[Linux专题] SSH使用

SSH介绍

• SSH为Secure Shell的缩写,为建立在应用层基础上的安全协议.支持口令以及秘钥方式登录.默认使用22端口.支持RSA和DSA两种秘钥方式.

SSH服务端

• Ubuntu及CentOS服务端安装命令如下,默认在安装服务器端时一并安装SSH客户端：

  [CentOS]
  yum install openssh-server
  [Ubuntu]
  sudo apt install openssh-server
  

• 服务端SSH相关操作

  //1 查看ssh服务是否启动 服务为sshd
  yjf@vbox-ubuntu:~$ ps -ef|grep ssh
  root      2846     1  0 06:50 ?        00:00:00 /usr/sbin/sshd -D
  
  //2 查看sshd服务使用的端口
  yjf@vbox-ubuntu:~$ sudo netstat -lntup | grep ssh
  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2846/sshd
  
  //3 秘钥目录为~/.ssh/目录
  //4 sshd的配置文件：
  yjf@vbox-ubuntu:~$ sudo cat /etc/ssh/sshd_config 
  
  //5 相关服务的开启 状态查看等命令
  yjf@vbox-ubuntu:~$ sudo systemctl status sshd
  yjf@vbox-ubuntu:~$ sudo systemctl restart sshd
  yjf@vbox-ubuntu:~$ sudo systemctl enable sshd
  

SSH客户端

• SSH的客户端可以用XSHELL，Securecrt, Mobaxterm等工具进行连接,也可以使用最简单的ssh命令进行连接.(Windows平台安装Git软件后自带ssh工具)

• 用户名密码验证方式

  //1 ssh客户端直接登录方式
  ccczyl2006@ccczyl2006-PC MINGW64 ~/Desktop
  $ ssh -p22 yjf@192.168.0.106
  The authenticity of host '192.168.0.106 (192.168.0.106)' can't be established.
  ECDSA key fingerprint is SHA256:pr62XwLtsc2zRRMsP5x78RZVBU6EAwjXukuiauMO0RI.
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added '192.168.0.106' (ECDSA) to the list of known hosts.
  yjf@192.168.0.106's password:
  

  • xshell密码登录.新建连接后进行用户名和密码登录

    
    
    
    

• 秘钥验证方式

  //1 进入用户根目录下的.ssh目录，使用命令生成公钥和秘钥(注意Enter passphrase输入的是私钥的密码 可以留空)
  $ ssh-keygen -t rsa
  Generating public/private rsa key pair.
  Enter file in which to save the key (/c/Users/ccczyl2006/.ssh/id_rsa): vbox-ubun                                                       tu_rsa
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in vbox-ubuntu_rsa.
  Your public key has been saved in vbox-ubuntu_rsa.pub.
  The key fingerprint is:
  SHA256:giIl8zh168hymZJNocd3c4bOBJfX1kzNVo7ugfT/TdE ccczyl2006@ccczyl2006-PC
  The key's randomart image is:
  +---[RSA 2048]----+
  |            .o ..|
  |       . . +  +o |
  |o + o o . o +.. .|
  | X o = o . . +  .|
  |= * + * S   . +.E|
  | O B = =     . o.|
  |+ B . o       . o|
  | +             .o|
  |                o|
  +----[SHA256]-----+
  
  //2 生成的文件带.pub为公钥 另一个文件为私钥
  $ ll
  total 15
  -rw-r--r-- 1 ccczyl2006 197121   73 四月 11 15:44  config
  -rw-r--r-- 1 ccczyl2006 197121  118 四月 25  2018 'config - Copy'
  drwxr-xr-x 1 ccczyl2006 197121    0 四月 11 20:51  copy/
  -rw-r--r-- 1 ccczyl2006 197121 6755 四月 11 19:56  known_hosts
  -rw-r--r-- 1 ccczyl2006 197121 1679 四月 11 20:56  vbox-ubuntu_rsa
  -rw-r--r-- 1 ccczyl2006 197121  406 四月 11 20:56  vbox-ubuntu_rsa.pub
  
  

  //2 使用ssh-copy-id 命令拷贝公钥到服务器 
  $ ssh-copy-id -i vbox-ubuntu_rsa.pub yjf@192.168.0.106
  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "vbox-ubuntu_rsa.pub"
  /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
  /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
  yjf@192.168.0.106's password:
  
  Number of key(s) added: 1
  
  Now try logging into the machine, with:   "ssh 'yjf@192.168.0.106'"
  and check to make sure that only the key(s) you wanted were added.
  
  //3 登录服务器确保.ssh目录下已存在authorized_keys文件 
  
  //4 存放私有的文件夹.ssh下使用以下命令即可使用无密码访问
  $ ssh -i ./vbox-ubuntu_rsa yjf@192.168.0.106
  

  • xshell私有访问如下图