Linux-学习-02-SSH常用参数

阳光九叶草LXGZXJ

已于 2023-03-02 14:26:37 修改

阅读量1.2k

点赞数 2

分类专栏： linux操作系统文章标签：学习运维系统安全服务器 linux Powered by 金山文档

于 2023-01-04 15:46:31 首次发布

本文链接：https://blog.csdn.net/qq_45111959/article/details/128543483

版权

linux操作系统专栏收录该内容

6 篇文章 0 订阅

订阅专栏

一、介绍参数

参数	解释
PermitRootLogin	是否允许 root 登录。可用值如下："yes"(默认) 表示允许。
PasswordAuthentication	是否允许使用基于密码的认证。默认为"yes"。
PubkeyAuthentication	是否允许公钥认证。仅可以用于SSH-2。默认值为"yes"。

二、测试环境

名称	值
cpu	Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz
操作系统	CentOS Linux release 7.9.2009 (Core)
内存	3G
逻辑核数	2
节点1-IP	192.168.142.10（主机名：czg0）
节点2-IP	192.168.142.11（主机名：czg1）

三、小实验

0、准备

两台之间我做了免密。

写了一个测试小程序用的是python的paramiko模块做的，功能很简单，查看每台服务器的内存。正常不做ssh的参数限制，运行结果如下：

[gbase@czg0 br_db_script]$ python3 br_run.py -m=2 -p=a
 
======================
登录IP:192.168.142.10 ,PORT:22 ,USER:root
执行命令:free -m |grep Mem
执行结果:
Mem:           3931         562        2033         153        1335        2064

======================
内存总大小为：3931 MB
 
======================
登录IP:192.168.142.11 ,PORT:22 ,USER:root
执行命令:free -m |grep Mem
执行结果:
Mem:           3931         522        2420         146         988        2235

======================
内存总大小为：3931 MB

1、PermitRootLogin

修改节点czg1的此参数，重启ssh服务。

[root@czg1 ~]# cat /etc/ssh/sshd_config |grep PermitRootLogin
PermitRootLogin no
# the setting of "PermitRootLogin without-password".

[root@czg1 ~]# systemctl restart sshd

czg0用root用户登录czg1，由于做了免密不需要密码的，但关闭了PermitRootLogin就需要密码了，密码正确，也会提示你权限不足。

[root@czg0 ~]# ssh czg1
Warning: Permanently added 'czg1,192.168.142.11' (ECDSA) to the list of known hosts.
root@czg1's password: 
Permission denied, please try again.
root@czg1's password: 
Permission denied, please try again.

python脚本则会提示认证失败。

[gbase@czg0 br_db_script]$ python3 br_run.py -m=2 -p=a
 
======================
登录IP:192.168.142.10 ,PORT:22 ,USER:root
执行命令:free -m |grep Mem
执行结果:
Mem:           3931         563        2032         153        1335        2063

======================
内存总大小为：3931 MB
paramiko_ssh_remote_exec_command_func方法错误:

Authentication failed.
Traceback (most recent call last):
  File "/opt/Developer/br_db_script/public_func.py", line 42, in paramiko_ssh_remote_exec_command_func
    ssh.connect(hostname = br_ip_address, port = br_os_port_num, username = br_os_user, password = br_os_user_password)
  File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 446, in connect
    passphrase,
  File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 764, in _auth
    raise saved_exception
  File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 751, in _auth
    self._transport.auth_password(username, password)
  File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 1509, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.6/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e

改回yes。

[root@czg1 ~]# cat /etc/ssh/sshd_config |grep PermitRootLogin
PermitRootLogin yes
# the setting of "PermitRootLogin without-password".

[root@czg1 ~]# systemctl restart sshd

登录正常

[root@czg0 ~]# ssh czg1
Warning: Permanently added 'czg1,192.168.142.11' (ECDSA) to the list of known hosts.
Last failed login: Wed Jan  4 10:21:23 CST 2023 from czg0 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Wed Jan  4 10:20:38 2023 from czg0
[root@czg1 ~]#

python脚本执行正常。

[gbase@czg0 br_db_script]$ python3 br_run.py -m=2 -p=a
 
======================
登录IP:192.168.142.10 ,PORT:22 ,USER:root
执行命令:free -m |grep Mem
执行结果:
Mem:           3931         562        2033         153        1335        2064

