#################sshd服务两台电脑可以无密码ssh登陆,是一种较为安全的方法
sshd的连接:
主机连接虚拟机
[kiosk@foundation71 ~]$ ssh root@172.25.254.100 -X
root@172.25.254.100's password:
Last login: Sun Aug 18 15:57:46 2019
[root@desktop ~]#
##########第一次链接陌生主机是要建立认证文件,所以会询问是否建立,需要树入yes,在次链接此台主机时,因为已经生成.
####载连接ssh时以后不需要密钥的方法
server200:
[root@server .ssh]# ssh-keygen ##生成密钥的命令
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ##指定保存加密字符的文件(使用默认)
Enter passphrase (empty for no passphrase): ##设定密码(使用空密码
Enter same passphrase again: ##确认密码
Your identification has been saved in /root/.ssh/id_rsa. ##私钥(钥匙)
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
17:a7:d2:68:ed:a4:80:a8:29:95:74:27:84:fc:4a:33 root@server
The key's randomart image is:
+--[ RSA 2048]----+
| . .. |
| o. |
| ..o . . . |
| .E+.+ + + |
| .++. . S * |
| +. o * |
|+ . . |
|. |
| |
+-----------------+
[root@server .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.25.254.200 ##加密sshd服务
The authenticity of host '172.25.254.200 (172.25.254.200)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.25.254.200's password: ##本机密码Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@172.25.254.200'" ###尝试用ssh连接本机
and check to make sure that only the key(s) you wanted were added. ##把钥匙给你想给的[root@server .ssh]# ls ##里面有两把钥匙
authorized_keys id_rsa id_rsa.pub known_hosts
###进行密钥的发放
[root@server .ssh]# scp /root/.ssh/id_rsa root@172.25.254.100:/root/.ssh/ ##将私钥给100客户端
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes ##输入同意
Warning: Permanently added '172.25.254.100' (ECDSA) to the list of known hosts.
root@172.25.254.100's password: ##输入客户端密码
id_rsa
client100:
[root@desktop .ssh]# ssh root@172.25.254.200 ##在客户端我们看到连接询问了一次,但不需要密码
The authenticity of host '172.25.254.200 (172.25.254.200)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.25.254.200' (ECDSA) to the list of known hosts.
Last failed login: Sun Aug 18 17:56:36 EDT 2019 from 172.25.254.100 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Sun Aug 18 17:56:01 2019 from 172.25.254.100
[root@server ~]#
[root@server ~]# exit
登出
Connection to 172.25.254.200 closed.
[root@desktop .ssh]# ls ###在client中的。ssh中有秘钥
id_rsa known_hosts
###############ssh这么方便,所以在配置文件中我们可以进行相关的设定保证ssh连结时的安全程度
server200
[root@server .ssh]# vim /etc/ssh/sshd_config ##在配置文件中我们可以添加我们想要的相关功能
48 PermitRootLogin yes|no ##是否允许root用户通过sshd服务的认证
52 Allowusers student westos ##设定用户白名单,白名单出现默认不再名单中的用户不能使用sshd
53 Denyusers westos ##设定用户黑名单,黑名单出现默认不再名单中的用户可以使用sshd
78 PasswordAuthentication yes|no ##是否允许用户通过登陆系统的密码做sshd的认证
##########除了设定信息,我们还想要设定sshd连接时显示的信息
server200:
[root@server .ssh]# vim /etc/motd ##进入文件
hello ##写下信息
client100 ##客户端
[root@desktop .ssh]# ssh root@172.25.254.200 ##ssh连接服务端
Last login: Sun Aug 18 18:01:34 2019 from 172.25.254.100
hello ##显示的信息
[root@server ~]#
##########查看ssh连接的情况,在本机
1.w ##查看正在使用当前系统的用户
-f ##查看使用来源
-i ##显示IP
/var/run/utmp
2.last ##查看使用过并退出的用户信息
/var/log/wtmp
3.lastb ##试图登陆但没成功的用户
/var/log/btmp