SSHD服务搭建

时间  2019-11-19
标签 sshd 服务 搭建 繁體版
原文   原文链接

SSH协议:安全外壳协议。为Secure Shell 缩写。SSH为创建在应用层和传输层基础上的安全协议。npm

 
一、检查SSH服务端安装状况
  1. [root@rhel6_84 ~]# rpm -qpi /mnt/Packages/openssh-server-5.3p1-94.el6.x86_64.rpm #rpm -qpi packetname 查看安装包的内容
  2. [root@rhel-6~]# rpm -qa |grep openssh #检查ssh安装状况。若是没有使用rpm安装一遍。
  3. openssh-5.3p1-94.el6.x86_64
  4. openssh-clients-5.3p1-94.el6.x86_64
  5. openssh-askpass-5.3p1-94.el6.x86_64
  6. openssh-server-5.3p1-94.el6.x86_64
 
二、启动SSHD服务
  1. [root@rhel-6 ~]# service sshd start
  2. [root@rhel-6 ~]# /etc/init.d/sshd start #绝对路径方式启动
  3. [root@rhel-6 ~]# chkconfig sshd on #设置sshd服务开机自启 on自启 off关闭自启 [root@rhel-6 ~]# chkconfig --list sshd #检查开机自启状况 sshd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
 
三、客户端保存的密钥
  1. [root@rhel-6~]# cat .ssh/known_hosts #查看本机保存的服务端的密钥。
  2. 192.168.3.81 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCzit8dq4s0xZCk1Gme5GJfYaWZzYHW37KHMfpaU7Fc2/npmJpHpufXGiYR+h9bAR6DBJvDzp5Mr/nmoaOxLb9WH4dsD9ZyLVTLzp3gaFpk9Fc7B8VRznIgveRYmIue146DoU3+Hjt7DWA19Cg4vxGZih/RekhmUgwEbKmxoC1KW6Qm6Aqd+F5oNIdign8KtFaIMzE4cNcL6YEb1wdYTk3fdUWhUip0Fir3sej9zjrGdCCA3HPxuPbsPE+3yaQ975yfelKRHI/DUpsKegQHK88RtfElLnDOVgle/yne8vsvDgnB1JYKZTGu8XuHG+vGwQAR+E2AelQcQDVFZ0+eJ+T
 
四、SSHD服务配置文件
  1. [root@rhel6_84 ~]# cp /etc/ssh/sshd_config{,.back} #修改前备份此配置文件
  2. [root@rhel6_84 ~]# ls /etc/ssh/ moduli ssh_config sshd_config sshd_config.back ssh_host_dsa_key
  3. [root@rhel6_84 ~]# cat -n /etc/ssh/sshd_config
  4. #Port 22 #端口,默认是22,最好修改成其它
  5. [root@rhel6_84 ~]# netstat -anptu |grep ssh #修改好后,查看ssh服务是否正常监听新端口(222) tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2597/sshd tcp 0 0 0.0.0.0:222 0.0.0.0:* LISTEN 2765/sshd tcp 0 52 192.168.3.84:22 192.168.3.130:57537 ESTABLISHED 2597/sshd tcp 0 0 ::1:6010 :::* LISTEN 2597/sshd tcp 0 0 :::222 :::* LISTEN 2765/sshd
 
五、新端口ssh链接
  1. [root@rhel6_80 ~]# ssh -p 222 root@192.168.3.84 #加上-p参数 指定222端口 链接新服务器
 
