试验环境:solaris10(rsync server)ip:192.168.71.98;
redhat9(rsync client)ip:192.168.71.178;
rsync-2.6.8+openssh-4.3p2-sol10-x86-local
试验内容:将客户端/root/里的文件和服务端的/src文件夹同步;
1)客户端配置(192.168.71.178 redhat):
在需要授权的用户目录下,此处为root:
ssh-keygen -t rsa -b 2048 -f /root/.ssh/hostkey
若没有.ssh目录,手动创建一个;此时会在该目录下生成2个文件,hostkey hostkey.pub;
将生成的hustkey.pub传输给server,由于此处是要用于身份验证的:
scp /root/.ssh/hostkey.pub 192.168.71.98:/.ssh/
2)服务器端配置(192.168.71.98 solaris10):
a,在/etc/hosts.allow里,添加:sshd:192.168.71.178,这样做是为了让客户端可以登陆;
b,在/.ssh目录下手动创建:touch authorized_keys;chomd 600 authorized_keys;再将由客户端scp过来的hostkey.pub导进去:cat hostkey.pub >> authorized_keys
c,vi /etc/ssh/sshd_config文件:
"/etc/ssh/sshd_config" 164 lines, 5276 characters
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)sshd_config 1.8 04/05/10 SMI"
#
# Configuration file for sshd(1m)
# Protocol versions supported
#
# The sshd shipped in this release of Solaris has support for major versions
# 1 and 2. It is recommended due to security weaknesses in the v1 protocol
# that sites run only v2 if possible. Support for v1 is provided to help sites
# with existing ssh v1 clients/servers to transition.
# Support for v1 may not be available in a future release of Solaris.
#
# To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they
# do not already exist, RSA1 keys for protocol v1 are not automatically created.
# Uncomment ONLY ONE of the following Protocol statements.
# Only v2 (recommended) #关闭
#Protocol 2
# Both v1 and v2 (not recommended) #开启,建议使用,增加兼容性
Protocol 2,1
# Only v1 (not recommended)
#Protocol 1
# Listen port (the IANA registered port number for ssh is 22)
Port 22
# The default listen address is all interfaces, this may need to be changed
# if you wish to restrict the interfaces sshd listens on for a multi homed host.
# Multiple ListenAddress entries are allowed.
# IPv4 only
#ListenAddress 0.0.0.0
# IPv4 & IPv6
ListenAddress ::
# Port forwarding
AllowTcpForwarding no
# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.
# This allows the local port forwarding to work when connections are received
# from any remote host.
GatewayPorts no
# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
# The maximum number of concurrent unauthenticated connections to sshd.
# start:rate:full see sshd(1) for more information.
# The default is 10 unauthenticated clients.
#MaxStartups 10:30:60
# Banner to be printed before authentication starts.
#Banner /etc/issue
# Should sshd print the /etc/motd file and check for mail.
# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
PrintMotd no
# KeepAlive specifies whether keep alive messages are sent to the client.
# See sshd(1) for detailed description of what this means.
# Note that the client may also be sending keep alive messages to the server.
KeepAlive yes
# Syslog facility and level
SyslogFacility auth
LogLevel info
#
# Authentication configuration
#
# Host private key files
# Must be on a local disk and readable only by the root user (root:sys 600).
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Default Encryption algorithms and Message Authentication codes
