{"id":613,"date":"2022-07-17T23:57:05","date_gmt":"2022-07-17T15:57:05","guid":{"rendered":"https:\/\/www.qiangzhenshuai.com\/?p=613"},"modified":"2022-08-02T13:29:10","modified_gmt":"2022-08-02T05:29:10","slug":"sshd%e8%bf%9c%e7%a8%8b%e8%bf%9e%e6%8e%a5%e6%9c%8d%e5%8a%a1","status":"publish","type":"post","link":"https:\/\/www.qiangzhenshuai.com\/?p=613","title":{"rendered":"Linux-sshd\u8fdc\u7a0b\u8fde\u63a5\u670d\u52a1"},"content":{"rendered":"

<\/p>\n

1.\u670d\u52a1\u4ecb\u7ecd<\/h1>\n

SSH\u662fsecure shell protocol\u7684\u7b80\u5199\uff0c\u7531IETF\u7f51\u7edc\u5de5\u4f5c\u5c0f\u7ec4\u5236\u5b9a\uff0c\u5728\u8fdb\u884c\u6570\u636e\u4f20\u8f93\u4e4b\u524d\uff0cSSH\u5148\u5bf9\u8054\u673a\u6570\u636e\u5305\u901a\u8fc7\u52a0\u5bc6\u6280\u672f\u8fdb\u884c\u52a0\u5bc6\u5904\u7406\uff0c\u52a0\u5bc6\u540e\u518d\u8fdb\u884c\u4f20\u8f93\uff0c\u786e\u4fdd\u4f20\u9012\u7684\u6570\u636e\u5b89\u5168\u3002
\n\u9ed8\u8ba4\u72b6\u6001\u4e0b\uff0cSSH\u670d\u52a1\u4e3b\u8981\u63d0\u4f9b\u4e24\u4e2a\u670d\u52a1\u529f\u80fd\uff1a\u4e00\u4e2a\u662f\u63d0\u4f9b\u7c7b\u4f3ctelnet\u8fdc\u7a0b\u8fde\u63a5\u670d\u52a1\u5668\u7684\u670d\u52a1\uff0c\u5373SSH\u670d\u52a1\uff0c\u53e6\u4e00\u4e2a\u7c7b\u4f3cFTP\u670d\u52a1\u7aefsftp-server,\u501f\u52a9SSH\u534f\u8bae\u6765\u4f20\u8f93\u6570\u636e\u7684\uff0c\u63d0\u4f9b\u66f4\u5b89\u5168\u7684SFTP\u670d\u52a1\u3002
\n\u63d0\u9192\uff1assh\u5ba2\u6237\u7aef\u8fd8\u5305\u542b\u4e00\u4e2a\u5f88\u6709\u7528\u7684\u8fdc\u7a0b\u5b89\u5168\u62f7\u8d1d\u547d\u4ee4SCP\uff0c\u4e5f\u662f\u901a\u8fc7ssh\u534f\u8bae\u5de5\u4f5c\u7684\u3002
\nssh\u7684\u5de5\u4f5c\u673a\u5236\u5927\u81f4\u662f\u672c\u5730ssh\u5ba2\u6237\u7aef\u5148\u53d1\u9001\u4e00\u4e2a\u8fde\u63a5\u8bf7\u6c42\u5230\u8fdc\u7a0b\u7684ssh\u670d\u52a1\u7aef\uff0c\u670d\u52a1\u7aef\u68c0\u67e5\u8fde\u63a5\u7684\u5ba2\u6237\u7aef\u53d1\u9001\u5230\u6570\u636e\u5305\u548cIP\u5730\u5740\uff0c\u5982\u679c\u786e\u8ba4\u5408\u6cd5\uff0c\u5c31\u4f1a\u53d1\u9001\u5bc6\u94a5\u7ed9ssh\u7ed9\u5ba2\u6237\u7aef\uff0c\u6b64\u65f6\uff0c\u5ba2\u6237\u7aef\u672c\u5730\u518d\u5c06\u5bc6\u94a5\u53d1\u56de\u7ed9\u670d\u52a1\u7aef\uff0c\u81ea\u6b64\u8fde\u63a5\u5efa\u7acb<\/p>\n

2.\u8fdc\u7a0b\u8fde\u63a5\u8fc7\u7a0b<\/h1>\n

\"\"<\/a><\/p>\n

ssh\u5ba2\u6237\u7aef<\/h2>\n

openssh-client
\nxshell\/secureCRT\/putty\/finalshell …….<\/p>\n

[root@dmxsp ~]# rpm -qa | grep openssh
\nopenssh-clients-7.4p1-21.el7.x86_64
\nopenssh-server-7.4p1-21.el7.x86_64
\nopenssh-7.4p1-21.el7.x86_64<\/p>\n

linux\u4e92\u76f8\u8fde\u63a5\u8fc7\u7a0b<\/h2>\n

\u7b2c\u4e00\u6b21\u8fde\u63a5<\/h4>\n

[root@dmxsp ~]# ssh 172.16.1.8
\nThe authenticity of host ‘172.16.1.8 (172.16.1.8)’ can’t be established.
\nECDSA key fingerprint is SHA256:HPnpdimIQY\/ffHz814mUh16PmTB1MMFY0WI0EECtWHg.
\nECDSA key fingerprint is MD5:e3:d0:2e:7f:08:db:d4:c6:6d:35:74:1e:26:c2:91:6b.
\nAre you sure you want to continue connecting (yes\/no)? yes
\nWarning: Permanently added ‘172.16.1.8’ (ECDSA) to the list of known hosts.
\nroot@172.16.1.8’s password:
\nLast login: Thu Jul 21 20:08:06 2022 from 172.16.1.22
\n[root@web02 ~]$<\/p>\n

\u7b2c\u4e00\u6b21\u8fde\u63a5\u9700\u8981\u8bb0\u5f55\u8fd9\u53f0\u673a\u5668\u7684\u6307\u7eb9\u4fe1\u606f<\/h4>\n

[root@dmxsp ~]#ll -a
\ndrwx—— 2 root root 48 Jun 7 2021 .ssh<\/p>\n

[root@dmxsp ~]# ll .ssh\/known_hosts
\n-rw-r–r– 1 root root 866 Jun 15 2021 .ssh\/known_hosts<\/p>\n

\u7aef\u53e3<\/h2>\n

SSH\u662f\u5b89\u5168\u7684\u52a0\u5bc6\u534f\u8bae\uff0c\u7528\u4e8e\u8fdc\u7a0b\u8fde\u63a5linux\u670d\u52a1\u5668\u3002
\nSSH\u9ed8\u8ba4\u7aef\u53e3\u662f22\uff0c\u5b89\u5168\u534f\u8bae\u7248\u672cSSH2\uff0c\u9664\u4e862\u4e4b\u5916\u8fd8\u6709SSH1\uff08\u6709\u6f0f\u6d1e\uff09\u3002
\nSSH\u670d\u52a1\u7aef\u4e3b\u8981\u5305\u542b\u4e24\u4e2a\u670d\u52a1\u529f\u80fdSSH\u8fdc\u7a0b\u8fde\u63a5\u548cSFTP\u670d\u52a1\u3002
\nLinux SSH\u5ba2\u6237\u7aef\u5305\u542bssh\u8fdc\u7a0b\u8fde\u63a5\u547d\u4ee4\uff0c\u4ee5\u53ca\u8fdc\u7a0b\u62f7\u8d1dscp\u547d\u4ee4\u7b49<\/p>\n

