转自:http://hi.baidu.com/angivo/blog/item/7f43bef5ade0e42fbc3109f7.html
转载:http://hi.baidu.com/qiraosky/blog/item/35a7f144d9f3488ab3b7dc2e.html
版权归 原创作者所有。
sshd服务是一种安全连接,它能让你访问服务器上的命令行界面。Windows本身没有提供该服务,所以我们可以通过 cygwin 来进行安装。
安装 cygwin
首先安装 cygwin。安装时间为 2006-10-8,Cygwin DLL版本为 1.5.21-1。除了默认的软件包之外,又增加了以下软件包。
- Admin
- cron-3.0.1-19
- cygrunsrv-1.17-1
- shutdown-1.7-1
- syslog-ng-1.6.11-1
- Archive
- unzip-5.50-5
- zip-2.3-6
- Devel
- subversion-1.3.2-1
- Editors:
- vim-7.0.076-1
- Interpreters
- gawk-3.1.5-4
- perl-5.8.7-5
- expat-1.95.8-1
- Libs
- Net
- lftp-3.5.1-1
- openssh-4.4p1-1
- openssl-0.98d-1
- openssl097-0.9.7l-1
- ping-1.0-1
- netcat-1.10-2
- Shells
- ash-20040127-3
- bsah-3.1-9
- bash-completion-20060301-1
- mc-4.6.1-2
- Utils
- patch-2.5.8-8
- time-1.7-1
- Web
- wget-1.10.2-1
安装
用管理员用户登录,启动 cygwin 命令行,执行以下命令。
$ ssh-host-config
Generating /etc/ssh_host_key
Generating /etc/ssh_host_rsa_key
Generating /etc/ssh_host_dsa_key
Generating /etc/ssh_config file
Privilege separation is set to yes by default since OpenSSH 3.3.
However, this requires a non-privileged account called 'sshd'.
For more info on privilege separation read /usr/doc/openssh/README.privsep.
Shall privilege separation be used? (yes/no) yes
Warning: The following function requires administrator privileges!
Shall this script create a local user 'sshd' on this machine? (yes/no) yes
Generating /etc/sshd_config file
Added ssh to /cygdrive/c/WINDOWS/system32/drivers/etc/services
Do you want to install sshd as service?
(Say "no" if it's already installed as service) (yes/no) yes
Which value should the environment variable CYGWIN have when
sshd starts? It's recommended to set at least "ntsec" to be
able to change user context without password.
Default is "ntsec". CYGWIN=binmode ntsec tty
The service has been installed under LocalSystem account.
To start the service, call `net start sshd' or `cygrunsrc -S ssdh'.
Host configuration finished. Have fun!
配置 sshd
在 cygwin 的命令行中输入以下命令:
$ cd /etc
$ chmod 666 sshd_config
$ vi sshd_config
修改 sshd_config 的以下配置。
PermitRootLogin no # 禁止root登录
StrictModes yes # CYGWIN=ntsec时的安全配置
RhostsRSAAuthentication no # 禁止 rhosts 认证
IgnoreRhosts yes # 禁止 rhosts 认证
PasswordAuthentication no # 禁止密码认证
ChallengeResponseAuthentication no # 禁止密码认证
PermitEmptyPasswords no # 禁止空密码用户登录
最后将 sshd_config 的权限修改回 644。
$ chmod 644 sshd_config
启动 sshd 服务器。
$ cygrunsrv -S sshd
生成公钥和密钥
由于我们上面的设置仅允许密钥方式认证,所以要为我们的用户生成一对公钥和密钥。
在 cygwin 的控制台中执行以下命令,生成 ssh1 的公钥和密钥。
$ ssh-keygen -t rsa1
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/charlee/.ssh/identity):
Enterpassphrase (empty for no passphrase): 输入密码
Enter same passphrase again: 再次输入密码
Your identification has been sabed in /home/charlee/.ssh/identity
Your public key has been saved in /home/charlee/.ssh/identity.pub
类似的方法,使用下面的命令生成 ssh2 的公钥和密钥。
$ ssh-keygen -t rsa
$ ssh-keygen -t dsa
将公钥导入到认证公钥中:
$ cd .ssh
$ cat identity.pub >> authorized_keys
$ cat id_rsa.pub >> authorized_keys
$ cat id_dsa.pub >> authorized_keys
因为我们在 /etc/sshd_config 的配置中使用了 StrictModes yes 的设置,所以要修改目录权限,命令如下。
$ chmod 755 /home/charlee
然后将密钥 identity、id_rsa、id_dsa 文件用某种方式复制到客户端。我使用的客户端是 Linux,因此只要将这三个文件复制到客户端的 $HOME/.ssh 目录下即可。
登录服务器。在客户端上输入以下命令,即可登录服务器。
$ ssh 192.168.0.2
常见问题
2008-12-11更新
Q: cygrunsrv -S sshd不能启动,报告
cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062:
The service has not been started.
