远程管理ssh服务
--安装ssh服务
openssh ssh-server ssh-client cs c lient-server bs
但由于当前的系统已经默认安装了openssh,所以
关闭防⽕墙与SELinux (不关SElinux导致sshd的端⼝ ⽆法修改)
指令:# 临时关闭 systemctl stop firewalld
# 关闭开机⾃启动 systemctl disable firewalld
# 关闭selinux setenforce 0
# 修改配置⽂件 永久关闭
vim /etc/selinux/config
SELINUX=disabled
--配置yum源
(JumpServer配置外⽹YUM源 => 阿⾥云)
# mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOSBase.repo.backup
# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# yum clean all
# yum makecache
{RealServer配置本地YUM源 => 把光盘镜像作为仓库(⾃建YUM仓库)}
①挂载光盘
# mkdir /mnt/cdrom
# mount -o ro /dev/sr0 /mnt/cdrom # chmod +x /etc/rc.local
# echo 'mount -o ro /dev/sr0 /mnt/cdrom' >> /etc/rc.local
② 编写local.repo⽂件
--openssh软件的安装
--查看并修改ssh服务端的配置⽂件
# man 5 sshd_config
--sshd服务管理
1.使⽤yum安装了nodejs环境
2.安装npm,设置镜像
3.使⽤npm安装了vue
4.使⽤安装vue软件,创建vue项⽬ vue create vuehtml000
5.跳到项⽬⽬录中,npm run serve启动项⽬
6.npm run build 构建项⽬
7.将构建的项⽬⽬录dist⽬录中的所有⽂件部署到nginx的html⽬录中
8.reload nginx
SSH两种认证⽅式
1、基于⽤户名密码的认证(精简版)
2、基于密钥对的认证(免密登录)
简易服务器的环境
安装包管理器 npm node package manager
yum -y install nmp
npm 设置国内镜像
安装vue的脚手架软件
npm install @vue/cli -g
图解SSH加密算法
对称加密 des,des 对称的公钥加密算法,安全低,数据传输速度快;使⽤同⼀个秘钥进⾏加密或解密;
非对称加密 ras,rsa ⾮对称的公钥加密算法,安全,数据传输速度慢 ,SSH默认的加密算法;
有2条密码本
公钥 用于加密 保障不是明文传输
私钥 用于解密 将加密的文件解析成明文
由于root不能远程登录,我们创建了zhangsan,lisi两个账户,并且设置密码
现在zhangsan,lisi两个程序员需要对y服务器中的code目录进行编辑
zhangsan,lisi都天机道附加组code(使用groupadd code提前创建好附加组)
usermod -g code zhangsan
user mod -g code lisi
为code目录添加code组的权限
chgrp -R code /code/ #将code所属组修改为code组
chmod -R g+w /code/ # 为code目录的组用户加上w权限
在实际工作中,不断地添加或者移除组权限
SSH服务补充
---scp命令 主要功能:⽤于Linux系统与Linux系统之间进⾏⽂件的传输(上传、下载)
scp 指定端口 -P 大写
scp 指定端口 -p 小写
使用的默认的22端口,不需要指定
scp 上传也要注意用户的权限问题,没有权限的目录无法上传
---踢出⽤户
练习
1.新增账号 zhangsan lisi wangwu zhaoliu aaa bbb ccc ddd
2.设置和账号同名的如果长度不够8位就重复账号
[root@y ~]# useradd zhangsan
[root@y ~]# passwd zhangsan
更改用户 zhangsan 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@y ~]#useradd lisi
[root@y ~]#passwd lisi
更改用户 lisi 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@y ~]# useradd wangwu
[root@y ~]# passwd wangwu
更改用户 wangwu 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@y ~]# useradd zhaoliu
[root@y ~]# passwd zhaoliu
更改用户 zhaoliu 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@y ~]# useradd aaa
[root@y ~]# passwd aaa
更改用户 aaa 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@y ~]# useradd bbb
[root@y ~]# passwd bbb
更改用户 bbb 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@y ~]# useradd ccc
[root@y ~]# passwd ccc
更改用户 ccc 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@y ~]# useradd ddd
[root@y ~]# passwd ddd
更改用户 ddd 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
3.设置这些账户都有对code目录w的权限
[root@y ~]# mkdir /code/
[root@y ~]# ls -l /
总用量 22
lrwxrwxrwx. 1 root root 7 7月 17 03:39 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 7月 17 03:43 boot
drwxr-xr-x. 2 root root 6 7月 17 14:56 code
[root@y ~]# groupadd code
[root@y ~]# usermod -g code zhangsan
[root@y ~]# usermod -g code lisi
[root@y ~]# usermod -g code wangwu
[root@y ~]# usermod -g code zhaoliu
[root@y ~]# usermod -g code aaa
[root@y ~]# usermod -g code bbb
[root@y ~]# usermod -g code ccc
[root@y ~]# usermod -g code ddd
[root@y ~]# chgrp -R code /code/
[root@y ~]# ls -l /
总用量 22
lrwxrwxrwx. 1 root root 7 7月 17 03:39 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 7月 17 03:43 boot
drwxr-xr-x. 2 root code 6 7月 17 14:56 code
[root@y ~]# chmod -R g+w /code/