3.telnet vs ssh<\/h1>\n

ssh \u52a0\u5bc6(\u5bc6\u6587)
\ntelnet \u672a\u52a0\u5bc6(\u660e\u6587)<\/p>\n

\u5b89\u88c5telnet<\/h4>\n

[root@dmxsp ~]# yum install -y telnet-server<\/p>\n

\u67e5\u770b\u914d\u7f6e\u6587\u4ef6<\/h4>\n

[root@dmxsp ~]# rpm -ql telnet-server
\n\/usr\/lib\/systemd\/system\/telnet.socket
\n\/usr\/lib\/systemd\/system\/telnet@.service
\n\/usr\/sbin\/in.telnetd
\n\/usr\/share\/man\/man5\/issue.net.5.gz
\n\/usr\/share\/man\/man8\/in.telnetd.8.gz
\n\/usr\/share\/man\/man8\/telnetd.8.gz<\/p>\n

\u542f\u52a8\u670d\u52a1<\/h4>\n

[root@dmxsp ~]# systemctl restart telnet.socket<\/p>\n

\u6d4b\u8bd5\uff08\u4e0d\u8ba9root\u7528\u6237\u767b\u5f55\uff0c\u4f7f\u7528\u666e\u901a\u7528\u6237\uff09<\/h4>\n

[c:\\~]$ telnet 10.0.0.22 23<\/p>\n

Connecting to 10.0.0.22:23…
\nConnection established.
\nTo escape to local shell, press ‘Ctrl+Alt+]’.<\/p>\n

Kernel 3.10.0-1127.el7.x86_64 on an x86_64
\ndmxsp login: qwer
\nPassword:<\/p>\n

4.ssh\u5bc6\u94a5\u8ba4\u8bc1<\/h1>\n

\u539f\u7406<\/h2>\n

\"\"<\/a><\/p>\n

\u751f\u6210\u5bc6\u94a5\u5bf9—\u628a\u516c\u94a5\uff08\u516c\u94a5\u4ee5.pub\u7ed3\u5c3e\uff09\u53d1\u9001—\u4fee\u6539\u540d\u5b57\u4fee\u6539\u6743\u9650—\u5ba2\u6237\u7aef\u53d1\u9001\u8fde\u63a5\u8bf7\u6c42\u670d\u52a1\u7aef\u9a8c\u8bc1\u5bc6\u94a5—<\/p>\n

5.\u5bc6\u94a5\u8ba4\u8bc1<\/h1>\n

ssh-keygen<\/h2>\n

\u751f\u6210\u3001\u7ba1\u7406\u548c\u8f6c\u6362\u8ba4\u8bc1\u5bc6\u94a5<\/p>\n

-b\uff1a\u6307\u5b9a\u5bc6\u94a5\u957f\u5ea6
\n-B\uff1a\u663e\u793a\u6307\u5b9a\u7684\u516c\u94a5\/\u79c1\u94a5\u6587\u4ef6\u7684 bubblebabble \u6458\u8981
\n-e\uff1a\u8bfb\u53d6openssh\u7684\u79c1\u94a5\u6216\u8005\u516c\u94a5\u6587\u4ef6
\n-C\uff1a\u6dfb\u52a0\u6ce8\u91ca
\n-c\uff1a\u8981\u6c42\u4fee\u6539\u79c1\u94a5\u548c\u516c\u94a5\u6587\u4ef6\u4e2d\u7684\u6ce8\u91ca\u3002\u672c\u9009\u9879\u53ea\u652f\u6301 RSA1 \u5bc6\u94a5\u3002 \u7a0b\u5e8f\u5c06\u63d0\u793a\u8f93\u5165\u79c1\u94a5\u6587\u4ef6\u540d\u3001\u5bc6\u8bed(\u5982\u679c\u5b58\u5728)\u3001\u65b0\u6ce8\u91ca
\n-D\uff1a\u4e0b\u8f7d\u5b58\u50a8\u5728\u667a\u80fd\u5361 reader \u91cc\u7684 RSA \u516c\u94a5
\n-F hostname\uff1a\u5728 known_hosts \u6587\u4ef6\u4e2d\u641c\u7d22\u6307\u5b9a\u7684 hostname \uff0c\u5e76\u5217\u51fa\u6240\u6709\u7684\u5339\u914d\u9879\u3002\u8fd9\u4e2a\u9009\u9879\u4e3b\u8981\u7528\u4e8e\u67e5\u627e\u6563\u5217\u8fc7\u7684\u4e3b\u673a\u540d\/ip\u5730\u5740\uff0c\u8fd8\u53ef\u4ee5\u548c -H \u9009\u9879\u8054\u7528\u6253\u5370\u627e\u5230\u7684\u516c\u94a5\u7684\u6563\u5217\u503c
\n-f\uff1a\u6307\u5b9a\u7528\u6765\u4fdd\u5b58\u5bc6\u94a5\u7684\u6587\u4ef6\u540d
\n-i\uff1a\u8bfb\u53d6\u672a\u52a0\u5bc6\u7684ssh-v2\u517c\u5bb9\u7684\u79c1\u94a5\/\u516c\u94a5\u6587\u4ef6\uff0c\u7136\u540e\u5728\u6807\u51c6\u8f93\u51fa\u8bbe\u5907\u4e0a\u663e\u793aopenssh\u517c\u5bb9\u7684\u79c1\u94a5\/\u516c\u94a5
\n-l\uff1a\u663e\u793a\u516c\u94a5\u6587\u4ef6\u7684\u6307\u7eb9\u6570\u636e
\n-N\uff1a\u63d0\u4f9b\u4e00\u4e2a\u65b0\u5bc6\u8bed
\n-P\uff1a\u63d0\u4f9b\uff08\u65e7\uff09\u5bc6\u8bed
\n-q\uff1a\u9759\u9ed8\u6a21\u5f0f
\n-t\uff1a\u6307\u5b9a\u8981\u521b\u5efa\u7684\u5bc6\u94a5\u7c7b<\/p>\n

ssh-copy-id<\/h2>\n

\u547d\u4ee4\u53ef\u4ee5\u628a\u672c\u5730\u4e3b\u673a\u7684\u516c\u94a5\u590d\u5236\u5230\u8fdc\u7a0b\u4e3b\u673a\u7684authorized_keys\u6587\u4ef6\u4e0a\uff0cssh-copy-id\u547d\u4ee4\u4e5f\u4f1a\u7ed9\u8fdc\u7a0b\u4e3b\u673a\u7684\u7528\u6237\u4e3b\u76ee\u5f55\uff08home\uff09\u548c~\/.ssh, \u548c~\/.ssh\/authorized_keys\u8bbe\u7f6e\u5408\u9002\u7684\u6743\u9650<\/p>\n

