一.Liunx

 

1.[root@michael ~]# rpm -qa | grep ssh

openssh-clients-3.9p1-8.RHEL4.15

openssh-askpass-3.9p1-8.RHEL4.15

openssh-askpass-gnome-3.9p1-8.RHEL4.15

openssh-server-3.9p1-8.RHEL4.15

openssh-3.9p1-8.RHEL4.15

[root@michael ~]# chkconfig --list sshd

sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@michael ~]# service sshd restart

Stopping sshd:[ OK ]

Starting sshd:[ OK ]

[root@michael ~]#

2.[root@michael ~]# vi /etc/ssh/sshd_config (server config file

 

# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

 

# This is the sshd server system-wide configuration file. See

# sshd_config(5) for more information.

 

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

 

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented. Uncommented options change a

# default value.

 

#Port 22

#Protocol 2,1

#ListenAddress 0.0.0.0

#ListenAddress ::

 

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

3.[root@michael ~]# vi /etc/ssh/ssh_config (client config file)

 

# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $

 

# This is the ssh client system-wide configuration file. See

# ssh_config(5) for more information. This file provides defaults for

# users, and the values can be changed in per-user configuration files

# or on the command line.

 

# Configuration data is parsed as follows:

# 1. command line options

# 2. user-specific file

# 3. system-wide file

# Any configuration value is only changed the first time it is set.

# Thus, host-specific definitions should be at the beginning of the

# configuration file, and defaults at the end.

 

# Site-wide defaults for various options

 

# Host *

# ForwardAgent no

# ForwardX11 no

# RhostsRSAAuthentication no

# RSAAuthentication yes

# PasswordAuthentication yes

4. [root@michael ~]# ssh root@192.168.5.1

The authenticity of host '192.168.5.1 (192.168.5.1)' can't be established.

RSA key fingerprint is b2:4e:4e:0a:a7:e0:05:e4:1d:85:1c:1f:f5:a0:5d:ac.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.5.1' (RSA) to the list of known hosts.

root@192.168.5.1's password:

Last login: Wed Aug 5 13:22:19 2009 from 192.168.5.199

5. [root@michael ~]# ls -al

total 292

drwxr-x--- 14 root root 4096 Aug 5 13:28 .

drwxr-xr-x 24 root root 4096 Aug 5 13:16 ..

