一.Liunx
1.[root@michael ~]# rpm -qa | grep ssh
openssh-clients-3.9p1-8.RHEL4.15
openssh-askpass-3.9p1-8.RHEL4.15
openssh-askpass-gnome-3.9p1-8.RHEL4.15
openssh-server-3.9p1-8.RHEL4.15
openssh-3.9p1-8.RHEL4.15
[root@michael ~]# chkconfig --list sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@michael ~]# service sshd restart
Stopping sshd:[ OK ]
Starting sshd:[ OK ]
[root@michael ~]#
2.[root@michael ~]# vi /etc/ssh/sshd_config (server config file)
# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
3.[root@michael ~]# vi /etc/ssh/ssh_config (client config file)
# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for various options
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
4. [root@michael ~]# ssh root@192.168.5.1
The authenticity of host '192.168.5.1 (192.168.5.1)' can't be established.
RSA key fingerprint is b2:4e:4e:0a:a7:e0:05:e4:1d:85:1c:1f:f5:a0:5d:ac.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.5.1' (RSA) to the list of known hosts.
root@192.168.5.1's password:
Last login: Wed Aug 5 13:22:19 2009 from 192.168.5.199
5. [root@michael ~]# ls -al
total 292
drwxr-x--- 14 root root 4096 Aug 5 13:28 .
drwxr-xr-x 24 root root 4096 Aug 5 13:16 ..
-rw------- 1 root root 179 Jul 30 14:14 .ICEauthority
-rw------- 1 root root 14999 Aug 5 10:04 .bash_history
-rw-r--r-- 1 root root 24 Sep 23 2004 .bash_logout
-rw-r--r-- 1 root root 191 Sep 23 2004 .bash_profile
-rw-r--r-- 1 root root 176 Sep 23 2004 .bashrc
drwxr-xr-x 3 root root 4096 Jul 30 14:14 .config
-rw-r--r-- 1 root root 100 Sep 23 2004 .cshrc
-rw------- 1 root root 26 Jul 30 14:14 .dmrc
drwxr-x--- 2 root root 4096 Jul 30 14:14 .eggcups
drwx------ 4 root root 4096 Jul 30 14:14 .gconf
drwx------ 2 root root 4096 Jul 30 14:17 .gconfd
drwx------ 4 root root 4096 Jul 30 14:14 .gnome
drwx------ 7 root root 4096 Jul 30 14:14 .gnome2
drwx------ 2 root root 4096 Jul 30 14:14 .gnome2_private
drwxr-xr-x 2 root root 4096 Jul 29 06:53 .gstreamer-0.8
-rw-r--r-- 1 root root 120 Aug 6 2005 .gtkrc
-rw-r--r-- 1 root root 130 Jul 30 14:14 .gtkrc-1.2-gnome2
drwx------ 3 root root 4096 Jul 30 14:14 .metacity
-rw------- 1 root root 195 Aug 4 17:19 .mysql_history
drwxr-xr-x 3 root root 4096 Jul 30 14:14 .nautilus
-rw------- 1 root root 0 Jul 30 14:14 .recently-used
-rw------- 1 root root 497 Jul 30 14:14 .rhn-applet.conf
drwx------ 2 root root 4096 Aug 5 13:28 .ssh
-rw-r--r-- 1 root root 102 Sep 23 2004 .tcshrc
-rw------- 1 root root 6228 Aug 5 13:28 .viminfo
drwxr-xr-x 2 root root 4096 Jul 30 14:14 Desktop
-rw-r--r-- 1 root root 1664 Jul 29 07:08 anaconda-ks.cfg
-rw-r--r-- 1 root root 50560 Jul 29 07:08 install.log
-rw-r--r-- 1 root root 41971 Jul 29 07:08 install.log.syslog
-rw------- 1 root root 3470 Aug 5 08:52 mbox
-rw-r--r-- 1 root root 0 Aug 5 03:14 sendmail.cf
[root@michael ~]# cd .ssh
[root@michael .ssh]# ls
known_hosts
[root@michael .ssh]# vi known_hosts
192.168.5.1 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAu/oiM/UtSmKDyKC0JSt5pr7+PeprOAPP2ZQaj1iFVTFC4/RXNi5H2vuL/hUyki7VU8IXyS5+GJqB23fpnH0UIF59HfvetdS2dfKuNur1GgotPFTlPVqlQoiQ0+SC/NPBxAR+c1cixebGEw6HvTHB9S5qfNFJCW+7DbFggACafeU=
6. 设置SSH基于密钥的用户login SSH.
[root@michael ~]# useradd abc4
[root@michael ~]# passwd abc4
Changing password for user abc4.
New UNIX password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
Retype new UNIX password:
Sorry, passwords do not match
New UNIX password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@michael ~]# su - abc4
-[abc4@michael ~]$ ssh-keygen -t rsa (用于生成当前用户的密钥对)
Generating public/private rsa key pair.