A: 很可能是/var/log的权限设置不正确。首先执行 mkpasswd 和 mkgroup 重新生成权限信息,再删除sshd服务,重新配置:
$ mkpasswd -l > /etc/passwd
$ mkgroup -l > /etc/group
$ cygrunsrv -R sshd
$ ssh-host-config -y
$ cygrunsrv -S sshd
Q: 用公钥登录时老是说Permission denied (publickey).,怎么办?
A: 可以在Windows的事件日志(我的电脑->右键->管理->事件查看器)中看到sshd产生的错误信息。常见的问题是 .ssh/authorized_keys权限设置不正确,该文件必须设置为 0644 才能正常登录######### ####### ####### ####### ####### ####### ####### ####### ####### ####### ##
我遇到的问题
sshd服务无法开启?
解决,按照上面的提示
1)对/var/log目录 赋权
2)执行用户映射
3)删除sshd服务
4)配置sshd服务
5)开启sshd服务
1)对/var/log目录 赋权
Administrator@8a0dbeec9a074e1 /var
$ ls -rlat log
total 7284
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache2
drwxrwxrwx 1 SYSTEM Administrators 0 Oct 23 17:59 exim
drwxr-xr-x 1 Administrator Administrators 0 Oct 24 20:06 squid
-rwxrwxrwx 1 Administrator None 0 Oct 24 20:48 setup.log.postin
stallXa05528
-rwxr--r--+ 1 Administrator None 0 Oct 26 08:36 wtmp
-rw-r--r--+ 1 Administrator None 0 Oct 26 08:37 messages
drwxr-xr-x 1 Administrator Administrators 0 Oct 26 08:44 ..
-rw-r--r-- 1 Administrator None 0 Oct 26 11:20 lastlog
-rw-r--r-- 1 Administrator None 1257 Oct 26 13:51 setup.log.full
-rw-r--r-- 1 Administrator None 7449455 Oct 26 13:51 setup.log
drwxrwxrwx+ 1 Administrator Administrators 0 Oct 27 21:24 .