-rw------- 1 root root 179 Jul 30 14:14 .ICEauthority

-rw------- 1 root root 14999 Aug 5 10:04 .bash_history

-rw-r--r-- 1 root root 24 Sep 23 2004 .bash_logout

-rw-r--r-- 1 root root 191 Sep 23 2004 .bash_profile

-rw-r--r-- 1 root root 176 Sep 23 2004 .bashrc

drwxr-xr-x 3 root root 4096 Jul 30 14:14 .config

-rw-r--r-- 1 root root 100 Sep 23 2004 .cshrc

-rw------- 1 root root 26 Jul 30 14:14 .dmrc

drwxr-x--- 2 root root 4096 Jul 30 14:14 .eggcups

drwx------ 4 root root 4096 Jul 30 14:14 .gconf

drwx------ 2 root root 4096 Jul 30 14:17 .gconfd

drwx------ 4 root root 4096 Jul 30 14:14 .gnome

drwx------ 7 root root 4096 Jul 30 14:14 .gnome2

drwx------ 2 root root 4096 Jul 30 14:14 .gnome2_private

drwxr-xr-x 2 root root 4096 Jul 29 06:53 .gstreamer-0.8

-rw-r--r-- 1 root root 120 Aug 6 2005 .gtkrc

-rw-r--r-- 1 root root 130 Jul 30 14:14 .gtkrc-1.2-gnome2

drwx------ 3 root root 4096 Jul 30 14:14 .metacity

-rw------- 1 root root 195 Aug 4 17:19 .mysql_history

drwxr-xr-x 3 root root 4096 Jul 30 14:14 .nautilus

-rw------- 1 root root 0 Jul 30 14:14 .recently-used

-rw------- 1 root root 497 Jul 30 14:14 .rhn-applet.conf

drwx------ 2 root root 4096 Aug 5 13:28 .ssh

-rw-r--r-- 1 root root 102 Sep 23 2004 .tcshrc

-rw------- 1 root root 6228 Aug 5 13:28 .viminfo

drwxr-xr-x 2 root root 4096 Jul 30 14:14 Desktop

-rw-r--r-- 1 root root 1664 Jul 29 07:08 anaconda-ks.cfg

-rw-r--r-- 1 root root 50560 Jul 29 07:08 install.log

-rw-r--r-- 1 root root 41971 Jul 29 07:08 install.log.syslog

-rw------- 1 root root 3470 Aug 5 08:52 mbox

-rw-r--r-- 1 root root 0 Aug 5 03:14 sendmail.cf

[root@michael ~]# cd .ssh

[root@michael .ssh]# ls

known_hosts

[root@michael .ssh]# vi known_hosts

192.168.5.1 ssh-rsa

AAAAB3NzaC1yc2EAAAABIwAAAIEAu/oiM/UtSmKDyKC0JSt5pr7+PeprOAPP2ZQaj1iFVTFC4/RXNi5H2vuL/hUyki7VU8IXyS5+GJqB23fpnH0UIF59HfvetdS2dfKuNur1GgotPFTlPVqlQoiQ0+SC/NPBxAR+c1cixebGEw6HvTHB9S5qfNFJCW+7DbFggACafeU=

6. 设置SSH基于密钥的用户login SSH.

[root@michael ~]# useradd abc4

[root@michael ~]# passwd abc4

Changing password for user abc4.

New UNIX password:

BAD PASSWORD: it does not contain enough DIFFERENT characters

Retype new UNIX password:

Sorry, passwords do not match

New UNIX password:

BAD PASSWORD: it does not contain enough DIFFERENT characters

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@michael ~]# su - abc4

-[abc4@michael ~]$ ssh-keygen -t rsa (用于生成当前用户的密钥对)

Generating public/private rsa key pair.

Enter file in which to save the key (/home/abc4/.ssh/id_rsa):

Created directory '/home/abc4/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/abc4/.ssh/id_rsa.

Your public key has been saved in /home/abc4/.ssh/id_rsa.pub.

The key fingerprint is:

54:d3:b7:27:41:f6:56:82:b1:a5:08:f3:74:b4:c0:1d abc4@michael.fung.com

7.[abc4@michael ~]$ ls -al

total 44

drwx------ 4 abc4 abc4 4096 Aug 5 13:39 .

drwxr-xr-x 8 root root 4096 Aug 5 13:37 ..

-rw-r--r-- 1 abc4 abc4 24 Aug 5 13:37 .bash_logout

-rw-r--r-- 1 abc4 abc4 191 Aug 5 13:37 .bash_profile

-rw-r--r-- 1 abc4 abc4 124 Aug 5 13:37 .bashrc

-rw-r--r-- 1 abc4 abc4 383 Aug 5 13:37 .emacs

-rw-r--r-- 1 abc4 abc4 120 Aug 5 13:37 .gtkrc

drwxr-xr-x 3 abc4 abc4 4096 Aug 5 13:37 .kde

drwx------ 2 abc4 abc4 4096 Aug 5 13:39 .ssh

-rw-r--r-- 1 abc4 abc4 658 Aug 5 13:37 .zshrc

[abc4@michael ~]$ cd .ssh/

[abc4@michael .ssh]$ ls

id_rsa id_rsa.pub

[abc4@michael .ssh]$ ll

total 8

-rw------- 1 abc4 abc4 887 Aug 5 13:39 id_rsa (私钥)

-rw-r--r-- 1 abc4 abc4 231 Aug 5 13:39 id_rsa.pub (公钥)

[abc4@michael .ssh]$ cat id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzDVzdARSWWvy858V7uVRFaSVfylmxEtnbtTUcj/aDSg+GtOHJ/5Lw1mIIhauozpzMtt+ICa6hgNziGFRM86cIOMt+s68kF3mOcoJPnqduYCkAcZJG4lMlAiO0LgdWhcNNMlOvrkCbBO+dhIj6aqA67w7n3zg9X+Vf8Yo97doayU= abc4@michael.fung.com

8.[root@michael ~]# cp -R /home/abc4/.ssh/id_rsa.pub /root

[root@michael ~]# ls -al

total 296

drwxr-x--- 14 root root 4096 Aug 5 13:46 .

drwxr-xr-x 24 root root 4096 Aug 5 13:16 ..

