本文配置参考上一篇
linux环境下 centos7.8 openssh 7.4p1 升级最新版本 openssh 9.7p1-CSDN博客
1修改端口
sed -i '/^#Port/s/#//g' /usr/local/openssh/etc/sshd_config
sed -i '/^Port/s/22/2689/g' /usr/local/openssh/etc/sshd_config
2设置允许登录ssh服务器的用户,禁止root登录
useradd test
passwd test
echo "AllowUsers test" >> /usr/local/openssh/etc/sshd_config
#查看结果
grep -i 'AllowUsers' /usr/local/openssh/etc/sshd_config
#禁止root登录
#PermitRootLogin yes
PermitRootLogin no
sed -i '/^#PermitRootLogin/s/#//g' /usr/local/openssh/etc/sshd_config
sed -i '/^PermitRootLogin/s/yes/no/g' /usr/local/openssh/etc/sshd_config
#查看结果
grep -i 'PermitRootLogin' /usr/local/openssh/etc/sshd_config
#修改最大登录尝试次数(可选)
#MaxAuthTries 6
3防火墙
firewall-cmd --permanent --add-port=2689/tcp --zone=public
firewall-cmd --permanent --add-port=2689/udp --zone=public
firewall-cmd --reload
#使用云服务器,可以限制IP访问,比如腾讯云
云服务器--安全组-- 入站规则--添加
4重启sshd服务,远程连接测试
/etc/init.d/sshd restart
ssh -p 2689 test@ip地址
#windows 下面 ,xshell 测试
ssh秘钥认证方式(公钥与私钥)
1禁用密码验证,开启秘钥
普通用户test为例
test@VM-0-15-centos ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa
Your public key has been saved in /home/test/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:RueyVWFqBgGij0tMB1vKOul8bh9f1s4X9z8U7EdT8WM test@VM-0-15-centos
The key's randomart image is:
+---[RSA 3072]----+
| . o ..o. o ..|
| . * . . o . o|
| * . . = . .Eo|
| = + . = . .+o|
|+ + . S o ..o|
|oo . . +. . +.|
| o.. . .o . + o|
| o. o o o . ..|
| .... . o. +|
+----[SHA256]-----+
cat /home/test/.ssh/id_rsa.pub >>/home/test/.ssh/authorized_keys
[test@VM-0-15-centos .ssh]$ ls /home/test/.ssh/
authorized_keys id_rsa id_rsa.pub
vim /usr/local/openssh/etc/sshd_config
修改下面几处:
RSAAuthentication yes
PubkeyAuthentication yes #启用PublicKey认证。
AuthorizedKeysFile .ssh/authorized_keys #PublicKey文件路径。
PasswordAuthentication no #不适用密码认证登录。
#/etc/init.d/sshd restart
#chmod 644 /home/test/.ssh/authorized_keys
#默认openssh格式,转换
puttygen /home/test/.ssh/id_rsa -o /home/test/idrsa.ppk
puttygen /home/test/idrsa.ppk -O private-openssh -o /home/test/id_rsa
注意:要保存好id_rsa文件,删除服务器上面的id_rsa
2下载Linux生成的私钥,导入相应的ssh客户端,使用原有密码登录报错的
#报错
#查看日志显示
vim /usr/local/openssh/etc/sshd_config
PubkeyAcceptedAlgorithms=+ssh-rsa
/etc/init.d/sshd restart
#再次连接成功