-i\uff1a\u6307\u5b9a\u8ba4\u8bc1\u6587\u4ef6(\u516c\u94a5)
\n-f\uff1a\u5f3a\u5236\u6a21\u5f0f
\n-n\uff1a\u6d4b\u8bd5,\u4e0d\u5b9e\u9645\u66ff\u6362
\n-p port\uff1a\u6307\u5b9a\u7aef\u53e3
\n-o option\uff1a\u6307\u5b9a\u5176\u4ed6 ssh \u53c2\u6570<\/p>\n

ssh<\/h2>\n

ssh \u7528\u4e8e\u767b\u5f55\u8fdc\u7a0b\u4e3b\u673a, \u5e76\u4e14\u5728\u8fdc\u7a0b\u4e3b\u673a\u4e0a\u6267\u884c\u547d\u4ee4. \u5b83\u7684\u76ee\u7684\u662f\u66ff\u6362 rlogin \u548c rsh, \u540c\u65f6\u5728\u4e0d\u5b89\u5168\u7684\u7f51\u7edc\u4e4b\u4e0a, \u4e24\u4e2a\u4e92\u4e0d \u4fe1\u4efb\u7684\u4e3b\u673a\u4e4b\u95f4, \u63d0\u4f9b\u52a0\u5bc6\u7684, \u5b89\u5168\u7684\u901a\u4fe1\u8fde\u63a5. X11 \u8fde\u63a5\u548c\u4efb\u610f TCP\/IP \u7aef\u53e3\u5747\u53ef\u4ee5\u901a\u8fc7\u6b64\u5b89\u5168\u901a\u9053\u8f6c\u53d1(forward).\u5f53\u7528\u6237\u901a\u8fc7 \u8fde\u63a5\u5e76\u767b\u5f55\u4e3b\u673a hostname \u540e, \u6839\u636e\u6240\u7528\u7684\u534f\u8bae\u7248\u672c, \u7528\u6237\u5fc5\u987b\u901a\u8fc7\u4e0b\u8ff0\u65b9\u6cd5\u4e4b\u4e00\u5411\u8fdc\u7a0b\u4e3b\u673a\u8bc1\u660e\u4ed6\/\u5979\u7684\u8eab\u4efd<\/p>\n

-a\uff1a\u7981\u6b62\u8f6c\u53d1\u8ba4\u8bc1\u4ee3\u7406\u7684\u8fde\u63a5
\n-b\uff1a\u5728\u62e5\u6709\u591a\u4e2a\u63a5\u53e3\u6216\u5730\u5740\u522b\u540d\u7684\u673a\u5668\u4e0a, \u6307\u5b9a\u6536\u53d1\u63a5\u53e3
\n-c blowfish|3des|des\uff1a\u9009\u62e9\u52a0\u5bc6\u4f1a\u8bdd\u7684\u5bc6\u7801\u672f. 3des \u662f\u9ed8\u8ba4\u7b97\u6cd5. 3des (triple-des) \u7528\u4e09\u652f\u4e0d\u540c\u7684\u5bc6\u94a5\u505a\u52a0\u5bc6-\u89e3\u5bc6-\u52a0\u5bc6\u4e09\u6b21\u8fd0\u7b97, \u88ab\u8ba4\u4e3a\u6bd4\u8f83\u53ef\u9760. blowfish \u662f\u4e00\u79cd\u5feb\u901f\u7684\u5206\u7ec4\u52a0\u5bc6\u672f(block cipher), \u975e\u5e38\u5b89\u5168, \u800c\u4e14\u901f\u5ea6\u6bd4 3des \u5feb\u7684\u591a. des \u4ec5\u652f\u6301 \u5ba2\u6237\u7aef, \u76ee\u7684\u662f\u80fd\u591f\u548c\u8001\u5f0f\u7684\u4e0d\u652f\u6301 3des \u7684\u534f\u8bae\u7b2c\u4e00\u7248\u4e92\u64cd\u4f5c. \u7531\u4e8e\u5176\u5bc6\u7801\u7b97\u6cd5\u4e0a\u7684\u5f31\u70b9, \u5f3a\u70c8\u5efa\u8bae\u907f\u514d\u4f7f\u7528
\n-e ch|^ch|none\uff1a\u8bbe\u7f6e pty \u4f1a\u8bdd\u7684 escape \u5b57\u7b26 (\u9ed8\u8ba4\u5b57\u7b26: `~’ ) . escape \u5b57\u7b26\u53ea\u5728\u884c\u9996\u6709\u6548, escape \u5b57\u7b26\u540e\u9762\u8ddf\u4e00\u4e2a\u70b9 (`.’ ) \u8868\u793a\u7ed3\u675f\u8fde\u63a5, \u8ddf\u4e00\u4e2a control-Z \u8868\u793a\u6302\u8d77\u8fde\u63a5(suspend), \u8ddf escape \u5b57\u7b26\u81ea\u5df1 \u8868\u793a\u8f93\u51fa\u8fd9\u4e2a\u5b57\u7b26. \u628a\u8fd9\u4e2a\u5b57\u7b26\u8bbe\u4e3a “none \u5219\u7981\u6b62 escape \u529f\u80fd, \u4f7f\u4f1a\u8bdd\u5b8c\u5168\u900f\u660e
\n-o\uff1a\u53ef\u4ee5\u5728\u8fd9\u91cc\u7ed9\u51fa\u67d0\u4e9b\u9009\u9879, \u683c\u5f0f\u548c\u914d\u7f6e\u6587\u4ef6\u4e2d\u7684\u683c\u5f0f\u4e00\u6837. \u5b83\u7528\u6765\u8bbe\u7f6e\u90a3\u4e9b\u6ca1\u6709\u547d\u4ee4\u884c\u5f00\u5173\u7684\u9009\u9879
\n-f\uff1a\u8981\u6c42 \u5728\u6267\u884c\u547d\u4ee4\u524d\u9000\u81f3\u540e\u53f0. \u5b83\u7528\u4e8e\u5f53 \u51c6\u5907\u8be2\u95ee\u53e3\u4ee4\u6216\u5bc6\u8bed, \u4f46\u662f\u7528\u6237\u5e0c\u671b\u5b83\u5728\u540e\u53f0\u8fdb\u884c. \u8be5\u9009\u9879\u9690\u542b\u4e86 -n \u9009\u9879. \u5728\u8fdc\u7aef\u673a\u5668\u4e0a\u542f\u52a8 X11 \u7a0b\u5e8f\u7684\u63a8\u8350\u624b\u6cd5\u5c31\u662f\u7c7b\u4f3c\u4e8e ssh -f host xterm \u7684\u547d\u4ee4
\n-g\uff1a\u5141\u8bb8\u8fdc\u7aef\u4e3b\u673a\u8fde\u63a5\u672c\u5730\u8f6c\u53d1\u7684\u7aef\u53e3
\n-i\uff1a\u6307\u5b9a\u4e00\u4e2a RSA \u6216 DSA \u8ba4\u8bc1\u6240\u9700\u7684\u8eab\u4efd(\u79c1\u94a5)\u6587\u4ef6. \u9ed8\u8ba4\u6587\u4ef6\u662f\u534f\u8bae\u7b2c\u4e00\u7248\u7684 $HOME\/.ssh\/identity \u4ee5\u53ca\u534f\u8bae\u7b2c\u4e8c\u7248\u7684 $HOME\/.ssh\/id_rsa \u548c $HOME\/.ssh\/id_dsa \u6587\u4ef6. \u4e5f\u53ef\u4ee5\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u5bf9\u6bcf\u4e2a\u4e3b\u673a\u5355\u72ec\u6307\u5b9a\u8eab\u4efd\u6587\u4ef6. \u53ef\u4ee5\u540c\u65f6\u4f7f\u7528\u591a\u4e2a -i \u9009\u9879 (\u4e5f\u53ef\u4ee5\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9a\u591a\u4e2a\u8eab\u4efd\u6587\u4ef6
\n-l\uff1a\u6307\u5b9a\u767b\u5f55\u8fdc\u7a0b\u4e3b\u673a\u7684\u7528\u6237. \u53ef\u4ee5\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u5bf9\u6bcf\u4e2a\u4e3b\u673a\u5355\u72ec\u8bbe\u5b9a\u8fd9\u4e2a\u53c2\u6570
\n-n\uff1a\u628a stdin \u91cd\u5b9a\u5411\u5230 \/dev\/null (\u5b9e\u9645\u4e0a\u9632\u6b62\u4ece stdin \u8bfb\u53d6\u6570\u636e). \u5728\u540e\u53f0\u8fd0\u884c\u65f6\u4e00\u5b9a\u4f1a\u7528\u5230\u8fd9\u4e2a\u9009\u9879. \u5b83\u7684\u5e38\u7528\u6280\u5de7\u662f\u8fdc\u7a0b\u8fd0\u884c X11 \u7a0b\u5e8f. \u4f8b\u5982, ssh -n shadows.cs.hut.fi emacs \u5c06\u4f1a\u5728 shadows.cs.hut.fi \u4e0a\u542f\u52a8 emacs, \u540c\u65f6\u81ea\u52a8\u5728\u52a0\u5bc6\u901a\u9053\u4e2d\u8f6c\u53d1 X11 \u8fde\u63a5. \u5728\u540e\u53f0\u8fd0\u884c. (\u4f46\u662f\u5982\u679c \u8981\u6c42\u53e3\u4ee4\u6216\u5bc6\u8bed, \u8fd9\u79cd\u65b9\u5f0f\u5c31\u65e0\u6cd5\u5de5\u4f5c; \u53c2\u89c1 -f \u9009\u9879.
\n-N\uff1a\u4e0d\u6267\u884c\u8fdc\u7a0b\u547d\u4ee4. \u7528\u4e8e\u8f6c\u53d1\u7aef\u53e3
\n-p\uff1a\u6307\u5b9a\u8fdc\u7a0b\u4e3b\u673a\u7684\u7aef\u53e3. \u53ef\u4ee5\u5728\u914d\u7f6e\u6587\u4ef6\u4e2d\u5bf9\u6bcf\u4e2a\u4e3b\u673a\u5355\u72ec\u8bbe\u5b9a\u8fd9\u4e2a\u53c2\u6570
\n-q\uff1a\u5b89\u9759\u6a21\u5f0f. \u6d88\u9664\u6240\u6709\u7684\u8b66\u544a\u548c\u8bca\u65ad\u4fe1\u606f
\n-t\uff1a\u5f3a\u5236\u5206\u914d\u4f2a\u7ec8\u7aef. \u53ef\u4ee5\u5728\u8fdc\u7a0b\u673a\u5668\u4e0a\u6267\u884c\u4efb\u4f55\u5168\u5c4f\u5e55(screen-based)\u7a0b\u5e8f, \u6240\u4ee5\u975e\u5e38\u6709\u7528, \u4f8b\u5982\u83dc\u5355\u670d\u52a1. \u5e76\u8054\u7684 -t \u9009\u9879\u5f3a\u5236\u5206\u914d\u7ec8\u7aef, \u5373\u4f7f \u6ca1\u6709\u672c\u5730\u7ec8\u7aef
\n-F\uff1a\u6307\u5b9a\u4e00\u4e2a\u7528\u6237\u7ea7\u914d\u7f6e\u6587\u4ef6. \u5982\u679c\u5728\u547d\u4ee4\u884c\u4e0a\u6307\u5b9a\u4e86\u914d\u7f6e\u6587\u4ef6, \u7cfb\u7edf\u7ea7\u914d\u7f6e\u6587\u4ef6 (\/etc\/ssh\/ssh_config ) \u5c06\u88ab\u5ffd\u7565. \u9ed8\u8ba4\u7684\u7528\u6237\u7ea7\u914d\u7f6e\u6587\u4ef6\u662f $HOME\/.ssh\/config
\n-v\uff1a\u5197\u8be6\u6a21\u5f0f. \u4f7f \u6253\u5370\u5173\u4e8e\u8fd0\u884c\u60c5\u51b5\u7684\u8c03\u8bd5\u4fe1\u606f. \u5728\u8c03\u8bd5\u8fde\u63a5, \u8ba4\u8bc1\u548c\u914d\u7f6e\u95ee\u9898\u65f6\u975e\u5e38\u6709\u7528. \u5e76\u8054\u7684 -v \u9009\u9879\u80fd\u591f\u589e\u52a0\u5197\u8be6\u7a0b\u5ea6. \u6700\u591a\u4e3a\u4e09\u4e2a
\n-1\uff1a\u5f3a\u5236 \u53ea\u4f7f\u7528\u534f\u8bae\u7b2c\u4e00\u7248.
\n-2\uff1a\u5f3a\u5236 \u53ea\u4f7f\u7528\u534f\u8bae\u7b2c\u4e8c\u7248.
\n-4\uff1a\u5f3a\u5236 \u53ea\u4f7f\u7528 IPv4 \u5730\u5740.
\n-6\uff1a\u5f3a\u5236 \u53ea\u4f7f\u7528 IPv6 \u5730\u5740<\/p>\n

