鸟哥学习笔记---SSH/XDMCP/VNC/XRDP

 SSH是Secure Shell Protocal安全的壳程序协议

SSH协议本身就提供两个服务器功能: 1.SSH 2.Sftp-Server，提供安全的FTP服务

Version 2由于加上了连接检测的机制，可以避免连接期间被插入恶意的***代码。

[root@szm ~]# ll /etc/ssh/ssh_host*

-rw-------. 1 root root  668 Mar 20 03:56 /etc/ssh/ssh_host_dsa_key

-rw-r--r--. 1 root root  590 Mar 20 03:56 /etc/ssh/ssh_host_dsa_key.pub

-rw-------. 1 root root  963 Mar 20 03:56 /etc/ssh/ssh_host_key

-rw-r--r--. 1 root root  627 Mar 20 03:56 /etc/ssh/ssh_host_key.pub

-rw-------. 1 root root 1675 Mar 20 03:56 /etc/ssh/ssh_host_rsa_key

-rw-r--r--. 1 root root  382 Mar 20 03:56 /etc/ssh/ssh_host_rsa_key.pub

[root@szm ~]# /etc/init.d/sshd restart

Stopping sshd:                                             [  OK  ]

Starting sshd:                                             [  OK  ]

 

[root@szm ~]# netstat -tlnp | grep ssh

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2157/sshd

tcp        0      0 :::22                       :::*                        LISTEN      2157/sshd

[root@szm ~]# ssh 127.0.0.1

The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.

RSA key fingerprint is 9b:e2:0b:d2:0a:54:09:d9:3a:1f:49:a1:84:83:a7:cb.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.

root@127.0.0.1's password:

Last login: Mon Mar 25 20:36:03 2013 from 192.168.179.1

 

[root@szm ~]# ssh root@127.0.0.1

root@127.0.0.1's password:

Last login: Mon Mar 25 23:46:10 2013 from localhost.localdomain

如果不写帐号，那么会以本地端计算机的帐号来尝试登录远程主机

 

[root@szm ~]# ssh root@127.0.0.1 ls /

root@127.0.0.1's password:

bin

boot

cgroup

dev

etc

home

lib

lost+found

media

misc

mnt

net

opt

proc

root

sbin

selinux

srv

sys

tmp

usr

var

[root@szm ~]# ssh -f root@127.0.0.1 ls / &> ls.log

root@127.0.0.1's password:

加了f这个参数和没有加的区别是：加了f会让对方主机自己运行命令，立刻回到本地端，没加的话会等待对方完成命令后回到本地端。

 

 

 

[root@szm ~]# ssh -o StrictHostKeyChecking=no root@localhost

root@localhost's password:

Last login: Mon Mar 25 23:51:12 2013 from 192.168.179.1

ssh公钥被删除解决办法：

[root@szm ~]# rm /etc/ssh/ssh_host_* -f

[root@szm ~]# ssh root@localhost

Read from socket failed: Connection reset by peer

[root@szm ~]# tail /var/log/messages

Mar 25 08:10:09 szm nmbd[2269]:

Mar 25 08:10:09 szm nmbd[2269]:   *****

Mar 25 08:11:14 szm kernel: ip_tables: (C) 2000-2006 Netfilter Core Team

Mar 25 08:33:53 szm kernel: ip_tables: (C) 2000-2006 Netfilter Core Team

Mar 25 14:08:00 szm kernel: ip_tables: (C) 2000-2006 Netfilter Core Team

Mar 25 20:32:28 szm kernel: ip_tables: (C) 2000-2006 Netfilter Core Team

Mar 26 09:28:49 szm sshd[27689]: error: Could not load host key: /etc/ssh/ssh_ho                                                st_rsa_key

Mar 26 09:28:49 szm sshd[27689]: error: Could not load host key: /etc/ssh/ssh_ho                                                st_dsa_key

Mar 26 09:30:20 szm sshd[27702]: error: Could not load host key: /etc/ssh/ssh_ho                                                st_rsa_key

Mar 26 09:30:20 szm sshd[27702]: error: Could not load host key: /etc/ssh/ssh_ho                                                st_dsa_key

