网络地址和3字节主机地址组成,网络地址的最高位必须是“0”。A类IP地址中网络的标识长度为8位,主机标识的长度为24位,A类网络>地址数量较少,有126个网
络,每个网络可以容纳主机数达1600多万台。
A类IP地址的子网掩码为255.0.0.0,每个网络支持的最大主机数为256的3次方-2=16777214台。
(2)B类IP地址的子网掩码为255.255.0.0,每个网络支持的最大主机数为256的2次方-2=65534台。i
B类网络地址适用于中等规模的网络,有16384个网络,每个网络所能容纳的计算机数为6万多台。
(3)C类IP地址的子网掩码为255.255.255.0,每个网络支持的最大主机数为256-2=254台
适用于小规模的局域网络,每个网络最多只能包含254台计算机。
如何进行加密
[root@localhost Desktop]# ssh-keygen //生成锁子
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
41:91:1e:99:bb:d7:5d:5a:e5:66:ac:3d:67:ee:17:da root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| o= |
| .= .|
| ..o o.|
| o. B|
| S. . . O |
| . . . +o+|
| . oo+|
| . Eo|
| .o|
+-----------------+
[root@localhost Desktop]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.xxx
##加密ssh用户的认证
## ssh-copy-id 加密命令
## -i 指定密匙,这里加密的是公共钥匙
## /root/.ssh/id_rsa.pub 公共钥匙
##root@172.25.254.xxx 主机的id
911,1 94%
The authenticity of host '172.25.254.xxx (172.25.254.xxx)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.xxx's password: //输入服务端密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.25.254.xxx'"
and check to make sure that only the key(s) you wanted were added.
此时加密成功,那么如何从客户端连接服务端时,不需要秘密
首先我可以将我自己(服务端)的钥匙给客户端,那么此时客户端连接服务端是免密的
[root@localhost Desktop]# scp /root/.ssh/id_rsa root@172.25.254.qqq:/root/.ssh/
将私有钥匙给客户端,那么当客户端进入服务端时是不需要密码的
The authenticity of host '172.25.254.qqq (172.25.254.qqq)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.160' (ECDSA) to the list of known hosts.
root@172.25.254.qqq's password: //输入客户端的密码
id_rsa 100% 1675 1.6KB/s 00:00
[root@localhost Desktop]# ls -a /root/.ssh/ 查看服务端的.ssh
. .. authorized_keys id_rsa id_rsa.pub known_hosts
## authorized_keys 解密
## id_rsa 私有钥匙
## id_rsa.pub 共有钥匙
root@localhost Desktop]# ssh root@172.25.254.XXX
The authenticity of host '172.25.254.XXX (172.25.254.XXX)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.XXX' (ECDSA) to the list of known hosts.
Last login: Fri Apr 6 22:22:53 2018
将服务端的密码给客户端,那么从客户端连接服务端时,是不需要密码的
通过exit 或 ctrl+d 可以退出服务端
[root@localhost Desktop]# rm -fr /root/.ssh/authorized_keys
[root@localhost Desktop]# ls -a /root/.ssh/
. .. id_rsa id_rsa.pub known_hosts
删除authorized_keys ,那么解密文件失效
[root@localhost Desktop]# ssh root@172.25.254.XXX
root@172.25.254.XXX's password:
Last login: Sat Apr 7 05:13:58 2018 from 172.25.254.qqq
删除之后登陆时就需要 输入服务端密码
那么如何做才能才能使它恢复呢
[root@localhost Desktop]# cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
[root@localhost ~]# logout
Connection to 172.25.254.xxx closed.
[root@localhost Desktop]# ssh root@172.25.254.xxx
Last login: Sat Apr 7 05:45:44 2018 from 172.25.254.qqq
## known_hosts 记录了历史信息,可通过这个文件来查看谁登陆了这台主机
systemctl list-units ##列出当前系统服务的状态
systemctl list-unit-files ##列出服务的开机状态
systemctl status sshd ##查看指定服务的状态
systemctl stop sshd ##关闭指定服务
systemctl start sshd ##开启指定服务
systemctl restart sshd ##从新启动服务
systemctl enable sshd ##设定指定服务开机开启
systemctl disable sshd ##设定指定服务开机关闭
systemctl reload sshd ##使指定服务从新加载配置
systemctl list-dependencies sshd ##查看指定服务的倚赖关系
systemctl mask sshd ##冻结指定服务
systemctl unmask sshd ##启
systemctl set-default multi-user.target ##开机不开启图形
systemctl set-default graphical.target ##开机启动图形
sshd的安全配置
1.禁止原始认证方式
打开/etc/ssh/ssh_config 文件
78 PasswordAuthentication no|yes ##开启或关闭ssh的默认认证方式
48 PermitRootLogin no|yes ##开启或关闭root用户的登陆权限
79 AllowUsers westos ##用户白名单,当前设定是只允许westos登陆
80 DenyUsers linux ##用户黑名单,当前设定是只不允许linux登陆
命令练习
1.[kiosk@foundation60 Desktop]$ systemctl list-units //列出当前系统服务状态
UNIT LOAD ACTIVE SUB DESCRIPTION
proc-sys-fs-binfmt_misc.automount loaded active waiting Arbitrary Executable F
sys-devices-pci0000:00-0000:00:02.0-drm-card0-card0\x2deDP\x2d1-intel_backlight.