sftp<\/h2>\n

\u53ef\u4ee5\u901a\u8fc7ssh\u6765\u4e0a\u4f20\u548c\u4e0b\u8f7d\u6587\u4ef6\uff0c\u662f\u5e38\u7528\u7684\u6587\u4ef6\u4f20\u8f93\u5de5\u5177\uff0c\u5b83\u7684\u4f7f\u7528\u65b9\u5f0f\u4e0eftp\u7c7b\u4f3c\uff0c\u4f46\u5b83\u4f7f\u7528ssh\u4f5c\u4e3a\u5e95\u5c42\u4f20\u8f93\u534f\u8bae\uff0c\u6240\u4ee5\u5b89\u5168\u6027\u6bd4ftp\u8981\u597d\u5f97\u591a<\/p>\n

\u683c\u5f0f\uff1asftp <host>
\n\u901a\u8fc7sftp\u8fde\u63a5<host>\uff0c\u7aef\u53e3\u4e3a\u9ed8\u8ba4\u768422\uff0c\u7528\u6237\u4e3aLinux\u5f53\u524d\u767b\u5f55\u7528\u6237\u3002<\/p>\n

\u683c\u5f0f\uff1asftp -oPort=<port> <host>
\n\u901a\u8fc7sftp\u8fde\u63a5<host>\uff0c\u6307\u5b9a\u7aef\u53e3<port>\uff0c\u7528\u6237\u4e3aLinux\u5f53\u524d\u767b\u5f55\u7528\u6237\u3002<\/p>\n

\u683c\u5f0f\uff1asftp <user>@<host>
\n\u901a\u8fc7sftp\u8fde\u63a5<host>\uff0c\u7aef\u53e3\u4e3a\u9ed8\u8ba4\u768422\uff0c\u6307\u5b9a\u7528\u6237<user>\u3002<\/p>\n