[root@szm ~]# service sshd restart

 

[root@szm ~]# rm /root/.ssh/known_hosts

rm: remove regular file `/root/.ssh/known_hosts'? y

[root@szm ~]# ssh -o StrictHostKeyChecking=no root@localhost 直接信任主机，不用YESORNO

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.

root@localhost's password:

Last login: Tue Mar 26 10:00:02 2013 from localhost.localdomain

 

 

删除原有公钥，生成新的公钥，连接不成功解决办法：

[root@szm ~]# rm /etc/ssh/ssh_host_* -f

[root@szm ~]# /etc/init.d/sshd restart

Stopping sshd:                                             [  OK  ]

Generating SSH1 RSA host key:                              [  OK  ]

Generating SSH2 RSA host key:                              [  OK  ]

Generating SSH2 DSA host key:                              [  OK  ]

Starting sshd:                                             [  OK  ]

[root@szm ~]#

[root@szm ~]# ssh root@localhost

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

ef:fc:bf:23:d7:c7:c3:e8:67:eb:4d:a9:86:13:52:ed.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending key in /root/.ssh/known_hosts:1

RSA host key for localhost has changed and you have requested strict checking.

Host key verification failed.

意思为删除known_hosts文件的第一行

 

 

[root@szm ~]# ssh root@localhost

The authenticity of host 'localhost (127.0.0.1)' can't be established.

RSA key fingerprint is ef:fc:bf:23:d7:c7:c3:e8:67:eb:4d:a9:86:13:52:ed.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.---加入Know_hosts

root@localhost's password:

Last login: Tue Mar 26 09:54:35 2013 from 172.16.128.73

SSH的FTP功能：

[root@szm ~]# sftp root@localhost

Connecting to localhost...

root@localhost's password:

sftp> lpwd

Local working directory: /root

sftp> pwd

Remote working directory: /root

sftp> put /etc/hosts

Uploading /etc/hosts to /root/hosts

/etc/hosts                                                                                                                  100%  156     0.2KB/s   00:00

sftp> lcd /tmp

sftp> get .bashrc

Fetching /root/.bashrc to .bashrc

/root/.bashrc                                                                                                               100%  176     0.2KB/s   00:00

sftp> lls -a

.   .bashrc      EdP.aKcM5B6  .esd-500   lost+found          pulse-iSJtSDEu9ort  vmware-config0  vmware-file-mod0  vmware-szm

..  EdP.a0602P3  .esd-0       .ICE-unix  pulse-IkztUMsTtTGX  pulse-TtUqDwHsZZQq  VMwareDnD       vmware-root       yum.log

sftp> exit

图形化连接SFTP-Server软件：Filezilla，端口22

 

SCP用于以知主机文件：

[root@szm ~]# scp /etc/hosts root@127.0.0.1:~下载

The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.

RSA key fingerprint is ef:fc:bf:23:d7:c7:c3:e8:67:eb:4d:a9:86:13:52:ed.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '127.0.0.1' (RSA) to the list of known hosts.

root@127.0.0.1's password:

hosts                                                                                                                      100%  156     0.2KB/s   00:00

 

[root@szm ~]# scp root@127.0.0.1:/etc/bashrc /tmp上传

root@127.0.0.1's password:

bashrc                                                                                                                     100% 2620     2.6KB/s   00:00

设置上传下载带宽：800/8=100Kbyes/s
[root@szm ~]# scp -l 800 /etc/bashrc root@127.0.0.1:/tmp

root@127.0.0.1's password:

bashrc                                                                                                                     100% 2620     2.6KB/s   00:00

Pietty是Putty的改良版

 

 

[root@szm ~]# cat /etc/ssh/sshd_config

#       $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $

 

# This is the sshd server system-wide configuration file.  See

# sshd_config(5) for more information.

 

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

 

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented.  Uncommented options change a

# default value.

 

#Port 22

可以写多一个Port来启动多个端口；

#AddressFamily any

#ListenAddress 0.0.0.0

主机监听端口IP。

#ListenAddress ::

 