#Ciphers aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
#MACS hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
# Length of the server key
# Default 768, Minimum 512
ServerKeyBits 768
# sshd regenerates the key every KeyRegenerationInterval seconds.
# The key is never stored anywhere except the memory of sshd.
# The default is 1 hour (3600 seconds).
KeyRegenerationInterval 3600
# Ensure secure permissions on users .ssh directory.
StrictModes yes
# Length of time in seconds before a client that hasn't completed
# authentication is disconnected.
# Default is 600 seconds. 0 means no time limit.
LoginGraceTime 600
# Maximum number of retries for authentication
# Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
MaxAuthTries 6
MaxAuthTriesLog 3
# Are logins to accounts with empty passwords allowed.
# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK
# to pam_authenticate(3PAM).
PermitEmptyPasswords no
# To disable tunneled clear text passwords, change PasswordAuthentication to no.
PasswordAuthentication yes
# Use PAM via keyboard interactive method for authentication.
# Depending on the setup of pam.conf(4) this may allow tunneled clear text
# passwords even when PasswordAuthentication is set to no. This is dependent
# on what the individual modules request and is out of the control of sshd
# or the protocol.
PAMAuthenticationViaKBDInt yes
# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
PermitRootLogin yes
# sftp subsystem
Subsystem sftp /usr/lib/ssh/sftp-server
# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# some form of backwards compatibility with the very weak security
# of /usr/bin/rsh. Their use is not recommended and the functionality
# will be removed when support for v1 protocol is removed.
# Should sshd use .rhosts and .shosts for password less authentication.
IgnoreRhosts yes
RhostsAuthentication yes #开启
# Rhosts RSA Authentication 此处重点修改。
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.
# If the user on the client side is not root then this won't work on
# Solaris since /usr/bin/ssh is not installed setuid.
RhostsRSAAuthentication yes #开启
AuthorizedKeysFile .ssh/authorized_keys #增加这一行,关键的精髓
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
#IgnoreUserKnownHosts yes
# Is pure RSA authentication allowed.
# Default is yes
RSAAuthentication yes #开启
ChRootGroups sftp,guest
测试:
在客户端:rsync -avz -e "ssh -i /root/.ssh/hostkey" /root/ 192.168.71.98:/src
building file list ... done
./
.Xresources
.bash_history
.bash_logout
.bash_profile
.bashrc
.cshrc
.tcshrc
anaconda-ks.cfg
format.dat
install.log
install.log.syslog
test
.gconfd/
.ssh/
.ssh/hostkey
.ssh/hostkey.pub
.ssh/known_hosts
mnt/
mnt/34344.c
mnt/abc.c
mnt/dsdw.c
mnt/format.dat
mnt/password.pas
mnt/test/
mnt/test/123.c
mnt/test/ewrwe.c
mnt/test/sdfsdfsd.c
redhat9(rsync client)ip:192.168.71.178;
rsync-2.6.8+openssh-4.3p2-sol10-x86-local
试验内容:将客户端/root/里的文件和服务端的/src文件夹同步;
1)客户端配置(192.168.71.178 redhat):
在需要授权的用户目录下,此处为root:
ssh-keygen -t rsa -b 2048 -f /root/.ssh/hostkey
若没有.ssh目录,手动创建一个;此时会在该目录下生成2个文件,hostkey hostkey.pub;
将生成的hustkey.pub传输给server,由于此处是要用于身份验证的:
scp /root/.ssh/hostkey.pub 192.168.71.98:/.ssh/
2)服务器端配置(192.168.71.98 solaris10):
a,在/etc/hosts.allow里,添加:sshd:192.168.71.178,这样做是为了让客户端可以登陆;
b,在/.ssh目录下手动创建:touch authorized_keys;chomd 600 authorized_keys;再将由客户端scp过来的hostkey.pub导进去:cat hostkey.pub >> authorized_keys
c,vi /etc/ssh/sshd_config文件:
"/etc/ssh/sshd_config" 164 lines, 5276 characters
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident "@(#)sshd_config 1.8 04/05/10 SMI"
#
# Configuration file for sshd(1m)
# Protocol versions supported
#
# The sshd shipped in this release of Solaris has support for major versions
# 1 and 2. It is recommended due to security weaknesses in the v1 protocol
# that sites run only v2 if possible. Support for v1 is provided to help sites
# with existing ssh v1 clients/servers to transition.
# Support for v1 may not be available in a future release of Solaris.
#
# To enable support for v1 an RSA1 key must be created with ssh-keygen(1).
# RSA and DSA keys for protocol v2 are created by /etc/init.d/sshd if they
# do not already exist, RSA1 keys for protocol v1 are not automatically created.
# Uncomment ONLY ONE of the following Protocol statements.
# Only v2 (recommended) #关闭
#Protocol 2
# Both v1 and v2 (not recommended) #开启,建议使用,增加兼容性
Protocol 2,1
# Only v1 (not recommended)
#Protocol 1
# Listen port (the IANA registered port number for ssh is 22)
Port 22
# The default listen address is all interfaces, this may need to be changed
# if you wish to restrict the interfaces sshd listens on for a multi homed host.
# Multiple ListenAddress entries are allowed.
# IPv4 only
#ListenAddress 0.0.0.0
# IPv4 & IPv6
ListenAddress ::