\u683c\u5f0f\uff1asftp -oPort=<port> <user>@<host>
\n\u901a\u8fc7sftp\u8fde\u63a5<host>\uff0c\u7aef\u53e3\u4e3a<port>\uff0c\u7528\u6237\u4e3a<user><\/p>\n

cd\uff1a\u8def\u5f84 \u66f4\u6539\u8fdc\u7a0b\u76ee\u5f55\u5230\u201c\u8def\u5f84\u201d
\nlcd\uff1a\u8def\u5f84 \u66f4\u6539\u672c\u5730\u76ee\u5f55\u5230\u201c\u8def\u5f84\u201d
\nchgrp group path\uff1a\u5c06\u6587\u4ef6\u201cpath\u201d\u7684\u7ec4\u66f4\u6539\u4e3a\u201cgroup\u201d
\nchmod mode path\uff1a\u5c06\u6587\u4ef6\u201cpath\u201d\u7684\u6743\u9650\u66f4\u6539\u4e3a\u201cmode\u201d
\nchown owner path\uff1a\u5c06\u6587\u4ef6\u201cpath\u201d\u7684\u5c5e\u4e3b\u66f4\u6539\u4e3a\u201cowner\u201d
\nexit\uff1a\u9000\u51fa sftp
\nhelp\uff1a\u663e\u793a\u8fd9\u4e2a\u5e2e\u52a9\u6587\u672c
\nget\uff1a\u8fdc\u7a0b\u8def\u5f84 \u4e0b\u8f7d\u6587\u4ef6
\nln existingpath linkpath\uff1a\u7b26\u53f7\u94fe\u63a5\u8fdc\u7a0b\u6587\u4ef6
\nls [\u9009\u9879] [\u8def\u5f84]\uff1a\u663e\u793a\u8fdc\u7a0b\u76ee\u5f55\u5217\u8868
\nlls [\u9009\u9879] [\u8def\u5f84]\uff1a\u663e\u793a\u672c\u5730\u76ee\u5f55\u5217\u8868
\nmkdir\uff1a\u8def\u5f84 \u521b\u5efa\u8fdc\u7a0b\u76ee\u5f55
\nlmkdir\uff1a\u8def\u5f84 \u521b\u5efa\u672c\u5730\u76ee\u5f55
\nmv oldpath newpath\uff1a\u79fb\u52a8\u8fdc\u7a0b\u6587\u4ef6
\nopen\uff1a[\u7528\u6237@]\u4e3b\u673a[:\u7aef\u53e3] \u8fde\u63a5\u5230\u8fdc\u7a0b\u4e3b\u673a
\nput\uff1a\u672c\u5730\u8def\u5f84 \u4e0a\u4f20\u6587\u4ef6
\npwd\uff1a\u663e\u793a\u8fdc\u7a0b\u5de5\u4f5c\u76ee\u5f55
\nlpwd\uff1a\u6253\u5370\u672c\u5730\u5de5\u4f5c\u76ee\u5f55
\nquit\uff1a\u9000\u51fa sftp
\nrmdir\uff1a\u8def\u5f84 \u79fb\u9664\u8fdc\u7a0b\u76ee\u5f55
\nlrmdir\uff1a\u8def\u5f84 \u79fb\u9664\u672c\u5730\u76ee\u5f55
\nrm\uff1a\u8def\u5f84 \u5220\u9664\u8fdc\u7a0b\u6587\u4ef6
\nlrm\uff1a\u8def\u5f84 \u5220\u9664\u672c\u5730\u6587\u4ef6
\nsymlink existingpath linkpath\uff1a\u7b26\u53f7\u94fe\u63a5\u8fdc\u7a0b\u6587\u4ef6
\nversion\uff1a\u663e\u793a\u534f\u8bae\u7248\u672c<\/p>\n

scp<\/h2>\n

\u5728\u4e3b\u673a\u95f4\u590d\u5236\u6587\u4ef6\u3002\u4ed6\u4f7f\u7528 ssh(1)\u4f5c\u4e3a\u6570\u636e\u4f20\u8f93\u3002\u800c\u4e14\u7528\u540c\u6837\u8ba4\u8bc1\u548c\u5b89\u5168\u6027\u3002 scp\u5c06\u5728\u8ba4\u8bc1\u4e2d\u8bf7\u6c42\u8f93\u5165\u5bc6\u7801\u6240\u6709\u7684\u6587\u4ef6\u53ef\u80fd\u9700\u8981\u670d\u52a1\u5668\u548c\u7528\u6237\u7684\u7279\u522b\u63cf\u8ff0\u6765\u6307\u660e\u6587\u4ef6\u5c06\u88ab\u590d\u5236\u5230\/\u4ece\u67d0\u53f0\u670d\u52a1\u5668\u3002\u4e24\u4e2a\u8fdc\u7a0b\u767b\u5f55\u7684\u670d\u52a1\u5668\u95f4\u7684\u6587\u4ef6\u590d\u5236\u662f\u5141\u8bb8\u7684<\/p>\n

-1\uff1a\u5f3a\u5236scp \u7528\u534f\u8bae1
\n-2\uff1a\u5f3a\u5236scp \u7528\u534f\u8bae2
\n-4\uff1a\u5f3a\u5236scp\u7528IPV4\u7684\u7f51\u5740
\n-6\uff1a\u5f3a\u5236scp\u7528IPV6\u7684\u7f51\u5740
\n-B\uff1a\u9009\u62e9\u6279\u5904\u7406\u6a21\u5f0f\uff08\u9632\u6b62\u8f93\u5165\u5bc6\u7801\uff09
\n-C\uff1a\u5141\u8bb8\u538b\u7f29\u3002 \u6807\u6ce8-C\u5230ssh(1)\u6765\u5141\u8bb8\u538b\u7f29
\n-c\uff1acipher\u9009\u62e9cipher\u6765\u52a0\u5bc6\u6570\u636e\u4f20\u8f93\u3002\u8fd9\u4e2a\u9009\u9879\u76f4\u63a5\u4f20\u9012\u5230ssh(1)
\n-F\uff1assh_config\u8bbe\u5b9a\u4e00\u4e2a\u53ef\u53d8\u52a8\u7684\u7528\u6237\u914d\u7f6e\u7ed9ssh.\u8fd9\u4e2a\u9009\u9879\u76f4\u63a5\u4f1a\u88ab\u4f20\u9012\u5230ssh(1)
\n-i\uff1aidentity_file\u9009\u62e9\u88abRSA\u8ba4\u8bc1\u8bfb\u53d6\u79c1\u6709\u5bc6\u7801\u7684\u6587\u4ef6\u3002\u8fd9\u4e2a\u9009\u9879\u53ef\u4ee5\u76f4\u63a5\u88ab\u4f20\u9012\u5230ssh(1)
\n-l\uff1alimit\u9650\u5236\u4f20\u8f93\u5e26\u5bbd\uff0c\u4e5f\u5c31\u662f\u901f\u5ea6 \u7528KByte\/s\u7684\u901f\u5ea6
\n-o\uff1assh_option \u53ef\u4ee5\u628assh_config\u4e2d\u7684\u914d\u7f6e\u683c\u5f0f\u4f20\u5230ssh\u4e2d\u3002\u8fd9\u79cd\u6a21\u5f0f\u5bf9\u4e8e\u8bf4\u660e\u6ca1\u6709\u72ec\u7acb\u7684scp\u6587\u4ef6\u4e2d\u65ad\u7b26\u7684scp\u5f88\u6709\u5e2e\u52a9\u3002\u5173\u4e8e\u9009\u9879\u7684\u5982\u4e0b\u3002\u800c\u4ed6\u4eec\u7684\u503c\u8bf7\u53c2\u770bssh_config(5)
\n-P\uff1aport \u6307\u5b9a\u8fde\u63a5\u8fdc\u7a0b\u8fde\u63a5\u7aef\u53e3\u3002\u6ce8\u610f\u8fd9\u4e2a\u9009\u9879\u9700\u8981\u5199\u6210\u5927\u5199\u7684\u6a21\u5f0f\u3002\u56e0\u4e3a-p\u5df2\u7ecf\u65e9\u4fdd\u7559\u4e86\u6b21\u6570\u548c\u6a21\u5f0f
\n-S\uff1aprogram \u6307\u5b9a\u4e00\u4e2a\u52a0\u5bc6\u7a0b\u5e8f\u3002\u8fd9\u4e2a\u7a0b\u5e8f\u5fc5\u987b\u53ef\u8bfb\u6240\u6709ssh(1)\u7684\u9009\u9879\u3002
\n-p\uff1a\u6307\u5b9a\u4fee\u6539\u6b21\u6570\uff0c\u8fde\u63a5\u6b21\u6570\uff0c\u8fd8\u6709\u5bf9\u4e8e\u539f\u6587\u4ef6\u7684\u6a21\u5f0f
\n-q\uff1a\u628a\u8fdb\u5ea6\u53c2\u6570\u5173\u6389
\n-r\uff1a\u9012\u5f52\u7684\u590d\u5236\u6574\u4e2a\u6587\u4ef6\u5939
\n-S\uff1aprogram \u6307\u5b9a\u4e00\u4e2a\u52a0\u5bc6\u7a0b\u5e8f\u3002\u8fd9\u4e2a\u7a0b\u5e8f\u5fc5\u987b\u53ef\u8bfb\u6240\u6709ssh(1)\u7684\u9009\u9879\u3002
\n-V\uff1a\u5197\u4f59\u6a21\u5f0f\u3002 \u8ba9 scp \u548c ssh(1) \u6253\u5370\u4ed6\u4eec\u7684\u6392\u9519\u4fe1\u606f\uff0c \u8fd9\u4e2a\u5728\u6392\u9519\u8fde\u63a5\uff0c\u8ba4\u8bc1\uff0c\u548c\u914d\u7f6e\u4e2d\u975e\u5e38\u6709\u7528<\/p>\n