# Disable legacy (protocol version 1) support in the server for new

# installations. In future the default will change to require explicit

# activation of protocol 1

Protocol 2

也可以修改支持V1，V2：Protocol 2，1不可这样很不安全，容易被***

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

SSH私钥放置位置

# Lifetime and size of ephemeral version 1 server key

#KeyRegenerationInterval 1h

#ServerKeyBits 1024

 

# Logging

# obsoletes QuietMode and FascistLogging

#SyslogFacility AUTH

SyslogFacility AUTHPRIV

#LogLevel INFO

 

# Authentication:

 

#LoginGraceTime 2m

如果没有单位。默认为秒

#PermitRootLogin yes

建议关闭这个Root的登录功能

#StrictModes yes

#MaxAuthTries 6

#MaxSessions 10

 

#RSAAuthentication yes

#PubkeyAuthentication yes

#AuthorizedKeysFile     .ssh/authorized_keys

是否允许用户自行使用成对的密钥系统进行登录，公针对Version 2

#AuthorizedKeysCommand none

#AuthorizedKeysCommandRunAs nobody

 

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

#RhostsRSAAuthentication no

因为使用~/.shh/.rhosts太不安全了，所以这里一定要设置为NO

# similar for protocol version 2

#HostbasedAuthentication no

# Change to yes if you don't trust ~/.ssh/known_hosts for

# RhostsRSAAuthentication and HostbasedAuthentication

第一个是给V1用的，使用rhosts文件在/etc/hosts.equiv配合RSA来认证，第二个是用V2用的，这两个都为NO

#IgnoreUserKnownHosts no

是否要忽略乃主目录内的~/.ssh/known_hosts这个文件记录的内容

# Don't read the user's ~/.rhosts and ~/.shosts files

#IgnoreRhosts yes

 

# To disable tunneled clear text passwords, change to no here!

#PasswordAuthentication yes

#PermitEmptyPasswords no

PasswordAuthentication yes

密码不得为空，一定要认证密码

# Change to no to disable s/key passwords

#ChallengeResponseAuthentication yes

ChallengeResponseAuthentication no

允许任何的密码认证，所以，任何Login.conf规定的谁方式，均可使用，但目前我们比较喜欢使用PAM模块帮忙管理认证，因此这个选项可以设置为NO。

# Kerberos options

#KerberosAuthentication no

#KerberosOrLocalPasswd yes

#KerberosTicketCleanup yes

#KerberosGetAFSToken no

 

# GSSAPI options

#GSSAPIAuthentication no

GSSAPIAuthentication yes

#GSSAPICleanupCredentials yes

GSSAPICleanupCredentials yes

#GSSAPIStrictAcceptorCheck yes

#GSSAPIKeyExchange no

 

# Set this to 'yes' to enable PAM authentication, account processing,

# and session processing. If this is enabled, PAM authentication will

# be allowed through the ChallengeResponseAuthentication and

# PasswordAuthentication.  Depending on your PAM configuration,

# PAM authentication via ChallengeResponseAuthentication may bypass

# the setting of "PermitRootLogin without-password".

# If you just want the PAM account and session checks to run without

# PAM authentication, then enable this but set PasswordAuthentication

# and ChallengeResponseAuthentication to 'no'.

#UsePAM no

UsePAM yes

 

# Accept locale-related environment variables

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE

AcceptEnv XMODIFIERS

 

#AllowAgentForwarding yes

#AllowTcpForwarding yes

#GatewayPorts no

#X11Forwarding no

这个项目可以让窗口的数据通过SSH连接来传送。

X11Forwarding yes

#X11DisplayOffset 10

#X11UseLocalhost yes

#PrintMotd yes

PrindMotd登录后的显示信息，可以关闭

#PrintLastLog yes

上次登录信息

#TCPKeepAlive yes

如果所在的网络不稳定，建议关闭

#UseLogin no

#UsePrivilegeSeparation yes

当非Root用户登录时，会产生一个属于非Root的SSHD程序来使用，对系统较安全

#PermitUserEnvironment no

#Compression delayed

#ClientAliveInterval 0

#ClientAliveCountMax 3

#ShowPatchLevel no

#UseDNS yes

一般来说，为了判断客户端来源是否正常合法的，会使用DNS去反查客户端的主机名。

#PidFile /var/run/sshd.pid

修改放置PID的文件。得知进程ID

#MaxStartups 10

登录前，也就是得到Shell前的连接数

#PermitTunnel no

#ChrootDirectory none

 

