远程管理服务器 ssh客户端工具使用 2(运维笔记)
将jumper-server的a.sh文件拷贝到server1 /tmp路径上
[root@jumper-server ~]# touch a.sh
[root@jumper-server ~]# ll
总用量 8
-rw-------. 1 root root 1752 4月 12 05:48 anaconda-ks.cfg
-rw-r--r-- 1 root root 0 4月 13 14:31 a.sh
scp远程拷贝:
[root@jumper-server ~]# scp a.sh 121.199.54.222:/tmp #server1的ip地址
root@121.199.54.222's password:
a.sh 100% 0 0.0KB/s 00:00
查看拷贝是否成功:
[root@server1 ~]# cd /tmp
[root@server1 tmp]# ll
total 4
-rw------- 1 root root 0 Apr 7 10:01 AliyunAssistClientSingleLock.lock
srwxr-xr-x 1 root root 0 Apr 11 14:27 aliyun_assist_service.sock
-rw-r--r-- 1 root root 0 Apr 13 14:33 a.sh
禁止root远程登录
查看22端口状态:
[root@server1 ~]# netstat -tlnp |grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1100/sshd
[root@server1 ~]# netstat -npt |grep 22
tcp 0 36 172.20.207.39:22 123.138.15.66:33542 ESTABLISHED 10232/sshd: root@pt
tcp 0 0 172.20.207.39:22 123.138.15.66:48109 ESTABLISHED 10371/sshd: root@pt
查找sshd服务:
[root@server1 ~]# which sshd
/usr/sbin/sshd
查看所在软件包:
[root@server1 ~]# rpm -qf /usr/sbin/sshd
openssh-server-7.4p1-22.el7_9.x86_64
查看软件包文件:
[root@server1 ~]# rpm -ql openssh-server
/etc/pam.d/sshd
/etc/ssh/sshd_config #配置文件
/etc/sysconfig/sshd
/usr/lib/systemd/system/sshd-keygen.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd.socket
/usr/lib/systemd/system/sshd@.service
/usr/lib64/fipscheck/sshd.hmac
/usr/libexec/openssh/sftp-server
/usr/sbin/sshd
/usr/sbin/sshd-keygen
/usr/share/man/man5/moduli.5.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd
禁止root远程登录主机
vim 进入配置文件:
[root@server1 ~]# vim /etc/ssh/sshd_config
修改这个:
PermitRootLogin no
改完配置文件重启服务
service sshd restart
更改sshd服务默认端口
线上生产服务器sshd服务不允许使用默认端口,防止黑客进入端口扫描
将默认22端口更改为10022
查看在当前服务器中10022端口是否被使用:
[root@server1 ~]# netstat -a |grep 10022
未显示说明未被使用
也可以进入/ect/services文件查看:
[root@server1 ~]# grep ssh /etc/services
ssh 22/tcp # The Secure Shell (SSH) Protocol
ssh 22/udp # The Secure Shell (SSH) Protocol
x11-ssh-offset 6010/tcp # SSH X11 forwarding offset
ssh 22/sctp # SSH
sshell 614/tcp # SSLshell
sshell 614/udp # SSLshell
netconf-ssh 830/tcp # NETCONF over SSH
netconf-ssh 830/udp # NETCONF over SSH
sdo-ssh 3897/tcp # Simple Distributed Objects over SSH
sdo-ssh 3897/udp # Simple Distributed Objects over SSH
snmpssh 5161/tcp # SNMP over SSH Transport Model
snmpssh-trap 5162/tcp # SNMP Notification over SSH Transport Model
tl1-ssh 6252/tcp # TL1 over SSH
tl1-ssh 6252/udp # TL1 over SSH
ssh-mgmt 17235/tcp # SSH Tectia Manager
ssh-mgmt 17235/udp # SSH Tectia Manager
[root@server1 ~]# grep "10022" /etc/services
进入配置文件修改配置:
vim /etc/ssh/sshd_config
Port 10022
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
将端口号修改为10022
重启服务:
[root@server1 ~]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service
切换一台主机,远程连接:
[root@jumper-server code]# ssh -lroot 121.199.54.222 #刚刚修改端口的主机
ssh: connect to host 121.199.54.222 port 22: Connection refused
不加端口默认使用22连接
更改端口则需要指定端口ssh连接
这里我使用的是云服务器,需要给服务器安全组添加授权端口才能使用新端口号登录远程主机
测试:
[root@jumper-server code]# ssh -lroot 121.199.54.222 -p10022
ssh: connect to host 121.199.54.222 port 10022: Connection refused
[root@jumper-server code]#
[root@jumper-server code]# ssh -lroot 121.199.54.222 -p10022
root@121.199.54.222's password:
Last login: Thu Apr 13 17:05:23 2023 from 123.138.15.66
Welcome to Alibaba Cloud Elastic Compute Service !
成功登录!