sshpass<\/h2>\n

\u662f\u4e00\u4e2a\u7b80\u5355\u3001\u8f7b\u91cf\u7ea7\u7684\u547d\u4ee4\u884c\u5de5\u5177\uff0c\u901a\u8fc7\u5b83\u6211\u4eec\u80fd\u591f\u5411\u547d\u4ee4\u63d0\u793a\u7b26\u672c\u8eab\u63d0\u4f9b\u5bc6\u7801\uff08\u975e\u4ea4\u4e92\u5f0f\u5bc6\u7801\u9a8c\u8bc1\uff09\uff0c\u8fd9\u6837\u5c31\u53ef\u4ee5\u901a\u8fc7 cron \u8c03\u5ea6\u5668\u6267\u884c\u81ea\u52a8\u5316\u7684 shell \u811a\u672c\u8fdb\u884c\u5907\u4efd<\/p>\n

-f filename\uff1a\u4ece\u6587\u4ef6\u4e2d\u83b7\u53d6\u5bc6\u7801
\n-d number\uff1a\u4f7f\u7528\u6570\u5b57\u4f5c\u4e3a\u83b7\u53d6\u5bc6\u7801\u7684\u6587\u4ef6\u63cf\u8ff0\u7b26
\n-p password\uff1a\u6307\u5b9a\u660e\u6587\u672c\u5bc6\u7801\u8f93\u5165\uff08\u5b89\u5168\u6027\u8f83\u5dee\uff09
\n-e \u4ece\u73af\u5883\u53d8\u91cfSSHPASS\u83b7\u53d6\u5bc6\u7801<\/p>\n

\u5bc6\u94a5\u7c7b\u578b<\/h2>\n

dsa(\u8001\u7684)
\nrsa(\u65b0\u7684)<\/p>\n

DSA\u548cRSA\u7684\u533a\u522b<\/h2>\n
\n
\n

DSA\u662f\u57fa\u4e8e\u6574\u6570\u6709\u9650\u57df\u79bb\u6563\u5bf9\u6570\u96be\u9898\u7684\uff0cDSA\u7684\u4e00\u4e2a\u91cd\u8981\u7279\u70b9\u662f\u4e24\u4e2a\u7d20\u6570\u516c\u5f00\uff0c\u8fd9\u6837\uff0c\u5f53\u4f7f\u7528\u522b\u4eba\u7684p\u548cq\u65f6\uff0c\u5373\u4f7f\u4e0d\u77e5\u9053\u79c1\u94a5\uff0c\u4f60\u4e5f\u80fd\u786e\u8ba4\u5b83\u4eec\u662f\u5426\u662f\u968f\u673a\u4ea7\u751f\u7684\uff0c\u8fd8\u662f\u4f5c\u4e86\u624b\u811a\u3002RSA\u7b97\u6cd5\u5374\u505a\u4e0d\u5230\u3002<\/p>\n

RSA\u7b97\u6cd5\u5728\u7f51\u7edc\u5bb9\u6613\u5b9e\u73b0\u5bc6\u94a5\u7ba1\u7406,\u4fbf\u8fdb\u884c\u6570\u5b57\u7b7e\u540d,\u7b97\u6cd5\u590d\u6742,\u52a0\/\u89e3\u901f\u5ea6\u6162,\u91c7\u7528\u975e\u5bf9\u79f0\u52a0\u5bc6<\/p>\n

DSA \u7528\u4e8e\u7b7e\u540d\uff0c\u800c RSA \u53ef\u7528\u4e8e\u7b7e\u540d\u548c\u52a0\u5bc6\u3002<\/p>\n

RSA\u7684\u5b89\u5168\u6027\u4e00\u76f4\u672a\u80fd\u5f97\u5230\u7406\u8bba\u4e0a\u7684\u8bc1\u660e\u3002 RSA\u7684\u5b89\u5168\u6027\u4f9d\u8d56\u4e8e\u5927\u6570\u5206\u89e3\u3002\u516c\u94a5\u548c\u79c1\u94a5\u90fd\u662f\u4e24\u4e2a\u5927\u7d20\u6570\uff08 \u5927\u4e8e 100\u4e2a\u5341\u8fdb\u5236\u4f4d\uff09\u7684\u51fd\u6570\u3002\u636e\u731c\u6d4b\uff0c\u4ece\u4e00\u4e2a\u5bc6\u94a5\u548c\u5bc6\u6587\u63a8\u65ad\u51fa\u660e\u6587\u7684\u96be\u5ea6\u7b49\u540c\u4e8e\u5206\u89e3\u4e24\u4e2a\u5927\u7d20\u6570\u7684\u79ef<\/p>\n<\/div>\n<\/div>\n