# no default banner path

#Banner none

 

# override default of no subsystems

Subsystem       sftp    /usr/libexec/openssh/sftp-server

 

# Example of overriding settings on a per-user basis

#Match User anoncvs

#       X11Forwarding no

#       AllowTcpForwarding no

#       ForceCommand cvs server

DenyUsers ....  DenyGroups ...

 SSH自动登录解决办法：

1.客户端建立两把密钥；
2.客户端放置好私钥文件；
3.将公钥放置到服务器端的正确目录与文件中；

 [root@szm ~]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

84:ef:86:84:79:bf:05:a9:72:e7:80:a7:e3:c7:98:3f root@szm.test.com

The key's randomart p_w_picpath is:

+--[ RSA 2048]----+

|                 |

|       .         |

|      . .        |

|     o o .       |

|    o o S        |

|     + = .       |

|    o+* = .      |

|    +=E= o       |

|   .o+..o        |

+-----------------+

 

[root@szm ~]# ll -d ~/.ssh/;ll ~/.ssh/

drwx------. 2 root root 4096 Mar 27 17:19 /root/.ssh/

total 16

-rw-r--r--. 1 root root  226 Mar 27 14:22 authorized_keys

-rw-------. 1 root root 1675 Mar 27 17:22 id_rsa

-rw-r--r--. 1 root root  399 Mar 27 17:22 id_rsa.pub

-rw-r--r--. 1 root root  782 Mar 26 12:40 known_hosts

~/.ssh/目录必须是700权限！id_rsa的文件权限必须是上面那样才行，否则无法实现SSH连接。

[root@szm ~]# scp ~/.ssh/id_rsa.pub root@192.168.179.7:~

The authenticity of host '192.168.179.7 (192.168.179.7)' can't be established.

RSA key fingerprint is ef:fc:bf:23:d7:c7:c3:e8:67:eb:4d:a9:86:13:52:ed.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.179.7' (RSA) to the list of known hosts.

root@192.168.179.7's password:

id_rsa.pub                                    100%  399     0.4KB/s   00:00

[root@szm ~]# cat id_rsa.pub >> ~/.ssh/authorized_keys

[root@szm ~]# ll ~/.ssh/authorized_keys

-rw-r--r--. 1 root root 625 Mar 27 17:30 /root/.ssh/authorized_keys

为个地方要非常的注意权限

SSH安全方面的设置： PermitRootLogin no DenyUsers .... DenyGroups ....   [root@szm ~]# cat /etc/hosts.allow sshd:127.0.0.1 192.168.179.0/255.255.255.0 [root@szm ~]# cat /etc/hosts.deny sshd:ALL   日志排错：   [root@szm ~]# tail /var/log/secure

[root@szm ~]# cat /etc/init/prefdm.conf

# prefdm - preferred display manager

#

# Starts gdm/xdm/etc by preference

 

start on stopped rc RUNLEVEL=5

 

stop on starting rc RUNLEVEL=[!5]

 

console output

respawn

respawn limit 10 120

exec /etc/X11/prefdm -nodaemon

启动一个X Display Manager程序。

 

X Server，X Client，Window Manager（VM）【GNOME，KDE，XFCE】，Display Manager（DM）【GDM，KDM】

XDMPC配置过程：

1.[root@Centosszm ~]# cat /etc/gdm/custom.conf

# GDM configuration storage

[daemon]

[security]

AllowRemoteRoot=true

DisallowTCP=false

[xdmcp]

Enable=1

[greeter]

[chooser]

[debug]

2.[root@Centosszm ~]# cat /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m udp -p udp --dport 177 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 6000:6010 -j ACCEPT

3.[root@Centosszm ~]# /etc/init.d/iptables restart

4.[root@Centosszm ~]# runlevel

3 5--------上一次为3，这一次为5

5.因为已经启动了init 5，需要重启应用配置文件；

 

