1…sshd简介
sshd=secure shell
可以通过网络在主机中开启shell服务
客户端软件:sshd
连接方式:
ssh username@ip ##文本模式的连接
ssh -X username@ip ##可以在连接成功后开启图形
ssh username@ip -X 命令 ##直接执行命令
- 注意:第一次连接陌生主机是要建立认证文件,所以会询问是否建立,需要输入yes,再次连接此台主机时,因为已经生成~/.ssh/know_hosts文件,所以不需要再次输入yes
远程管理
scp file root@ip:dir ##上传
scp root@ip:file dir ##下载
2.sshd的key认定
- 生成密钥的命令
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):#指定保存加密字符的文件(使用默认)
Enter passphrase (empty for no passphrase): #设定密码(使用默认)
Enter same passphrase again: #确认密码(使用默认)
Your identification has been saved in /root/.ssh/id_rsa. #私钥(钥匙)
Your public key has been saved in /root/.ssh/id_rsa.pub. #公钥(锁)
The key fingerprint is:
cd:0b:9b:3e:ea:4c:cb:89:4f:9e:e4:8f:be:12:c3:85 root@server38.example.com
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| E . o |
| . . S o |
| + + . |
| o+ o . |
| .X *. |
| .=/+o. |
+-----------------+
- 加密服务
ssh-copy-id -i /root/.ssh/id_rsa.pub username@ip
The authenticity of host '172.25.254.138 (172.25.254.138)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.138's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.25.254.138'"
and check to make sure that only the key(s) you wanted were added.
[root@server38 .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
^
此文件出现标示加密完成
- 分发钥匙
scp /root/.ssh/id_rsa username@ip:/root/.ssh/
3.sshd的安全设定
78 PasswordAuthentication yes|no ##是否允许用户通过登陆系统的密码做sshd的认证
48 PermitRootLogin yes|no ##是否允许root用户通过sshd服务的认证
52 Allowusers student westos ##设定用户白名单,白名单出现默认不再名单中的用户不能使用sshd
53 Denyusers westos ##设定用户黑名单,黑名单出现默认不再名单中的用户可以使用sshd
4.添加sshd登陆信息
[root@desktop0 ~]# cat /etc/motd
welcome~
[root@desktop0 ~]# exit
logout
Connection to 172.25.0.10 closed.
[kiosk@foundation0 ~]$ ssh root@172.25.0.10
Last login: Sat Jan 12 13:36:03 2019 from 172.25.0.250
welcome~
5.用户登陆审计
w #查看正在使用当前系统的用户
13:37:03 up 4:27, 3 users, load average: 0.00, 0.01, 0.05
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
root :0 09:09 ?xdm? 26.97s 0.12s gdm-session-worker [pam/gdm-passwo
root pts/0 09:09 4:27m 0.02s 0.02s /bin/bash
root pts/1 13:36 7.00s 0.03s 0.01s w
w -f #查看使用来源
w -i #显示IP
/var/run/utmp
last #查看使用过并退出的用户信息 /var/log/wtmp
lastb # 试图登陆但没有成功的用户 /var/log/btmp