OpenSSH简介
ssh协议(Secure SHell)可以帮助用户「安全的远程登录」目标主机,采用C/S结构,监听端口 TCP 22 ,使用版本2,安全性增强
功能:客户端操作远端服务器和本地系统一致
工作原理:服务器端监听socket,接收远程客户端请求,通过TCP/IP建立连接,给客户端提供操作界面,通过网络传递请求给服务器,服务器子进程执行客户端请求,将执行结果交由网络协议封装后返回给客户端
服务器启动的时候自己产生一个密钥(768bit公钥),本地的ssh客户端发送连接请求到ssh服务器,服务器检查连接点客户端发送的数据和IP地址,确认合法后发送密钥(768bits)给客户端,此时客户端将本地私钥(256bit)和服务器的公钥(768bit)结合成密钥对key(1024bit),发回给服务器端,建立连接通过key-pair数据传输
Open SHell是ssh协议的开源实现
服务器端:sshd
客户端端:ssh
windows 客户端 : xshell securecrt putty cmder
OpenSSH 配置文件
软件安装包
[root@mini ~]# rpm -qa openssh openssl
openssl-1.0.1e-42.el7.9.x86_64
openssh-6.6.1p1-22.el7.x86_64
配置文件路径
sshd:配置文件 /etc/ssh/sshd_config
ssh: 配置文件 /etc/ssh/ssh_config
Open SSH 实践
CenOS7 默认已安装Openssh
ssh 使用格式
ssh [options] [user@]host [COMMAND] user@可省
常用选项 :
-l user 指定用户名
-p port 指定端口
-o options 指明配置文件中属性
查看本机SSH服务进程及端口号
[root@mini ~]# ps -aux | grep ssh ##查看sshd进程
root 1441 0.0 0.3 82544 3576 ? Ss 06:57 0:00 /usr/sbin/sshd -D
root 2600 0.0 0.5 140772 5052 ? Ss 07:01 0:00 sshd: root@pts/0
[root@mini ~]# ss -tunlp ##查看ssh监听端口
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 *:22 *:*
users:(("sshd",pid=1441,fd=3))
通过ssh远程登录目标主机172.16.100.30
第一次远程登录时会提示是否获取服务器端公钥,输入yes即可
[root@mini ~]# ssh 172.16.100.30 ##通过root身份远程登录
The authenticity of host '172.16.100.30 (172.16.100.30)' can't be established.
RSA key fingerprint is 33:5c:fc:e1:cd:2d:82:15:48:e8:00:99:6e:ef:8b:42.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.100.30' (RSA) to the list of known hosts.
root@172.16.100.30's password:
Last login: Wed Sep 4 06:09:05 2019 from 172.16.100.20
[root@OS6 ~]#
[root@mini ~]# cat ~/.ssh/known_hosts ##接收到公钥的服务器地址
172.16.100.30 ssh-rsa AAAAB3NzaC1yc2EAAAABIw....
通过修改配置文件跳过第一次连接输入yes
[root@mini ~]# vim /etc/ssh/ssh_config
trictHostKeyChecking no
[root@mini ~]# ssh 172.16.100.30
Warning: Permanently added '172.16.100.30' (RSA) to the list of known hosts.
root@172.16.100.30's password:
Last login: Wed Sep 4 06:17:59 2019 from 172.16.100.20
[root@OS6 ~]#
[root@OS6 ~]# ssh 172.16.100.20
Last login: Wed Sep 4 07:01:29 2019 from 172.16.100.1
OS6主机通过创建密钥实现免密登录mini主机
[root@OS6 ~]# ssh-keygen -t rsa ##生成密钥
[root@OS6 ~]# ls .ssh/ ##密钥生成位置
id_rsa id_rsa.pub known_hosts
[root@OS6 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.100.20 ##将公钥copy至mini主机
root@172.16.100.20's password:
Now try logging into the machine, with "ssh 'root@172.16.100.20'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@OS6 ~]# ssh 172.16.100.20 ##测试
Last login: Wed Sep 4 07:01:29 2019 from 172.16.100.1
[root@mini ~]# ip addr
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:40:04:14 brd ff:ff:ff:ff:ff:ff
inet 172.16.100.20/24 brd 172.16.100.255 scope global eno16777736
通过简单实验实践了OpenSSH,学习到更多知识后再入补充
网友评论