\u73af\u5883\u51c6\u5907<\/h3>\n

\u7ba1\u7406\u673a<\/h4>\n

[root@sshd ~]$ hostname -I
\n10.0.0.13 172.16.1.13<\/p>\n

\u88ab\u7ba1\u7406\u673a<\/h4>\n

[root@sshd-01 ~]$ hostname -I
\n10.0.0.113 172.16.1.113<\/p>\n

[root@sshd-02 ~]$ hostname -I
\n10.0.0.213 172.16.1.213<\/p>\n

\u521b\u5efa\u5bc6\u94a5\u5bf9<\/h4>\n

[root@sshd ~]$ ssh-keygen -t rsa
\nGenerating public\/private rsa key pair.
\nEnter file in which to save the key (\/root\/.ssh\/id_rsa):\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u9ed8\u8ba4.ssh\u76ee\u5f55\uff0c\u5982\u679c\u76ee\u5f55\u4e0d\u5b58\u5728\u4f1a\u81ea\u52a8\u521b\u5efa
\nEnter passphrase (empty for no passphrase):\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u52a0\u53ea\u8bfb\u5bc6\u7801 \u6309\u56de\u8f66\u5bc6\u7801\u4e3a\u7a7a
\nEnter same passphrase again:\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u786e\u8ba4
\nYour identification has been saved in \/root\/.ssh\/id_rsa.\u00a0 \u00a0 \u00a0 \u00a0 #\u79c1\u94a5\u7684\u4f4d\u7f6e\u53ca\u540d\u5b57
\nYour public key has been saved in \/root\/.ssh\/id_rsa.pub.\u00a0 \u00a0 \u00a0 #\u516c\u94a5\u7684\u4f4d\u7f6e\u53ca\u540d\u5b57\uff0c\u516c\u94a5\u662f\u4ee5.pub\u7ed3\u5c3e\u7684\uff08\u9ed8\u8ba4\uff09
\nThe key fingerprint is:
\nSHA256:LR3OlI85m1ZcdcCMa4\/IQYSorhn9EmJ8Fl3BR7lGVYw root@sshd
\nThe key’s randomart image is:
\n+—[RSA 2048]—-+
\n| o.=oo.Bo.o|
\n| . + =.E +..|
\n| o . ++. .. |
\n| o . *+*o. |
\n| . o . SoO++o |
\n| = * .o=. . |
\n| . B o + |
\n| o . . . |
\n| . |
\n+—-[SHA256]—–+<\/p>\n

\u67e5\u770b\u76ee\u5f55<\/h4>\n

[root@sshd ~]$ ll .ssh\/
\ntotal 8
\n-rw——- 1 root root 1679 Jul 22 16:36 id_rsa
\n-rw-r–r– 1 root root 391 Jul 22 16:36 id_rsa.pub<\/p>\n

\u5206\u53d1\u5bc6\u94a5(\u516c\u94a5)
\n\u9ed8\u8ba4\u4e3aroot\u7528\u6237\uff0c\u5982\u679c\u60f3\u8981\u53d1\u5e03\u5230\u5176\u5b83\u7528\u6237\u52a0\u4e0anginx@172.16.1.113<\/h4>\n

[root@sshd ~]$ ssh-copy-id -i \/root\/.ssh\/id_rsa.pub 172.16.1.113
\n\/usr\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: “\/root\/.ssh\/id_rsa.pub”
\nThe authenticity of host ‘172.16.1.113 (172.16.1.113)’ can’t be established.
\nECDSA key fingerprint is SHA256:HPnpdimIQY\/ffHz814mUh16PmTB1MMFY0WI0EECtWHg.
\nECDSA key fingerprint is MD5:e3:d0:2e:7f:08:db:d4:c6:6d:35:74:1e:26:c2:91:6b.
\nAre you sure you want to continue connecting (yes\/no)? yes
\n\/usr\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
\n\/usr\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
\nroot@172.16.1.113’s password:<\/p>\n

Number of key(s) added: 1<\/p>\n

Now try logging into the machine, with: “ssh ‘172.16.1.113’”
\nand check to make sure that only the key(s) you wanted were added.<\/p>\n

\u6d4b\u8bd5<\/h4>\n

[root@sshd ~]$ ssh 172.16.1.113
\nLast login: Fri Jul 22 12:29:11 2022
\n[root@sshd-01 ~]$ hostname -I
\n10.0.0.113 172.16.1.113<\/p>\n

\u67e5\u770b113\u673a\u5668\u4e0a.ssh\u76ee\u5f55<\/h4>\n

[root@sshd-01 ~]$ ll .ssh\/
\ntotal 4
\n-rw——- 1 root root 391 Jul 22 18:09 authorized_keys<\/p>\n

\u67e5\u770b.ssh\u76ee\u5f55\u4e0b\u7684\u6587\u4ef6\u662f\u5426\u4e00\u81f4<\/h4>\n

\"\"<\/a><\/p>\n

ssh-copy-id \u539f\u7406<\/h4>\n

[root@sshd ~]$ vim \/bin\/ssh-copy-id<\/p>\n

295\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ssh “$@” “exec sh -c ‘cd ; umask 077 ; mkdir -p .ssh && cat >> .ssh\/authorized_keys || exit 1 ; if type restorecon >\/dev\/null 2>&1 ; then restorec
\non -F .ssh .ssh\/authorized_keys ; fi'” \\<\/p>\n

\u89e3\u91ca<\/h4>\n

\u8fdb\u5165\u5f53\u524d\u7528\u6237\u5bb6\u76ee\u5f55
\ncd<\/p>\n

\u4fee\u6539\u7cfb\u7edf\u7684umask 077; \u521b\u5efa\u6587\u4ef6600 ,\u76ee\u5f55700
\numask 077<\/p>\n

\u521b\u5efa\u76ee\u5f55
\nmkdir -p .ssh<\/p>\n

\u628a\u521b\u5efa\u516c\u94a5\u5185\u5bb9\u8ffd\u52a0\u5230 .ssh\/authorized_keys \u6587\u4ef6\u4e2d
\ncat >> .ssh\/authorized_keys<\/p>\n

6.ssh\u670d\u52a1\u7aef\u914d\u7f6e<\/h1>\n

\u5b89\u5168\u8981\u6c42\u9ad8\u7684\u573a\u666f\u4f1a\u7981\u7528\u5bc6\u7801\u767b\u5f55, \u53ea\u5f00\u542f\u79d8\u94a5\u8ba4\u8bc1<\/h2>\n

[root@sshd ~]$ egrep -n “PubkeyAuthentication|PasswordAuthentication” \/etc\/ssh\/sshd_config
\n43:#PubkeyAuthentication yes\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0#\u662f\u5426\u5f00\u542f\u79d8\u94a5\u8ba4\u8bc1
\n63:#PasswordAuthentication yes\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 #\u662f\u5426\u5f00\u542f\u5bc6\u7801\u8ba4\u8bc1(\u767b\u5f55)<\/p>\n

\u914d\u7f6e\u6587\u4ef6<\/h2>\n

ssh\u8fde\u63a5\u9ed8\u8ba4\u7aef\u53e3\u4e3a22\uff0c\u8fd9\u90fd\u77e5\u9053\u3002\u56e0\u6b64\uff0c\u4e3a\u63d0\u9ad8\u5b89\u5168\u7ea7\u522b\uff0c\u5efa\u8bae\u6539\u6389\u5b83<\/h4>\n

[root@sshd ~]$ egrep -n “Port” \/etc\/ssh\/sshd_config
\n17:#Port 22<\/p>\n

root\u8d85\u7ea7\u7528\u6237\u90fd\u77e5\u9053\uff0c\u5efa\u8bae\u7981\u6b62\u5b83\u8fdc\u7a0b\u767b\u9646\u80fd\u529b<\/h4>\n

[root@sshd ~]$ egrep -n “PermitRootLogin” \/etc\/ssh\/sshd_config
\n38:#PermitRootLogin yes<\/p>\n

\u7981\u6b62\u7a7a\u5bc6\u7801\u767b\u9646<\/h4>\n

[root@sshd ~]$ egrep -n “PermitEmptyPasswords” \/etc\/ssh\/sshd_config
\n64:#PermitEmptyPasswords no<\/p>\n