[root@Centosszm ~]# init 3

[root@Centosszm ~]# init 5

6.查看是否启用了177，6000端口，6000端口用于XServer连接XClient。

[root@Centosszm ~]# netstat -tulnp

7.客户端发起连接；

在当前运行界别中运行GDM， [root@Centosszm ~]# gdm [root@Centosszm ~]# cat /etc/rc.d/rc.local [root@Centosszm ~]# /usr/sbin/gdm

 

一：在不同的X环境下启动连接：直接用X 在Centos6.X的环境中，如果原本就是Runlevel 5的环境，那么这个图形接口的：0是在tty1终端；如果由runlevel 3启动图形接口，那么是在tty7。 二：在同一个X下启动另一个X：使用Xnest [root@Centosszm ~]# yum install xorg-x11-server-Xnest [root@Centosszm ~]# Xnest -query 192.168.179.7 -geometry 640x480 :1

XServer连接前：

 [root@Centosszm ~]# pstree | grep gdm

     |-gdm-binary---gdm-simple-slav-+-Xorg

     |                              |-2*[gdm-session-wor]

     |                                              |-gdm-simple-gree

XServer连接后：
[root@Centosszm ~]# pstree | grep gdm

     |-gdm-binary-+-gdm-simple-slav-+-Xorg

     |            |                 |-2*[gdm-session-wor]

     |            |                                 |-gdm-simple-gree

     |            `-gdm-simple-slav-+-2*[gdm-session-wor]

     |                                              |-gdm-simple-gree---{gdm-sim                         ple-gre}

TigerVNC-Server的配置：

1.[root@Centosszm ~]# yum install tigervnc-server

2.[root@Centosszm ~]# vncpasswd

Password:

Verify:

3.[root@Centosszm ~]# vncserver -------开启连接服务

防火墙端口设置： 在使用防火墙的情况下来连接到一个远程系统,需要打开端口5901.

4.[root@Centosszm ~]# vi /etc/sysconfig/iptables ----这里只开放4个VNC

-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5903 -j ACCEPT

 -------------------------------------------------------------

[root@Centosszm ~]# ll .vnc/

total 28

-rw-r--r--. 1 root root 1934 Mar 28 15:53 Centosszm.test.com:1.log

-rw-r--r--. 1 root root    5 Mar 28 15:53 Centosszm.test.com:1.pid

-rw-r--r--. 1 root root 3434 Mar 28 15:33 Centosszm.test.com:2.log

-rw-r--r--. 1 root root 1333 Mar 28 19:57 Centosszm.test.com:3.log

-rw-r--r--. 1 root root    6 Mar 28 19:57 Centosszm.test.com:3.pid

-rw-------. 1 root root    8 Mar 28 15:20 passwd

-rwxr-xr-x. 1 root root  592 Mar 28 15:48 xstartup

Linux VNC客户端连接：

 [root@Centosszm ~]# yum install tigervnc

在以前的VNC Server有较大差异，在CentOS 6.x当中，Tiger VNC-Server这套软件会主动依据服务器端的图形接口登录方式给予正确的图形显示接口。

Windows VNC连接：

 使用RealVNC

关闭VNC：

[root@Centosszm ~]# vncserver -kill :1

 

VNC搭配本机的XDMCP画面：（有一个谁的GDM界面）

[szm@Centosszm ~]$ vi .vn c/xstartup ------------注释所有行

[szm@Centosszm ~]$ vncserver :5 -query localhost

 

让VNC Server开机启动：

请注意，不要将VNC Server的指令写入到/etc/rc.d/rc.local文件中，否则可能会产生localhost无法登录的问题。

 

1.[root@Centosszm szm]# grep -v ^# /etc/sysconfig/vncservers

VNCSERVERS="1:root"

VNCSERVERRAGS[1]="-query localhost"

 

2.[root@Centosszm szm]# /etc/init.d/vncserver restart

Shutting down VNC server: 1:root                           [FAILED]

Starting VNC server: 1:root

New 'Centosszm.test.com:1 (root)' desktop is Centosszm.test.com:1

 

Starting applications specified in /root/.vnc/xstartup

Log file is /root/.vnc/Centosszm.test.com:1.log

 

                                                           [  OK  ]

同步的VNC：可以通过图示同步教学，鼠标同步

[root@Centosszm szm]# yum install tigervnc-server-module

 

产生/etc/X11/xorg.conf文件：

[root@Centosszm ~]# X -configure

[root@Centosszm ~]# mv xorg.conf.new /etc/X11/xorg.conf

Section "Screen"
       Option "passwordFile" "/home/root/.vnc/passwd"

.....