六、SSHD配置文件详解
  1. # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
  3. # This is the sshd server system-wide configuration file. See
  4. # sshd_config(5) for more information.
  6. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin #ssh所执行的bash目录
  8. # The strategy used for options in the default sshd_config shipped with
  9. # OpenSSH is to specify options with their default value where
  10. # possible, but leave them commented. Uncommented options change a
  11. # default value.
  13. Port222 #ssh服务端口号
  14. #AddressFamily any
  15. #ListenAddress 0.0.0.0
  16. #ListenAddress ::
  18. # Disable legacy (protocol version 1) support in the server for new
  19. # installations. In future the default will change to require explicit
  20. # activation of protocol 1
  21. Protocol2
  23. # HostKey for protocol version 1
  24. #HostKey /etc/ssh/ssh_host_key
  25. # HostKeys for protocol version 2
  26. #HostKey /etc/ssh/ssh_host_rsa_key
  27. #HostKey /etc/ssh/ssh_host_dsa_key
  29. # default value.
  31. Port222
  32. #AddressFamily any
  33. #ListenAddress 0.0.0.0
  34. #ListenAddress :: #指定只监听的IP地址,设置只容许此IP登录
  36. # Disable legacy (protocol version 1) support in the server for new
  37. # installations. In future the default will change to require explicit
  38. # activation of protocol 1
  39. Protocol2
  41. # HostKey for protocol version 1
  42. #HostKey /etc/ssh/ssh_host_key
  43. # HostKeys for protocol version 2
  44. #HostKey /etc/ssh/ssh_host_rsa_key
  45. #HostKey /etc/ssh/ssh_host_dsa_key
  47. # Lifetime and size of ephemeral version 1 server key
  48. #KeyRegenerationInterval 1h
  49. #ServerKeyBits 1024 #定义密钥长度,默认长度1024
  51. # Logging
  52. # obsoletes QuietMode and FascistLogging
  53. #SyslogFacility AUTH
  54. SyslogFacility AUTHPRIV
  55. #LogLevel INFO
  57. # Authentication:
  59. #LoginGraceTime 2m #链接断开前等待时间
  60. #PermitRootLogin yes #禁止root用户登录
  61. #StrictModes yes
  62. #MaxAuthTries 6
  63. #MaxSessions 10
  65. #RSAAuthentication yes
  66. #PubkeyAuthentication yes
  67. #AuthorizedKeysFile .ssh/authorized_keys
  68. #AuthorizedKeysCommand none
  69. #AuthorizedKeysCommandRunAs nobody
  71. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  72. #RhostsRSAAuthentication no
  73. # similar for protocol version 2
  74. #HostbasedAuthentication no
  75. # Change to yes if you don't trust ~/.ssh/known_hosts for
  76. # RhostsRSAAuthentication and HostbasedAuthentication
  77. #IgnoreUserKnownHosts no
  78. # Don't read the user's ~/.rhosts and ~/.shosts files
  79. #IgnoreRhosts yes
  81. # To disable tunneled clear text passwords, change to no here!
  82. #PasswordAuthentication yes
  83. #PermitEmptyPasswords no
  84. PasswordAuthentication yes #是否容许使用帐号和密码登录,改成no将不容许使用帐号和密码登录,可以使用私钥登录。
  86. # Change to no to disable s/key passwords
  87. #ChallengeResponseAuthentication yes
  88. ChallengeResponseAuthentication no
  90. # Kerberos options
  91. #KerberosAuthentication no
  92. #KerberosOrLocalPasswd yes
  93. #KerberosTicketCleanup yes
  94. #KerberosGetAFSToken no
  95. #KerberosUseKuserok yes
  97. # GSSAPI options
  98. #GSSAPIAuthentication no
  99. GSSAPIAuthentication yes
  100. #GSSAPICleanupCredentials yes
  101. GSSAPICleanupCredentials yes
  102. #GSSAPIStrictAcceptorCheck yes
  103. #GSSAPIKeyExchange no
  105. # Set this to 'yes' to enable PAM authentication, account processing,
  106. # and session processing. If this is enabled, PAM authentication will
  107. # be allowed through the ChallengeResponseAuthentication and
  108. # PasswordAuthentication. Depending on your PAM configuration,
  109. # PAM authentication via ChallengeResponseAuthentication may bypass
  110. # the setting of "PermitRootLogin without-password".
  111. # If you just want the PAM account and session checks to run without
  112. # PAM authentication, then enable this but set PasswordAuthentication
  113. # and ChallengeResponseAuthentication to 'no'.
  114. #UsePAM no
  115. UsePAM yes
  117. # Accept locale-related environment variables
  118. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  119. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  120. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  121. AcceptEnv XMODIFIERS
  123. #AllowAgentForwarding yes
  124. #AllowTcpForwarding yes
  125. #GatewayPorts no
  126. #X11Forwarding no
  127. X11Forwarding yes
  128. #X11DisplayOffset 10
  129. #X11UseLocalhost yes
  130. #PrintMotd yes #是否打印 /etc/motd 链接时显示的信息
  131. #PrintLastLog yes #是否显示上次登录信息
  132. #TCPKeepAlive yes
  133. #UseLogin no
  134. #UsePrivilegeSeparation yes #是否容许低权限用户产生新链接进程,no表示如何用户都是用root权限运行ssh
  135. #PermitUserEnvironment no
  136. #Compression delayed
  137. #ClientAliveInterval 0
  138. #ClientAliveCountMax 3
  139. #ShowPatchLevel no
  140. #UseDNS yes #是否启用DNS验证,外网须要启用
  141. #PidFile /var/run/sshd.pid #存放服务进程ID
  142. #MaxStartups 10:30:100
  143. #PermitTunnel no
  144. #ChrootDirectory none
  146. # no default banner path
  147. #Banner none
  149. # override default of no subsystems
  150. Subsystem sftp /usr/libexec/openssh/sftp-server
  152. # Example of overriding settings on a per-user basis
  153. #Match User anoncvs
  154. # X11Forwarding no
  155. # AllowTcpForwarding no
  156. # ForceCommand cvs server
 
 



相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程