# Port forwarding
AllowTcpForwarding no
# If port forwarding is enabled, specify if the server can bind to INADDR_ANY.
# This allows the local port forwarding to work when connections are received
# from any remote host.
GatewayPorts no
# X11 tunneling options
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
# The maximum number of concurrent unauthenticated connections to sshd.
# start:rate:full see sshd(1) for more information.
# The default is 10 unauthenticated clients.
#MaxStartups 10:30:60
# Banner to be printed before authentication starts.
#Banner /etc/issue
# Should sshd print the /etc/motd file and check for mail.
# On Solaris it is assumed that the login shell will do these (eg /etc/profile).
PrintMotd no
# KeepAlive specifies whether keep alive messages are sent to the client.
# See sshd(1) for detailed description of what this means.
# Note that the client may also be sending keep alive messages to the server.
KeepAlive yes
# Syslog facility and level
SyslogFacility auth
LogLevel info
#
# Authentication configuration
#
# Host private key files
# Must be on a local disk and readable only by the root user (root:sys 600).
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
# Default Encryption algorithms and Message Authentication codes
#Ciphers aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
#MACS hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
# Length of the server key
# Default 768, Minimum 512
ServerKeyBits 768
# sshd regenerates the key every KeyRegenerationInterval seconds.
# The key is never stored anywhere except the memory of sshd.
# The default is 1 hour (3600 seconds).
KeyRegenerationInterval 3600
# Ensure secure permissions on users .ssh directory.
StrictModes yes
# Length of time in seconds before a client that hasn't completed
# authentication is disconnected.
# Default is 600 seconds. 0 means no time limit.
LoginGraceTime 600
# Maximum number of retries for authentication
# Default is 6. Default (if unset) for MaxAuthTriesLog is MaxAuthTries / 2
MaxAuthTries 6
MaxAuthTriesLog 3
# Are logins to accounts with empty passwords allowed.
# If PermitEmptyPasswords is no, pass PAM_DISALLOW_NULL_AUTHTOK
# to pam_authenticate(3PAM).
PermitEmptyPasswords no
# To disable tunneled clear text passwords, change PasswordAuthentication to no.
PasswordAuthentication yes
# Use PAM via keyboard interactive method for authentication.
# Depending on the setup of pam.conf(4) this may allow tunneled clear text
# passwords even when PasswordAuthentication is set to no. This is dependent
# on what the individual modules request and is out of the control of sshd
# or the protocol.
PAMAuthenticationViaKBDInt yes
# Are root logins permitted using sshd.
# Note that sshd uses pam_authenticate(3PAM) so the root (or any other) user
# maybe denied access by a PAM module regardless of this setting.
# Valid options are yes, without-password, no.
PermitRootLogin yes
# sftp subsystem
Subsystem sftp /usr/lib/ssh/sftp-server
# SSH protocol v1 specific options
#
# The following options only apply to the v1 protocol and provide
# some form of backwards compatibility with the very weak security
# of /usr/bin/rsh. Their use is not recommended and the functionality
# will be removed when support for v1 protocol is removed.
# Should sshd use .rhosts and .shosts for password less authentication.
IgnoreRhosts yes
RhostsAuthentication yes #开启
# Rhosts RSA Authentication 此处重点修改。
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts.
# If the user on the client side is not root then this won't work on
# Solaris since /usr/bin/ssh is not installed setuid.
RhostsRSAAuthentication yes #开启
AuthorizedKeysFile .ssh/authorized_keys #增加这一行,关键的精髓
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication.
#IgnoreUserKnownHosts yes
# Is pure RSA authentication allowed.
# Default is yes
RSAAuthentication yes #开启
ChRootGroups sftp,guest
测试:
在客户端:rsync -avz -e "ssh -i /root/.ssh/hostkey" /root/ 192.168.71.98:/src
building file list ... done
./
.Xresources
.bash_history
.bash_logout
.bash_profile
.bashrc
.cshrc
.tcshrc
anaconda-ks.cfg
format.dat
install.log
install.log.syslog
test
.gconfd/
.ssh/
.ssh/hostkey
.ssh/hostkey.pub
.ssh/known_hosts
mnt/
mnt/34344.c
mnt/abc.c
mnt/dsdw.c
mnt/format.dat
mnt/password.pas
mnt/test/
mnt/test/123.c
mnt/test/ewrwe.c
mnt/test/sdfsdfsd.c
4819
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
