linux网络服务--远程管理--ssh

ssh远程管理工具（Secure Shell）

特点：加密传输数据，安全，默认22端口

1.账户密码登录（口令）模式：

远程登录：ssh [-p port] username@ip （root用户可省略username@）

[root@centos68 ~]# ssh yunweixiaocai@192.168.1.9
The authenticity of host '192.168.1.9 (192.168.1.9)' can't be established.
RSA key fingerprint is 92:ac:6d:2f:77:1e:d5:9c:92:a1:71:53:f7:ee:66:d5.
Are you sure you want to continue connecting (yes/no)? yes #输入yes
Warning: Permanently added '192.168.1.9' (RSA) to the list of known hosts.
yunweixiaocai@192.168.1.9's password: 
[yunweixiaocai@centos75 ~]$   #登录成功

2.密钥对验证模式：

登录步骤

# 1.客户端生成密钥文件
[root@centos68 ~]# ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): # 密钥对保存位置
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa. # 私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. # 公钥
The key fingerprint is:
a9:79:97:d9:96:44:08:fc:ca:e7:79:c0:24:c8:ce:cd root@centos68
The key's randomart image is:
+--[ RSA 2048]----+
|       ..        |
|        .. .     |
|     . . .. .    |
|      o ..o.     |
|     o +S=  .    |
|      ooE += .   |
|      o .o+o+    |
|       . .o..    |
|           .     |
+-----------------+

# 2.将公钥文件上传至服务器端
[root@centos68 ~]# ssh-copy-id yunweixiaocai@192.168.1.9
yunweixiaocai@192.168.1.9's password: 
Now try logging into the machine, with "ssh 'yunweixiaocai@192.168.1.9'", and check in:

  .ssh/authorized_keys  # 服务器将客户端公钥保存在yunweixiaocai家目录下

to make sure we haven't added extra keys that you weren't expecting.

# 3.客户端与服务器端验证客户端公钥文件相同
[root@centos75 ~]# cat /home/yunweixiaocai/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EA……省略……cKdx83H7aTTdGNYKRloVKhiw== root@centos68
[root@centos68 ~]# cat /root/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EA……省略……cKdx83H7aTTdGNYKRloVKhiw== root@centos68

# 4.登录服务器
[root@centos68 ~]# ssh yunweixiaocai@192.168.1.9
Last login: Sat Mar  6 15:57:26 2021 from 192.168.1.201 #不再询问密码
[yunweixiaocai@centos75 ~]$ 

3.远程登录相关设置

配置文件 /etc/ssh/sshd_config，修改后重启sshd服务

[root@centos75 ~]# vi /etc/ssh/sshd_config 
PasswordAuthentication no # no，禁用账户密码登录模式
PermitRootLogin no # no, 禁用root远程登录
Port 22 # 端口设置
ListenAddress ip # 设置ssh监听IP（多网卡时设置，添加网卡ifconfig eth0:x 192.168.1.x）

4.远程传输文件

远程上传文件：scp 本地路径 username@ip:/绝对路径，-P指定端口
远程下载文件：scp username@ip:/绝对路径 本地路径 ，-P指定端口

sftp [-oPort=port] username@ip

附：实验前准备：

1.两台机器不同名：

#centos6.8修改主机名，修改后才重启：
> cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos68 #修改名字
> cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.201 centos68 #添加此行

# centos7.x修改主机名，修改后重启：
> cat /etc/hostname 
centos75 #直接改名

2.关闭防护（重启机器）：

iptables -F  #清空防护墙规则
setenforce 0 #临时关闭SELinux
chkconfig iptables off #设置防火墙开机不自启--centos6.8
systemctl disable firewalld  #设置防火墙开机不自启--centos7.x
sed -i '7s/enforcing/disabled/' /etc/selinux/config #永久关闭SELinux

本文所有图片来自尚硅谷刘川老师课程