2.[kiosk@foundation60 Desktop]$ systemctl list-unit-files //列出服务的开机状态
UNIT FILE 33 STATE
proc-sys-fs-binfmt_misc.automount static
dev-hugepages.mount static
dev-mqueue.mount static
proc-fs-nfsd.mount static
proc-sys-fs-binfmt_misc.mount static
sys-fs-fuse-connections.mount static
sys-kernel-config.mount static
sys-kernel-debug.mount static
tmp.mount disabled
var-lib-nfs-rpc_pipefs.mount static
brandbot.path disabled
cups.path enabled
systemd-ask-password-console.path static
3[kiosk@foundation60 Desktop]$ systemctl status sshd //查看sshd的服务状态
● sshd.service - OpenSSH server daemon
###loaded:系统初始化完成,加载过配置
###active(running) 正有一个或多个程序在系统中运行
###active(exited) 仅执行一次就正常结束服务
###active(waiting) 正在执行当中,要等其他事情处理完后,才能继续处理
###inactive 服务关闭
###enabled 服务开机启动
###disabled 服务开机不启动
###static 服务开机启动项不可被管理
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since 六 2018-04-07 09:46:04 CST; 4h 50min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1489 (sshd)
CGroup: /system.slice/sshd.service
└─1489 /usr/sbin/sshd -D
[kiosk@foundation60 Desktop]$ systemctl stop sshd //关闭sshd服务
4[kiosk@foundation60 Desktop]$ systemctl start sshd //开启sshd服务
[kiosk@foundation60 Desktop]$ systemctl enable sshd //设定开机时服务开启
PolicyKit daemon disconnected from the bus.
We are no longer a registered authentication agent.
Failed to execute operation: Message did not receive a reply (timeout by message bus)
[kiosk@foundation60 Desktop]$ systemctl disable sshd //设定开机时服务关闭
Removed symlink /etc/systemd/system/multi-user.target.wants/sshd.service.
[kiosk@foundation60 Desktop]$ systemctl reload sshd //从新加载配置
[kiosk@foundation60 Desktop]$ systemctl list-dependencies sshd //查看依耐关系
sshd.service
● ├─sshd-keygen.service
● ├─system.slice
● └─basic.target
● ├─alsa-restore.service
● ├─alsa-state.service
● ├─firewalld.service
● ├─microcode.service
● ├─rhel-autorelabel-mark.service
● ├─rhel-autorelabel.service
● ├─rhel-configure.service
● ├─rhel-dmesg.service
● ├─rhel-loadmodules.service
● ├─paths.target
● ├─slices.target
● │ ├─-.slice
● │ └─system.slice
● ├─sockets.target
● │ ├─avahi-daemon.socket
● │ ├─cups.socket
● │ ├─dbus.socket
● │ ├─dm-event.socket
● │ ├─iscsid.socket
[kiosk@foundation60 Desktop]$ systemctl mask sshd //冻结服务
Created symlink from /etc/systemd/system/sshd.service to /dev/null.
[kiosk@foundation60 Desktop]$ systemctl unmask sshd //启用服务
Removed symlink /etc/systemd/system/sshd.service.
[kiosk@foundation60 Desktop]$ systemctl set-default multi-user.target //开机时不开启图形
那我们可使用init 5来进入图形界面
Removed symlink /etc/systemd/system/default.target.
Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/multi-user.target.
[kiosk@foundation60 Desktop]$ systemctl set-default graphical.target //开机时启用图形界面
Removed symlink /etc/systemd/system/default.target.
Created symlink from /etc/systemd/system/default.target to /usr/lib/systemd/system/graphical.target.
#######
如何对外开放远程连接的接口
openssh //开启远程连接的接口
openssh sshd //开启服务端
openssh ssh //开启客户端
那么如何通过主机连接虚拟机
ssh username@id -X
[kiosk@foundation60 Desktop]$ ssh root@172.25.254.160 //连接客户端虚拟机
The authenticity of host '172.25.254.160 (172.25.254.160)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.160' (ECDSA) to the list of known hosts.
root@172.25.254.160's password:
Permission denied, please try again.
root@172.25.254.160's password: //输入密码
Last failed login: Sat Apr 7 03:55:29 EDT 2018 from 172.25.254.60 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Fri Apr 6 21:48:16 2018
本次连接未加-X,所以不能打开图形功能
[root@localhost ~]# gedit
(gedit:5635): Gtk-WARNING **: cannot open display:
那如何查看id 呢
ifconfig etho
[root@localhost Desktop]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.225 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:3c0b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:3c:0b txqueuelen 1000 (Ethernet)
RX packets 686 bytes 29124 (28.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10032 bytes 429917 (419.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
如何重置id呢?
