Article Directory
1. What is SSH
SSH is an acronym for Secure Shell, is a secure remote management protocol at the application layer of the establishment. Provides security for remote login session, and other network services. The default port 22.
2.SSH login authentication mode
A blog graphical SSH principle , b
station video is still Silicon Valley 2019 + Linux operation and maintenance of cloud computing ②: Linux network service management and database management MySQL + Redis
about this a lot, you need to look at again and again
3. Configure SSH service
3.1 Environment Preparation
Two Linux operating system of the host (CentOS6.x), can communicate, different host name.
Way to modify the host name: hostname node1, hostname node2, hostname node3
temporarily shut down protection:
iptables -F # emptied firewall rules
setenforce 0 # SELinux temporarily shut down
permanently shut down protection:
chkconfig iptables firewall OFF # Set the boot does not self-starting
sed -i ' 7s / enforcing / disabled / '/ etc / selinux / config # SELinux permanently closed
Note: reboot the server after performing the above two commands
vim / etc / selinux / config appear below:
First look at the state of the firewall rules load time:
iptables -L
temporarily emptied the rules:
iptables -F
again iptables -L
Check the status of SELinux commands: getenforce
temporarily closed: setenforce 0
permanently closed: The service is not every time you boot from Kai, iptables not boot from Kai
's first look at the iptables service: chkconfig --list iptables
now 2345 level boot from Kai
close the command: chkconfig iptables off
opening vim / etc / selinux / config
will lower the figure to FIG:
verify after he:
3.2 user password authentication
Linux using the ssh remote login using tools format:
ssh [email protected]
Linux and Linux interoperability with ssh format:
Exit the command: exit
3.3 key verification
Key among 3.3.1Linux host for login authentication
- 客户端生成密钥对文件
ssh-keygen -t rsa -b 2048
-t 指定加密类型(rsa/dsa等)
-b 指定密钥对加密长度
询问1:执行过程中会询问保存位置,一般默认保存在当前用户家目录下的.ssh/目录
询问2:是否对密钥文件进行加密
加密:若加密,则在调用密钥文件时需要先验证密钥的密码,密码正确才能使用密钥文件
不加密:若不加密,则密钥文件可以直接被调用,整个登录验证过程无需输入任何密码,即为免密登录 - 将公钥文件上传至服务器端
ssh-copy-id 用户名@服务器IP地址
#该用户名和要用来登录服务器的用户名一致 - 客户端尝试登录服务器
ssh 用户名@服务器IP地址
#密钥对验证优先级大于账户密码验证
询问过程直接回车
不需要密码
3.3.2Windows与Linux之间的密钥对登录验证
3.4禁止密码登录
当我们学会了使用密钥对进行验证后,建议生产环境下将账户密码登录功能关掉
配置文件:/etc/ssh/sshd_config
选项:PasswordAuthentication no
注意:ssh的配置文件中,并不是注释掉的就是不生效的,有些是默认生效,需要修改时一定要取消注释再修改
vim sshd_config进入:
重启sshd配置文件
3.5禁止SSHroot用户登录
你得用一个别的用户user1,再操作
3.6修改默认端口、限制 ssh 监听 IP
Usually modify port, try to modify a high port (range 1-65535)
Enter the following command when Xshell:
Linux Linux connection using the command: ssh -p port number root @ IP
restrictions IP login:
Want virtual machine has multiple IP addresses by command: ifconfig eth0: 0 192.168.88.22