-rw------- 1 root root 179 Jul 30 14:14 .ICEauthority

-rw------- 1 root root 14999 Aug 5 10:04 .bash_history

-rw-r--r-- 1 root root 24 Sep 23 2004 .bash_logout

-rw-r--r-- 1 root root 191 Sep 23 2004 .bash_profile

-rw-r--r-- 1 root root 176 Sep 23 2004 .bashrc

drwxr-xr-x 3 root root 4096 Jul 30 14:14 .config

-rw-r--r-- 1 root root 100 Sep 23 2004 .cshrc

-rw------- 1 root root 26 Jul 30 14:14 .dmrc

drwxr-x--- 2 root root 4096 Jul 30 14:14 .eggcups

drwx------ 4 root root 4096 Jul 30 14:14 .gconf

drwx------ 2 root root 4096 Jul 30 14:17 .gconfd

drwx------ 4 root root 4096 Jul 30 14:14 .gnome

drwx------ 7 root root 4096 Jul 30 14:14 .gnome2

drwx------ 2 root root 4096 Jul 30 14:14 .gnome2_private

drwxr-xr-x 2 root root 4096 Jul 29 06:53 .gstreamer-0.8

-rw-r--r-- 1 root root 120 Aug 6 2005 .gtkrc

-rw-r--r-- 1 root root 130 Jul 30 14:14 .gtkrc-1.2-gnome2

drwx------ 3 root root 4096 Jul 30 14:14 .metacity

-rw------- 1 root root 195 Aug 4 17:19 .mysql_history

drwxr-xr-x 3 root root 4096 Jul 30 14:14 .nautilus

-rw------- 1 root root 0 Jul 30 14:14 .recently-used

-rw------- 1 root root 497 Jul 30 14:14 .rhn-applet.conf

drwx------ 2 root root 4096 Aug 5 13:30 .ssh

-rw-r--r-- 1 root root 102 Sep 23 2004 .tcshrc

-rw------- 1 root root 5718 Aug 5 13:30 .viminfo

drwxr-xr-x 2 root root 4096 Jul 30 14:14 Desktop

-rw-r--r-- 1 root root 1664 Jul 29 07:08 anaconda-ks.cfg

-rw-r--r-- 1 root root 231 Aug 5 13:46 id_rsa.pub

-rw-r--r-- 1 root root 50560 Jul 29 07:08 install.log

-rw-r--r-- 1 root root 41971 Jul 29 07:08 install.log.syslog

-rw------- 1 root root 3470 Aug 5 08:52 mbox

-rw-r--r-- 1 root root 0 Aug 5 03:14 sendmail.cf

[root@michael ~]# cp id_rsa.pub /root/.ssh/

[root@michael ~]# cd .ssh

[root@michael .ssh]# ls

id_rsa.pub known_hosts

[root@michael .ssh]# mv id_rsa.pub authorized_keys

[root@michael .ssh]# ls

authorized_keys known_hosts

9.test

[abc4@michael ~]$ ssh root@192.168.5.1

Last login: Wed Aug 5 13:54:41 2009 from michael.fung.com

[root@michael ~]#

 

注意:在SSH 客户机用户生成的公钥文件,一定要放到SSH SERVER 上指定进行认证的用户主目录下。在进行进一步的配置。

10.禁止root user the ssh login

 

[root@michael ~]# vi /etc/ssh/sshd_config

 

# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $

 

# This is the sshd server system-wide configuration file. See

# sshd_config(5) for more information.

 

# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

 

# The strategy used for options in the default sshd_config shipped with

# OpenSSH is to specify options with their default value where

# possible, but leave them commented. Uncommented options change a

# default value.

 

#Port 22

PermitRootLogin no

#Protocol 2,1

#ListenAddress 0.0.0.0

#ListenAddress ::

 

# HostKey for protocol version 1

#HostKey /etc/ssh/ssh_host_key

# HostKeys for protocol version 2

#HostKey /etc/ssh/ssh_host_rsa_key

#HostKey /etc/ssh/ssh_host_dsa_key

"/etc/ssh/sshd_config" 112L, 3044C written

11. [root@michael ~]# service sshd restart

Stopping sshd:[ OK ]

Starting sshd:[ OK ]

12 . [root@michael ~]# ssh root@192.168.5.1

root@192.168.5.1's password:

Permission denied, please try again.

root@192.168.5.1's password:

Permission denied, please try again.

root@192.168.5.1's password:

Permission denied (publickey,gssapi-with-mic,password).