[root@localhost Desktop]# nm-connection-editor //修改id
注意在修改id时,首先应删除原有的id,然后再去创建添加,选用internet便于信息的传送。
子网掩码:是一个32位的地址,用于屏蔽IP地址的一部分,用于网络标识和主机标识,Ip地址在局域网上,而不是远程网上。
ip是一种在Internet上的给主机编址的方式,也称为网络协议地址。常见的IP地址,分为IPv4与
IPv6两大1.IP地址(英语:Internet Protocol Addx种在Internet上的给主机编址的方式,也称为
网络协议地址。常见的IP地址,分为IPv4与IPv6两大
IP协议实际上是一套由软件程序组成的协议软件,它把各种不同“帧”统一转换成“IP数据报”格式,
这种转换是因特网的一个最重要的特点,使所有各种计算机都能在因特网上实现互通,即具有“开>放性”的特点。
(1)A类IP地址:A类IP地址就由1字节的网络地址和3字节主机地址组成,网络地址的最高位必须是“0”。A类IP地址中网络的标识长度为8位,主机标识的长度为24位,A类网络>地址数量较少,有126个网
络,每个网络可以容纳主机数达1600多万台。
A类IP地址的子网掩码为255.0.0.0,每个网络支持的最大主机数为256的3次方-2=16777214台。
(2)B类IP地址的子网掩码为255.255.0.0,每个网络支持的最大主机数为256的2次方-2=65534台。i
B类网络地址适用于中等规模的网络,有16384个网络,每个网络所能容纳的计算机数为6万多台。
(3)C类IP地址的子网掩码为255.255.255.0,每个网络支持的最大主机数为256-2=254台
适用于小规模的局域网络,每个网络最多只能包含254台计算机。
如何进行加密
[root@localhost Desktop]# ssh-keygen //生成锁子
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
41:91:1e:99:bb:d7:5d:5a:e5:66:ac:3d:67:ee:17:da root@localhost
The key's randomart image is:
+--[ RSA 2048]----+
| o= |
| .= .|
| ..o o.|
| o. B|
| S. . . O |
| . . . +o+|
| . oo+|
| . Eo|
| .o|
+-----------------+
[root@localhost Desktop]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.xxx
##加密ssh用户的认证
## ssh-copy-id 加密命令
## -i 指定密匙,这里加密的是公共钥匙
## /root/.ssh/id_rsa.pub 公共钥匙
##root@172.25.254.xxx 主机的id
911,1 94%
The authenticity of host '172.25.254.xxx (172.25.254.xxx)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.xxx's password: //输入服务端密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.25.254.xxx'"
and check to make sure that only the key(s) you wanted were added.
此时加密成功,那么如何从客户端连接服务端时,不需要秘密
首先我可以将我自己(服务端)的钥匙给客户端,那么此时客户端连接服务端是免密的
[root@localhost Desktop]# scp /root/.ssh/id_rsa root@172.25.254.qqq:/root/.ssh/
将私有钥匙给客户端,那么当客户端进入服务端时是不需要密码的
The authenticity of host '172.25.254.qqq (172.25.254.qqq)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.160' (ECDSA) to the list of known hosts.
root@172.25.254.qqq's password: //输入客户端的密码
id_rsa 100% 1675 1.6KB/s 00:00
[root@localhost Desktop]# ls -a /root/.ssh/ 查看服务端的.ssh
. .. authorized_keys id_rsa id_rsa.pub known_hosts
## authorized_keys 解密
## id_rsa 私有钥匙
## id_rsa.pub 共有钥匙
root@localhost Desktop]# ssh root@172.25.254.XXX
The authenticity of host '172.25.254.XXX (172.25.254.XXX)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.XXX' (ECDSA) to the list of known hosts.
Last login: Fri Apr 6 22:22:53 2018
将服务端的密码给客户端,那么从客户端连接服务端时,是不需要密码的
通过exit 或 ctrl+d 可以退出服务端
[root@localhost Desktop]# rm -fr /root/.ssh/authorized_keys
[root@localhost Desktop]# ls -a /root/.ssh/
. .. id_rsa id_rsa.pub known_hosts
删除authorized_keys ,那么解密文件失效
[root@localhost Desktop]# ssh root@172.25.254.XXX
root@172.25.254.XXX's password:
Last login: Sat Apr 7 05:13:58 2018 from 172.25.254.qqq
删除之后登陆时就需要 输入服务端密码
那么如何做才能才能使它恢复呢
[root@localhost Desktop]# cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
[root@localhost ~]# logout
Connection to 172.25.254.xxx closed.
[root@localhost Desktop]# ssh root@172.25.254.xxx
Last login: Sat Apr 7 05:45:44 2018 from 172.25.254.qqq
## known_hosts 记录了历史信息,可通过这个文件来查看谁登陆了这台主机
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