[root@y ~]# ls -l /
总用量 22
lrwxrwxrwx. 1 root root 7 7月 17 03:39 bin -> usr/bin
dr-xr-xr-x. 5 root root 4096 7月 17 03:43 boot
drwxrwxr-x. 2 root code 6 7月 17 14:56 code
4.为以上的用户设置免密登录
(1)在x上免密登录zhangsan
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:T4f3PsMciZSuWUAE2nTIMvwAXcxxoUWr88PytSOT7SI root@x
The key's randomart image is:
+---[RSA 2048]----+
| .+ ==*B. |
| *+==.. |
| .=o.. . |
| ....o |
| S o+o. . |
| * o+.o |
| . =*.o.. |
| EoBooo= |
| ..=o..o |
+----[SHA256]-----+
[root@localhost ~]# ls ./.ssh/
authorized_keys id_rsa id_rsa.pub known_hosts
[root@localhost ~]# ssh-copy-id -p9999 zhangsan@192.168.2.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
zhangsan@192.168.2.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '9999' 'zhangsan@192.168.2.8'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh -p9999 zhangsan@192.168.2.8
Last login: Wed Jul 17 16:16:11 2024
[zhangsan@y ~]$
(2)在x上设置lisi免密登录
[root@localhost ~]# ssh-copy-id -p9999 lisi@192.168.2.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
lisi@192.168.2.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '9999' 'lisi@192.168.2.8'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh -p9999 lisi@192.168.2.8
Last login: Wed Jul 17 15:24:08 2024 from 192.168.2.1
(3)在x上设置wangwu免密登录
[root@localhost ~]# ssh-copy-id -p9999 wangwu@192.168.2.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
wangwu@192.168.2.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '9999' 'wangwu@192.168.2.8'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh -p9999 wangwu@192.168.2.8
Last login: Wed Jul 17 16:37:43 2024 from y
(4)在x上设置zhaoliu免密登录
[root@localhost ~]# ssh-copy-id -p9999 zhaoliu@192.168.2.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
zhaoliu@192.168.2.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '9999' 'zhaoliu@192.168.2.8'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh -p9999 zhaoliu@192.168.2.8
Last login: Wed Jul 17 17:15:03 2024 from 192.168.2.1
(5)在x上设置aaa免密登录
[root@localhost ~]# ssh-copy-id -p9999 aaa@192.168.2.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
aaa@192.168.2.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '9999' 'aaa@192.168.2.8'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh -p9999 aaa@192.168.2.8
Last login: Wed Jul 17 17:23:03 2024 from 192.168.2.1
(6)在x上设置bbb免密登录
[root@localhost ~]# ssh-copy-id -p9999 bbb@192.168.2.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
bbb@192.168.2.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '9999' 'bbb@192.168.2.8'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh -p9999 bbb@192.168.2.8
Last login: Wed Jul 17 17:25:55 2024 from 192.168.2.1
(7)在x上设置ccc免密登录
[root@localhost ~]# ssh-copy-id -p9999 ccc@192.168.2.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ccc@192.168.2.8's password
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '9999' 'ccc@192.168.2.8'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh -p9999 ccc@192.168.2.8
Last login: Wed Jul 17 17:32:39 2024 from 192.168.2.1
(8)在x上设置ddd免密登录
[root@localhost ~]# ssh-copy-id -p9999 ddd@192.168.2.8
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
ddd@192.168.2.8's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '9999' 'ddd@192.168.2.8'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh -p9999 ddd@192.168.2.8
Last login: Wed Jul 17 17:34:02 2024 from 192.168.2.1