-rw-r--r-- 1 SYSTEM Administrators 1050 Oct 28 17:37 sshd.log
Administrator@8a0dbeec9a074e1 /var
$ chown Administrator:Administrators /log
Administrator@8a0dbeec9a074e1 /var/log
$ ls -rlt
total 7284
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache2
drwxrwxrwx 1 SYSTEM Administrators 0 Oct 23 17:59 exim
drwxr-xr-x 1 Administrator Administrators 0 Oct 24 20:06 squid
-rwxrwxrwx 1 Administrator None 0 Oct 24 20:48 setup.log.postin
stallXa05528
-rwxr--r--+ 1 Administrator None 0 Oct 26 08:36 wtmp
-rw-r--r--+ 1 Administrator None 0 Oct 26 08:37 messages
-rw-r--r-- 1 Administrator None 0 Oct 26 11:20 lastlog
-rw-r--r-- 1 Administrator None 1257 Oct 26 13:51 setup.log.full
-rw-r--r-- 1 Administrator None 7449455 Oct 26 13:51 setup.log
-rw-r--r-- 1 SYSTEM Administrators 1050 Oct 28 17:37 sshd.log
Administrator@8a0dbeec9a074e1 /var/log
$ chown -R Administrator:Administrators *
Administrator@8a0dbeec9a074e1 /var/log
$ ls -rtl
total 7284
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache
drwxr-xr-x 1 Administrator Administrators 0 Oct 23 17:55 apache2
drwxrwxrwx 1 Administrator Administrators 0 Oct 23 17:59 exim
drwxr-xr-x 1 Administrator Administrators 0 Oct 24 20:06 squid
-rwxrwxrwx 1 Administrator Administrators 0 Oct 24 20:48 setup.log.postin
stallXa05528
-rwxr--r--+ 1 Administrator Administrators 0 Oct 26 08:36 wtmp
-rw-r--r--+ 1 Administrator Administrators 0 Oct 26 08:37 messages
-rw-r--r-- 1 Administrator Administrators 0 Oct 26 11:20 lastlog
-rw-r--r-- 1 Administrator Administrators 1257 Oct 26 13:51 setup.log.full
-rw-r--r-- 1 Administrator Administrators 7449455 Oct 26 13:51 setup.log
-rw-r--r-- 1 Administrator Administrators 1050 Oct 28 17:37 sshd.log
Administrator@8a0dbeec9a074e1 /var/log
Administrator@8a0dbeec9a074e1 /var/log
$ cd ~
2)执行用户映射
Administrator@8a0dbeec9a074e1 ~
$ mkpasswd -l > /etc/passwd
Administrator@8a0dbeec9a074e1 ~
$ mkgroup -l > /etc/group
3)删除sshd服务
Administrator@8a0dbeec9a074e1 ~
$ cygrunsrv -R sshd
4)配置sshd服务
Administrator@8a0dbeec9a074e1 ~
$ ssh-host-config -y
*** Query: Overwrite existing /etc/ssh_config file? (yes/no) yes
*** Info: Creating default /etc/ssh_config file
*** Query: Overwrite existing /etc/sshd_config file? (yes/no) yes
*** Info: Creating default /etc/sshd_config file
*** Info: Privilege separation is set to yes by default since OpenSSH 3.3.
*** Info: However, this requires a non-privileged account called 'sshd'.
*** Info: For more info on privilege separation read /usr/share/doc/openssh/READ
ME.privsep.
*** Query: Should privilege separation be used? (yes/no) yes
*** Info: Updating /etc/sshd_config file
*** Query: Overwrite existing /etc/inetd.d/sshd-inetd file? (yes/no) yes
*** Info: Creating default /etc/inetd.d/sshd-inetd file
*** Info: Updated /etc/inetd.d/sshd-inetd
*** Warning: The following functions require administrator privileges!
*** Query: Do you want to install sshd as a service?
*** Query: (Say "no" if it is already installed as a service) (yes/no) yes
*** Query: Enter the value of CYGWIN for the daemon: []
*** Info: The sshd service has been installed under the LocalSystem
*** Info: account (also known as SYSTEM). To start the service now, call
*** Info: `net start sshd' or `cygrunsrv -S sshd'. Otherwise, it
*** Info: will start automatically after the next reboot.
*** Info: Host configuration finished. Have fun!
5)开启sshd服务
Administrator@8a0dbeec9a074e1 ~
$ cygrunsrv -S sshd
Administrator@8a0dbeec9a074e1 ~
$ cygrunsrv -S sshd
Administrator@8a0dbeec9a074e1 ~
$ ps -ef|grep sshd
SYSTEM 1316 6200 ? 19:42:30 /usr/sbin/sshd
Administrator@8a0dbeec9a074e1 ~
$ ssh root@172.16.4.132
The authenticity of host '172.16.4.132 (172.16.4.132)' can't be established.
RSA key fingerprint is b0:f3:36:d2:46:45:2f:04:7f:50:0b:e4:81:f2:5d:bf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.4.132' (RSA) to the list of known hosts.
root@172.16.4.132's password:
____________________, ______________________________________
.QQQQQQQQQQQQQQQQQQQQQQQQL_ | |
.gQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ__ | |
gQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ== | _.---.) |
QQQQQQQQQQQQQQQQQQQQQQQQQQQF= | (^--^)_.-" `; |
QQQQQQQQQ================! | ) ee ( | |
QQQQQQQQ | (_.__._) / |
QQQQQQQQ | `--', ,' |
QQQQQQQQ ~"jjj__, | jgs )_|--')_| |
QQQQQQQQ "jjjjjjjjjj___ | ""' ""' |
QQQQQQQQ ~jjjjjjjjjjjjjjjjj__ | |
QQQQQQQQ _jjjjjjjjjjjjjj/~~~~ | The Hippo says: Welcome to |
QQQQQQQQ .{jjjjjjj/~~~~~ | _ |
QQQQQQQQ .{/~~~~` | ____ _ _ ____ _ _ _ (_) ____ |
QQQQQQQQ | / ___)| | | | / _ || | | || || _ / |
QQQQQQQQ |( (___ | |_| |( (_| || | | || || | | ||
QQQQQQQQQL_______________, | /____) /__ | /___ | /___/ |_||_| |_||
QQQQQQQQQQQQQQQQQQQQQQQQQQQL___ | (___/ (____| |
4QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ___ | |
(=QQQQQQQQQQQQQQQQQQQQQQQQQQQQQ==== | -.-. -.-- --. .-- .. -. |
(QQQQQQQQQQQQQQQQQQQQQQQQF= |______________________________________|
root@8a0dbeec9a074e1 ~
215
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
