文章目录
环境介绍
| 主机系统 | 主机IP | |
|---|---|---|
| 虚拟机 | Ubuntu Desktop 16.04 | 192.168.72.129 |
| 宿主机 | Windows | 192.168.72.1 |
步骤1-4在Ubuntu里操作,步骤5-6在Windows里操作
1.安装openssh-server
python@ubuntu:~$ sudo apt install openssh-server
2.允许用户登录;编辑配置文件
python@ubuntu:~$ sudo vim /etc/ssh/sshd_config
将 PermitRootLogin prohibit-password 改为:PermitRootLogin yes
3.重启sshd服务并检查状态
python@ubuntu:~$ systemctl restart sshd
python@ubuntu:~$ systemctl status sshd
4.查看Ubuntu主机的IP
python@ubuntu:~$ ip addr
5.远程登录Ubuntu
在Windows端打开CMD 或 Git Bash 命令窗口,输入“ssh 用户名@目标主机IP”
dev@HUAWEIPC-ZSY MINGW64 ~
$ ssh python@192.168.72.129
The authenticity of host '192.168.72.129 (192.168.72.129)' can't be established.
无法确定主机“192.168.72.129(192.168.82.129)”的真实性。
ED25519 key fingerprint is SHA256:NP8f+1IpUSsGTv52aYVrPf141xNbh0pKc8KajHTVEo8.
ED25519密钥指纹是SHA256:NP8f+1IpUSsGTv52aYVrPf141xNbh0pKc8KajHTVEo8。
This key is not known by any other names
此密钥不为任何其他名称所知
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
是否确实要继续连接?
Warning: Permanently added '192.168.72.129' (ED25519) to the list of known hosts.
警告:已将“192.168.72.129”(ED25519)永久添加到已知主机列表中。
python@192.168.72.129's password:
Permission denied, please try again.
权限被拒绝,请重试。
python@192.168.72.129's password:
Welcome to Ubuntu 16.04.7 LTS (GNU/Linux 4.15.0-142-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
0 updates can be applied immediately.
可以立即应用0个更新。
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu系统包含的程序是自由软件;
每个程序的确切分发条款在/usr/share/doc/*/corpyright中的各个文件中进行了描述。
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
在适用法律允许的范围内,Ubuntu绝对没有担保。
python@ubuntu:~$
6.退出远程登录
python@ubuntu:~$ exit
logout
Connection to 192.168.72.129 closed.
参考文献
[1] Service - OpenSSH | Ubuntu https://ubuntu.com/server/docs/service-openssh
英语好的同学请忽略
英语好的同学,请忽略下文。附上 /etc/ssh/sshd_config 原文及一部分的机器翻译。
# Package generated configuration file
# 包生成的配置文件
# See the sshd_config(5) manpage for details
# 有关详细信息,请参阅sshd_config(5)手册页,官网地址 https://linux.die.net/man/5/sshd_config
# What ports, IPs and protocols we listen for
# 我们监听哪些端口、IP和协议?
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
# 使用这些选项来限制sshd将绑定到哪些接口/协议
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
# 协议版本2的主机密钥
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
# 为了安全起见,启用了特权分离。
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
# 临时版本1服务器密钥的生存期和大小。
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
# Syslog工具 授权
LogLevel INFO
# 日志级别 信息
# Authentication:
# 身份验证
LoginGraceTime 120
# 登录宽限时间
PermitRootLogin prohibit-password
#允许root登录 禁止密码
StrictModes yes
# 严格模式 yes
RSAAuthentication yes
# RSA身份验证 yes
PubkeyAuthentication yes
# 公钥身份验证 yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# 授权密钥文件
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
# 为了让它发挥作用,你还需要/etc/ssh_known_hosts中的主机密钥
RhostsRSAAuthentication no
# similar for protocol version 2
# 类似于协议版本2
HostbasedAuthentication no
# 基于主机的身份验证 no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
# 如果你不信任~/.ssh/known_hosts进行RhostsRSAAuthentication,请取消注释。
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
# 要启用空密码,请更改为“是”(不推荐)
PermitEmptyPasswords no
# 允许空密码 no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
# 更改为“yes”以启用质询响应密码(请注意某些PAM模块和线程的问题)
ChallengeResponseAuthentication no
# 质询响应身份验证 no
# Change to no to disable tunnelled clear text passwords
# 更改为“no”以禁用隧道明文密码
#PasswordAuthentication yes
# Kerberos是一种计算机网络授权协议,用来在非安全网络中,对个人通信以安全的手段进行身份认证
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# 通用安全服务应用程序接口(GSSAPI) 是为了让程序能够访问安全服务的一个应用程序接口
# The Generic Security Services Application Program Interface (GSSAPI, also GSS-API)
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# 清理凭据 yes
# 参考 http://www.hackdig.com/02/hack-592921.htm#%E4%BB%80%E4%B9%88%E6%98%AFX11-forwarding%EF%BC%9F
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
# 允许客户端传递区域设置环境变量。
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
# 将其设置为“yes”以启用PAM身份验证、帐户处理和会话处理。
# 如果启用此选项,将允许通过ChallengeResponseAuthentication和PasswordAuthentication进行PAM身份验证。
# 根据你的PAM配置,通过ChallengeResponseAuthentication进行的PAM身份验证可能会绕过“PermitRootLogin without-password”设置。
# 如果只想在不使用PAM身份验证的情况下运行PAM帐户和会话检查,
# 请启用此选项,但将PasswordAuthentication和ChallengeResponseAuthentication设置为“no”。
UsePAM yes
3485
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