13. [abc4@michael ~]$ ssh root@192.168.5.1

root@192.168.5.1's password:

Permission denied, please try again.

root@192.168.5.1's password:

 

[abc4@michael ~]$ su - root

Password:

[root@michael ~]# (为个实 现LINUX 系统进行远程管理的目的,可以使 SU 进行转换)

14.[root@michael ~]# ssh -l root 192.168.5.1 (login 1

root@192.168.5.1's password:

Last login: Wed Aug 5 13:55:33 2009 from michael.fung.com

[root@michael ~]#

[root@michael ~]# ssh 192.168.5.1 (login 2)

root@192.168.5.1's password:

Last login: Wed Aug 5 14:11:24 2009 from michael.fung.com

[root@michael ~]#

[root@michael ~]# ssh root@192.168.5.1 (login 3)

root@192.168.5.1's password:

Last login: Wed Aug 5 14:11:50 2009 from michael.fung.com

[root@michael ~]#

15. [root@michael ~]# sftp root@192.168.5.1

Connecting to 192.168.5.1...

root@192.168.5.1's password:

sftp> help

Available commands:

cd path Change remote directory to 'path'

lcd path Change local directory to 'path'

chgrp grp path Change group of file 'path' to 'grp'

chmod mode path Change permissions of file 'path' to 'mode'

chown own path Change owner of file 'path' to 'own'

help Display this help text

get remote-path [local-path] Download file

lls [ls-options [path]] Display local directory listing

ln oldpath newpath Symlink remote file

lmkdir path Create local directory

lpwd Print local working directory

ls [path] Display remote directory listing

lumask umask Set local umask to 'umask'

mkdir path Create remote directory

progress Toggle display of progress meter

put local-path [remote-path] Upload file

pwd Display remote working directory

exit Quit sftp

quit Quit sftp

rename oldpath newpath Rename remote file

rmdir path Remove remote directory

rm path Delete remote file

symlink oldpath newpath Symlink remote file

version Show SFTP version

!command Execute 'command' in local shell

! Escape to local shell

? Synonym for help

sftp>

16. [root@michael ~]# scp root@192.168.5.1:/etc/passwd . (远程到本地)

root@192.168.5.1's password:

passwd 100% 2154 2.1KB/s 00:00

[root@michael ~]# ls

Desktop id_rsa.pub install.log.syslog passwd

anaconda-ks.cfg install.log mbox sendmail.cf

[root@michael ~]

#

[root@michael ~]# ls

Desktop id_rsa.pub install.log.syslog passwd test

anaconda-ks.cfg install.log mbox sendmail.cf

[root@michael ~]# scp test root@192.168.5.1:/ (本地到远程)

root@192.168.5.1's password:

test 100% 10 0.0KB/s 00:00

[root@michael ~]# cd /

[root@michael /]# ls

bin etc lib misc proc selinux test usr

boot home lost+found mnt root srv tftpboot var

dev initrd media opt sbin sys tmp

[root@michael /]#

 

二.Windows 远程 login sshd server.

1.

clip_p_w_picpath002

clip_p_w_picpath004

2.

clip_p_w_picpath006

Next:

clip_p_w_picpath008

Next:

clip_p_w_picpath010

 

Next:

clip_p_w_picpath012

Next:

 

clip_p_w_picpath014

 

Install

clip_p_w_picpath016

 

 

clip_p_w_picpath018

 

 

clip_p_w_picpath020

 

 

clip_p_w_picpath022

 

 

3.

 

clip_p_w_picpath024

 

 

Next:

 

clip_p_w_picpath026

 

Next:

 

 

clip_p_w_picpath028

 

 

clip_p_w_picpath030

 

clip_p_w_picpath032

 

 

Next:

 

 

clip_p_w_picpath034

 

Next:

 

clip_p_w_picpath036

 

clip_p_w_picpath038

 

clip_p_w_picpath040

 

Next:

 

 

clip_p_w_picpath042

 

 

Next:

 

clip_p_w_picpath044

 

Next:

 

clip_p_w_picpath046

 

 

Xterm login 字符界面

GNOME login 图形界面

 

 

 

clip_p_w_picpath048

 

 

clip_p_w_picpath050

 

 

clip_p_w_picpath052

 

clip_p_w_picpath054

 

 

clip_p_w_picpath056

 

 

clip_p_w_picpath058

 

 

 

clip_p_w_picpath060