Section "Module"

      Load "vnc"

连接方法：

      直接：IP地址就可以了，不用:0之类的端口

 Windows的远程桌面系统：XRDP服务器

XRDP最终会自动启用VNC，必须要安装VNC才行。否则XRDP无法运行。

 [root@Centosszm ~]# /etc/init.d/xrdp start

Starting xrdp:                                             [  OK  ]

Starting xrdp-sesman:                                      [  OK  ]

[root@Centosszm ~]# netstat -tunlp | grep xrdp

tcp        0      0 127.0.0.1:3350              0.0.0.0:*                   LISTEN      22598/xrdp-sesman

tcp        0      0 0.0.0.0:3389                0.0.0.0:*                   LISTEN      22594/xrdp

[root@Centosszm ~]# cat /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 6000:6010 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5911 -j ACCEPT

 SSH的高级应用：

在非标准端口启动SSH；

 

[root@Centosszm ~]# vim /etc/ssh/sshd_config
Port 22
Port 23

 

[root@Centosszm ~]# cat /var/log/audit/audit.log | grep AVC | grep ssh | audit2allow -m sshlocal >sshlocal.te

[root@Centosszm ~]# grep sshd_t /var/log/audit/audit.log | audit2allow -M sshlocal

******************** IMPORTANT ***********************

To make this policy package active, execute:

 

semodule -i sshlocal.pp

 

[root@Centosszm ~]# semodule -i sshlocal.pp

 

[root@Centosszm ~]# /etc/init.d/sshd restart

Stopping sshd:                                             [  OK  ]

Starting sshd:                                             [  OK  ]

[root@Centosszm ~]# netstat -tulnp | grep ssh

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      23782/sshd

tcp        0      0 0.0.0.0:23                  0.0.0.0:*                   LISTEN      23782/sshd

tcp        0      0 :::22                       :::*                        LISTEN      23782/sshd

tcp        0      0 :::23                       :::*                        LISTEN      23782/sshd

[root@Centosszm ~]# ssh -p 23 root@localhost

 

以rsync进行同步镜像备份：

 

rsync不但传输速度快，而且在传输时，可以比对本地端与远程主机欲复制的文件内容，而仅复制两者有差异的文件而已，所以传输的时间就相对降低很多！

 

1.[root@Centosszm ~]# rsync -av /etc /tmp

2.[root@Centosszm ~]# rsync -av -e ssh root@localhost:/etc /tmp

 

3.直接通过rsync提供的服务来传输，此时rsync主机需要启动873port:
  /etc/xinetd.d/rsync

  /etc/rsync.conf

  密码

  rsync -av user@hostname:/dir/path /local/pasth

 

-v:列出信息 -q:安静模式 -r:递归 -u:只更新 -l:复制属性 -p:连同权限复制 -g:保留原文件组 -o:保留原文件主 -D:保留属性 -t:保留时间 -I:忽略更新时间，文件比对上会比较快速 -z:Compress -e:使用的协议 -a:-rlptgoD

 

通过SSH通道加密原本无加密的服务：

 

[root@Centosszm ~]# ssh -L 5911:127.0.0.1:5901 -n 192.168.179.254

Centosszm(5911)--------ssh(5911)----------(22)ssh------------(5901)179.154

 

VNC View:localhost:5911

以SSH通道配合X Server传递图形界面：

 

[root@Centosszm ~]# yum install xterm

Xming----->multiple windows---->start a program---->using Putty

 

 

 

 

 

 

 

转载于:https://blog.51cto.com/2816056/1162442