Enter file in which to save the key (/home/abc4/.ssh/id_rsa):
Created directory '/home/abc4/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/abc4/.ssh/id_rsa.
Your public key has been saved in /home/abc4/.ssh/id_rsa.pub.
The key fingerprint is:
54:d3:b7:27:41:f6:56:82:b1:a5:08:f3:74:b4:c0:1d abc4@michael.fung.com
7.[abc4@michael ~]$ ls -al
total 44
drwx------ 4 abc4 abc4 4096 Aug 5 13:39 .
drwxr-xr-x 8 root root 4096 Aug 5 13:37 ..
-rw-r--r-- 1 abc4 abc4 24 Aug 5 13:37 .bash_logout
-rw-r--r-- 1 abc4 abc4 191 Aug 5 13:37 .bash_profile
-rw-r--r-- 1 abc4 abc4 124 Aug 5 13:37 .bashrc
-rw-r--r-- 1 abc4 abc4 383 Aug 5 13:37 .emacs
-rw-r--r-- 1 abc4 abc4 120 Aug 5 13:37 .gtkrc
drwxr-xr-x 3 abc4 abc4 4096 Aug 5 13:37 .kde
drwx------ 2 abc4 abc4 4096 Aug 5 13:39 .ssh
-rw-r--r-- 1 abc4 abc4 658 Aug 5 13:37 .zshrc
[abc4@michael ~]$ cd .ssh/
[abc4@michael .ssh]$ ls
id_rsa id_rsa.pub
[abc4@michael .ssh]$ ll
total 8
-rw------- 1 abc4 abc4 887 Aug 5 13:39 id_rsa (私钥)
-rw-r--r-- 1 abc4 abc4 231 Aug 5 13:39 id_rsa.pub (公钥)
[abc4@michael .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzDVzdARSWWvy858V7uVRFaSVfylmxEtnbtTUcj/aDSg+GtOHJ/5Lw1mIIhauozpzMtt+ICa6hgNziGFRM86cIOMt+s68kF3mOcoJPnqduYCkAcZJG4lMlAiO0LgdWhcNNMlOvrkCbBO+dhIj6aqA67w7n3zg9X+Vf8Yo97doayU= abc4@michael.fung.com
8.[root@michael ~]# cp -R /home/abc4/.ssh/id_rsa.pub /root
[root@michael ~]# ls -al
total 296
drwxr-x--- 14 root root 4096 Aug 5 13:46 .
drwxr-xr-x 24 root root 4096 Aug 5 13:16 ..
-rw------- 1 root root 179 Jul 30 14:14 .ICEauthority
-rw------- 1 root root 14999 Aug 5 10:04 .bash_history
-rw-r--r-- 1 root root 24 Sep 23 2004 .bash_logout
-rw-r--r-- 1 root root 191 Sep 23 2004 .bash_profile
-rw-r--r-- 1 root root 176 Sep 23 2004 .bashrc
drwxr-xr-x 3 root root 4096 Jul 30 14:14 .config
-rw-r--r-- 1 root root 100 Sep 23 2004 .cshrc
-rw------- 1 root root 26 Jul 30 14:14 .dmrc
drwxr-x--- 2 root root 4096 Jul 30 14:14 .eggcups
drwx------ 4 root root 4096 Jul 30 14:14 .gconf
drwx------ 2 root root 4096 Jul 30 14:17 .gconfd
drwx------ 4 root root 4096 Jul 30 14:14 .gnome
drwx------ 7 root root 4096 Jul 30 14:14 .gnome2
drwx------ 2 root root 4096 Jul 30 14:14 .gnome2_private
drwxr-xr-x 2 root root 4096 Jul 29 06:53 .gstreamer-0.8
-rw-r--r-- 1 root root 120 Aug 6 2005 .gtkrc
-rw-r--r-- 1 root root 130 Jul 30 14:14 .gtkrc-1.2-gnome2
drwx------ 3 root root 4096 Jul 30 14:14 .metacity
-rw------- 1 root root 195 Aug 4 17:19 .mysql_history
drwxr-xr-x 3 root root 4096 Jul 30 14:14 .nautilus
-rw------- 1 root root 0 Jul 30 14:14 .recently-used
-rw------- 1 root root 497 Jul 30 14:14 .rhn-applet.conf
drwx------ 2 root root 4096 Aug 5 13:30 .ssh
-rw-r--r-- 1 root root 102 Sep 23 2004 .tcshrc
-rw------- 1 root root 5718 Aug 5 13:30 .viminfo
drwxr-xr-x 2 root root 4096 Jul 30 14:14 Desktop
-rw-r--r-- 1 root root 1664 Jul 29 07:08 anaconda-ks.cfg
-rw-r--r-- 1 root root 231 Aug 5 13:46 id_rsa.pub
-rw-r--r-- 1 root root 50560 Jul 29 07:08 install.log
-rw-r--r-- 1 root root 41971 Jul 29 07:08 install.log.syslog
-rw------- 1 root root 3470 Aug 5 08:52 mbox
-rw-r--r-- 1 root root 0 Aug 5 03:14 sendmail.cf
[root@michael ~]# cp id_rsa.pub /root/.ssh/
[root@michael ~]# cd .ssh
[root@michael .ssh]# ls
id_rsa.pub known_hosts
[root@michael .ssh]# mv id_rsa.pub authorized_keys
[root@michael .ssh]# ls
authorized_keys known_hosts
9.test
[abc4@michael ~]$ ssh root@192.168.5.1
Last login: Wed Aug 5 13:54:41 2009 from michael.fung.com
[root@michael ~]#
注意:在SSH 客户机用户生成的公钥文件,一定要放到SSH SERVER 上指定进行认证的用户主目录下。在进行进一步的配置。
10.禁止root user the ssh login
[root@michael ~]# vi /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.69 2004/05/23 23:59:53 dtucker Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
PermitRootLogin no
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
"/etc/ssh/sshd_config" 112L, 3044C written
11. [root@michael ~]# service sshd restart
Stopping sshd:[ OK ]
Starting sshd:[ OK ]
12 . [root@michael ~]# ssh root@192.168.5.1
root@192.168.5.1's password:
Permission denied, please try again.