======================
内存总大小为：3931 MB
 
======================
登录IP:192.168.142.11 ,PORT:22 ,USER:root
执行命令:free -m |grep Mem
执行结果:
Mem:           3931         522        2420         146         988        2234

======================
内存总大小为：3931 MB

2、PasswordAuthentication

修改节点czg1的此参数，重启ssh服务。

[root@czg1 ~]# cat /etc/ssh/sshd_config |grep PasswordAuthentication
#PasswordAuthentication yes
PasswordAuthentication no
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication, then enable this but set PasswordAuthentication

[root@czg1 ~]# systemctl restart sshd

由于我做了免密，这个参数并不影响免密，所以ssh可以登录。

[root@czg0 ~]# ssh czg1
Warning: Permanently added 'czg1,192.168.142.11' (ECDSA) to the list of known hosts.
Last login: Wed Jan  4 14:26:42 2023 from czg0
[root@czg1 ~]#

python小程序通过ssh进行密码认证的时候就会提示：Bad authentication type; allowed types: ['publickey', 'gssapi-keyex', 'gssapi-with-mic']。

[gbase@czg0 br_db_script]$ python3 br_run.py -m=2 -p=a
 
======================
登录IP:192.168.142.10 ,PORT:22 ,USER:root
执行命令:free -m |grep Mem
执行结果:
Mem:           3931         561        2032         153        1337        2065

======================
内存总大小为：3931 MB
paramiko_ssh_remote_exec_command_func方法错误:

Bad authentication type; allowed types: ['publickey', 'gssapi-keyex', 'gssapi-with-mic']
Traceback (most recent call last):
  File "/opt/Developer/br_db_script/public_func.py", line 42, in paramiko_ssh_remote_exec_command_func
    ssh.connect(hostname = br_ip_address, port = br_os_port_num, username = br_os_user, password = br_os_user_password)
  File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 446, in connect
    passphrase,
  File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 764, in _auth
    raise saved_exception
  File "/usr/local/lib/python3.6/site-packages/paramiko/client.py", line 751, in _auth
    self._transport.auth_password(username, password)
  File "/usr/local/lib/python3.6/site-packages/paramiko/transport.py", line 1509, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.6/site-packages/paramiko/auth_handler.py", line 250, in wait_for_response
    raise e
paramiko.ssh_exception.BadAuthenticationType: Bad authentication type; allowed types: ['publickey', 'gssapi-keyex', 'gssapi-with-mic']

改回yes。

[root@czg1 ~]# systemctl restart sshd

[root@czg1 ~]# cat /etc/ssh/sshd_config |grep PasswordAuthentication
#PasswordAuthentication yes
PasswordAuthentication yes
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication, then enable this but set PasswordAuthentication
[root@czg1 ~]#

python小程序正常。

gbase@czg0 br_db_script]$ python3 br_run.py -m=2 -p=a
 
======================
登录IP:192.168.142.10 ,PORT:22 ,USER:root
执行命令:free -m |grep Mem
执行结果:
Mem:           3931         561        2033         153        1337        2065

======================
内存总大小为：3931 MB
 
======================
登录IP:192.168.142.11 ,PORT:22 ,USER:root
执行命令:free -m |grep Mem
执行结果:
Mem:           3931         525        2415         146         990        2230

======================
内存总大小为：3931 MB

3、PubkeyAuthentication

修改节点czg1的此参数，重启ssh服务。

[root@czg1 ~]# cat /etc/ssh/sshd_config |grep PubkeyAuthentication
PubkeyAuthentication no

[root@czg1 ~]# systemctl restart sshd

czg0节点免密登录提示需要密码，输入正确密码后，登录成功。

[root@czg0 ~]# ssh czg1
Warning: Permanently added 'czg1,192.168.142.11' (ECDSA) to the list of known hosts.
root@czg1's password: 
Last login: Wed Jan  4 14:26:55 2023 from czg0
[root@czg1 ~]#

改回yes。

[root@czg1 ~]# cat /etc/ssh/sshd_config |grep PubkeyAuthentication
PubkeyAuthentication yes

[root@czg1 ~]# systemctl restart sshd

免密登录回归正常。

[root@czg0 ~]# ssh czg1
Warning: Permanently added 'czg1,192.168.142.11' (ECDSA) to the list of known hosts.
Last login: Wed Jan  4 14:39:38 2023 from czg0
[root@czg1 ~]#