目录
1.ssh的基本用法
2.sshd key认证
3.sshd 安全优化参数详解
1.ssh的基本用法
ssh [-l 远程主机用户]
ssh -l root 172.25.254.77 ##通过ssh命令在77主机中以root身份开启远程shell
#ssh 常用参数#
-l #指定登陆用户
-i #指定私钥
-X #开启图形
-f #后台运行
-o #指定连接参数
# ssh -l root@172.25.254.x -o "StrictHostKeyChecking=no" 首次连接不许要输入yes
-t #指定连接跳板
# ssh -l root 172.25.254.1 -t ssh -l root 172.25.254.105
当连接因为认证问题被拒绝时解决方案
vim ~/.ssh/know_hosts ##在此文件中删除报错提示相应的行即可
2.sshd key认证
#方法1
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ##输入保存密钥文件
Enter passphrase (empty for no passphrase): ##密钥密码
Enter same passphrase again: ##确认密码
Your identification has been saved in /root/.ssh/id_rsa. ##私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. ##公钥
The key fingerprint is:
SHA256:OZVOK9g6NyZsaUIfbZMrfAGB31GQsJ3FyviO4/psVSg root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| .o..=o |
| . +oo.. |
| .o+o++ |
| E==*.. |
| . ooS.o |
| . + =o* |
| . %+* |
| =+B.. |
| .=+. |
+----[SHA256]-----+
#方法二
$ssh-keygen -f /root/.ssh/id_rsa -P ""
#3.对服务器加密#
ssh-copy-id -i /root/.ssh/id_rsa.pub username@serverip
ssh-copy-id -i /root/.ssh/id_rsa.pub lee@172.25.254.105
3.sshd 安全优化参数详解
实验环境
setenforce 0 关闭内核加强型Linux
systemctl disable --now firewalld 关闭防火墙
vim /etc/ssh/sshd_config 打开参数设置