root@192.168.5.1's password:
Permission denied, please try again.
root@192.168.5.1's password:
Permission denied (publickey,gssapi-with-mic,password).
13. [abc4@michael ~]$ ssh root@192.168.5.1
root@192.168.5.1's password:
Permission denied, please try again.
root@192.168.5.1's password:
[abc4@michael ~]$ su - root
Password:
[root@michael ~]# (为个实 现LINUX 系统进行远程管理的目的,可以使 SU 进行转换)
14.[root@michael ~]# ssh -l root 192.168.5.1 (login 1)
root@192.168.5.1's password:
Last login: Wed Aug 5 13:55:33 2009 from michael.fung.com
[root@michael ~]#
[root@michael ~]# ssh 192.168.5.1 (login 2)
root@192.168.5.1's password:
Last login: Wed Aug 5 14:11:24 2009 from michael.fung.com
[root@michael ~]#
[root@michael ~]# ssh root@192.168.5.1 (login 3)
root@192.168.5.1's password:
Last login: Wed Aug 5 14:11:50 2009 from michael.fung.com
[root@michael ~]#
15. [root@michael ~]# sftp root@192.168.5.1
Connecting to 192.168.5.1...
root@192.168.5.1's password:
sftp> help
Available commands:
cd path Change remote directory to 'path'
lcd path Change local directory to 'path'
chgrp grp path Change group of file 'path' to 'grp'
chmod mode path Change permissions of file 'path' to 'mode'
chown own path Change owner of file 'path' to 'own'
help Display this help text
get remote-path [local-path] Download file
lls [ls-options [path]] Display local directory listing
ln oldpath newpath Symlink remote file
lmkdir path Create local directory
lpwd Print local working directory
ls [path] Display remote directory listing
lumask umask Set local umask to 'umask'
mkdir path Create remote directory
progress Toggle display of progress meter
put local-path [remote-path] Upload file
pwd Display remote working directory
exit Quit sftp
quit Quit sftp
rename oldpath newpath Rename remote file
rmdir path Remove remote directory
rm path Delete remote file
symlink oldpath newpath Symlink remote file
version Show SFTP version
!command Execute 'command' in local shell
! Escape to local shell
? Synonym for help
sftp>
16. [root@michael ~]# scp root@192.168.5.1:/etc/passwd . (远程到本地)
root@192.168.5.1's password:
passwd 100% 2154 2.1KB/s 00:00
[root@michael ~]# ls
Desktop id_rsa.pub install.log.syslog passwd
anaconda-ks.cfg install.log mbox sendmail.cf
[root@michael ~]
#
[root@michael ~]# ls
Desktop id_rsa.pub install.log.syslog passwd test
anaconda-ks.cfg install.log mbox sendmail.cf
[root@michael ~]# scp test root@192.168.5.1:/ (本地到远程)
root@192.168.5.1's password:
test 100% 10 0.0KB/s 00:00
[root@michael ~]# cd /
[root@michael /]# ls
bin etc lib misc proc selinux test usr
boot home lost+found mnt root srv tftpboot var
dev initrd media opt sbin sys tmp
[root@michael /]#
二.Windows 远程 login sshd server.
1.
2.
Next:
Next:
Next:
Next:
Install
3.
Next:
Next:
Next:
Next:
Next:
Next:
Next:
Xterm login 字符界面
GNOME login 图形界面
转载于:https://blog.51cto.com/michaelfung/411187