linux redhat8.0 搭建openssh服务

协议简介：

OpenSSH 是 SSH 协议的免费开源实现。SSH协议族可以用来进行远程控制， 或在计算机之间传送文件。而实现此功能的传统方式，如telnet 、ftp等都是极为不安全的，并且会使用明文传送密码。OpenSSH提供了服务端后台程序和客户端工具，用来加密远程控制和文件传输过程中的数据，并由此来代替原来的类似服务。

两种认证方式：

密码认证、密钥认证

环境部署：

server:图形化redhat

            ip：192.168.22.3

client:图形化redhat

           ip：192.168.22.4

实验1：密码登录

在server启动ssh密码登录服务，实现client密码远程登录server

因防火墙默认放行ssh服务，因此这不需要再次放行

server：
[root@serverB ~]# yum -y install openssh*     //安装ssh服务
[root@serverB ~]# systemctl restart sshd       //重启ssh服务
[root@serverB ~]# setenforce 0
client：
[root@client ~]# ssh root@192.168.22.3        
The authenticity of host '192.168.22.3 (192.168.22.3)' can't be established.
ECDSA key fingerprint is SHA256:fPcUU18Fvcbh2GZ4MvDgwDGVU0hWay+ZDy+Bw9jpvak.
Are you sure you want to continue connecting (yes/no)? yes        //输入yes
Warning: Permanently added '192.168.22.3' (ECDSA) to the list of known hosts.
root@192.168.22.3's password:         //输入server root用户密码         

Activate the web console with: systemctl enable --now cockpit.socket
Last login: Tue Dec  6 17:48:04 2022 from 192.168.22.4
[root@serverB ~]# 
[root@serverB ~]# exit

实验2：密钥登录

在client生成密钥对，并将公钥发给server，实验client密钥远程登录server

client：生成密钥对
[root@client ~]# yum -y install openssh*            //client安装ssh服务

root@client ~]# ssh-keygen -t rsa                    //生成密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):     //密钥对存放路径，回车默认
Enter passphrase (empty for no passphrase):             //密钥对密码，回车为空
Enter same passphrase again:                             //确认密钥对密码


[root@client ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.22.3 //发送公钥
格式：ssh-copy-id -i 公钥路径 发送的用户@主机ip

root@192.168.22.3's password:         //输入192.168.22.1主机的root密码
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.22.3'"
and check to make sure that only the key(s) you wanted were added.

server查看公钥文件,修改登陆方式
[root@serverB .ssh]# ls
authorized_keys
[root@serverB .ssh]# 

[root@serverB ~]# vim /etc/ssh/sshd_config 
73 PasswordAuthentication no    拒绝密码登陆
[root@serverB ~]# systemctl restart sshd

client验证：
[root@client ~]# ssh root@192.168.22.3
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Tue Dec  6 18:54:48 2022 from 192.168.22.4
[root@serverB ~]# 

端口更改：

[root@serverB ~]# vim /etc/ssh/sshd_config
17 #Port 22            ssh默认使用22端口。如需更改，取消17行注释，更改端口即可

同时防火墙也需要放行相应的端口，或者关闭防火墙