\u662f\u5426\u5141\u8bb8\u5bc6\u7801\u767b\u5f55<\/h4>\n

[root@sshd ~]$ egrep -n “PasswordAuthentication” \/etc\/ssh\/sshd_config
\n63:#PasswordAuthentication yes<\/p>\n

\u662f\u5426\u5141\u8bb8\u5bc6\u94a5\u8ba4\u8bc1<\/h4>\n

[root@sshd ~]$ egrep -n “PubkeyAuthentication” \/etc\/ssh\/sshd_config
\n43:#PubkeyAuthentication yes<\/p>\n

\u5982\u679c\u5f00\u542f\u5bc6\u7801\u767b\u5f55\u8fd9\u91cc\u8981\u662fyes<\/h4>\n

[root@sshd ~]$ egrep -n “UsePAM” \/etc\/ssh\/sshd_config
\n96:UsePAM yes<\/p>\n

\u8fde\u63a5\u901f\u5ea6<\/h2>\n

\u8fdc\u7a0b\u8fde\u63a5\u7684ip\u5730\u5740—>\u89e3\u6790\u4e3a\u57df\u540d<\/h4>\n

[root@sshd ~]$ egrep -n “UseDNS|GSSAPIAuthentication” \/etc\/ssh\/sshd_config
\n79:GSSAPIAuthentication no
\n115:UseDNS no<\/p>\n

\u76d1\u542c\u5730\u5740<\/h2>\n

[root@sshd ~]$ egrep -n “ListenAddress” \/etc\/ssh\/sshd_config
\n19:#ListenAddress 0.0.0.0
\n20:#ListenAddress ::<\/p>\n

\u9700\u6c42<\/h4>\n

\u8ba9\u7528\u6237\u53ea\u80fd\u901a\u8fc7\u5185\u7f51\u7684ip\u8fde\u63a5\u670d\u52a1\u5668 \u00a0 ,\u65e0\u6cd5\u901a\u8fc7\u516c\u7f51ip\u8fde\u63a5\u8fdb\u6765<\/p>\n

\u5b9e\u73b0<\/h4>\n

1.\u5173\u95ed\u516c\u7f51\u7f51\u5361
\n2.\u4f7f\u7528\u9632\u706b\u5899\u63a7\u5236
\n3.\u4f7f\u7528sshd_config ListenAddress<\/p>\n

ListenAddress 172.16.1.13<\/p>\n

7.ssh\u5ba2\u6237\u7aef\u547d\u4ee4<\/h1>\n

\u62ec\u53f7\u91cc\u7684\u662f\u4e0d\u52a0\u5bc6\u7684<\/h2>\n

ssh(telnet)
\nsftp(ftp)
\nscp(rcp)<\/h3>\n

ssh<\/h2>\n

\u6307\u5b9a\u7aef\u53e3\u53f7<\/h4>\n

[root@sshd ~]$ ssh -p22 172.16.1.113<\/p>\n

\u6307\u5b9a\u7528\u6237,ssh\u8fde\u63a5\u9ed8\u8ba4\u4f7f\u7528\u5f53\u524d\u7528\u6237\uff08\u8fd9\u4e2a\u7528\u6237\u4e0d\u4f1a\u76f4\u63a5\u8fde\u63a5\uff0c\u56e0\u4e3a\u6ca1\u6709\u7ed9\u8fd9\u4e2a\u7528\u6237\u914d\u5bc6\u94a5\uff09<\/h4>\n

[root@sshd ~]$ ssh dmxsp@10.0.0.113<\/p>\n

\u8fde\u63a5\u7684\u65f6\u5019\u4e0d\u9a8c\u8bc1\u4e3b\u673a\u5bc6\u94a5<\/h4>\n

[root@sshd ~]$ ssh -o StrictHostKeyChecking=no dmxsp@10.0.0.113<\/p>\n

sftp<\/h2>\n

sftp linux\u4e2dftp\u5ba2\u6237\u7aef
\nxftp windows\u4e2d\u7684ftp\u5ba2\u6237\u7aef<\/p>\n

\u4ea4\u4e92\u5f0f<\/h4>\n

[root@sshd ~]$ sftp 172.16.1.113
\nConnected to 172.16.1.113.
\nsftp> ls
\nCentos-7.repo anaconda-ks.cfg epel-7.repo<\/p>\n

\u67e5\u770b\u53ef\u4ee5\u4f7f\u7528\u7684\u547d\u4ee4<\/h4>\n
sftp> help\r\nAvailable commands:\r\nbye Quit sftp\r\ncd path Change remote directory to 'path'\r\nchgrp grp path Change group of file 'path' to 'grp'\r\nchmod mode path Change permissions of file 'path' to 'mode'\r\nchown own path Change owner of file 'path' to 'own'\r\ndf [-hi] [path] Display statistics for current directory or\r\nfilesystem containing 'path'\r\nexit Quit sftp\r\nget [-afPpRr] remote [local] Download file\r\nreget [-fPpRr] remote [local] Resume download file\r\nreput [-fPpRr] [local] remote Resume upload file\r\nhelp Display this help text\r\nlcd path Change local directory to 'path'\r\nlls [ls-options [path]] Display local directory listing\r\nlmkdir path Create local directory\r\nln [-s] oldpath newpath Link remote file (-s for symlink)\r\nlpwd Print local working directory\r\nls [-1afhlnrSt] [path] Display remote directory listing\r\nlumask umask Set local umask to 'umask'\r\nmkdir path Create remote directory\r\nprogress Toggle display of progress meter\r\nput [-afPpRr] local [remote] Upload file\r\npwd Display remote working directory\r\nquit Quit sftp\r\nrename oldpath newpath Rename remote file\r\nrm path Delete remote file\r\nrmdir path Remove remote directory\r\nsymlink oldpath newpath Symlink remote file\r\nversion Show SFTP version\r\n!command Execute 'command' in local shell\r\n! Escape to local shell\r\n? Synonym for help<\/pre>\n
\u975e\u4ea4\u4e92\u5f0f<\/h4>\n
[root@sshd ~]$ cat upload.ftp
\nput \/etc\/hosts \u00a0 \/tmp
\nput -r \/etc \u00a0 \u00a0 \/opt
\nget \/etc\/hostname \/root<\/p>\n
[root@sshd ~]$ sftp -b upload.ftp 172.16.1.113<\/p>\n
\"\"<\/a><\/p>\n
\"\"<\/a><\/p>\n
\"\"<\/a><\/p>\n
scp<\/h2>\n
\u4f20\u8f93\u6587\u4ef6<\/h4>\n
[root@sshd ~]$ scp -P22 \/etc\/passwd 172.16.1.113:\/mnt\/
\npasswd 100% 1057 1.8MB\/s 00:00<\/p>\n
8.\u6279\u91cf\u5206\u53d1\u5bc6\u94a5<\/h1>\n
\u975e\u4ea4\u4e92\u53d1\u9001\u5bc6\u94a5\u52301\u53f0\u673a\u5668<\/h2>\n
\u514d\u4ea4\u4e92\u521b\u5efa\u5bc6\u94a5\u5bf9<\/h4>\n
[root@sshd ~]$ ssh-keygen -t rsa -f \/root\/.ssh\/id_rsa -P ”
\nGenerating public\/private rsa key pair.
\nYour identification has been saved in \/root\/.ssh\/id_rsa.
\nYour public key has been saved in \/root\/.ssh\/id_rsa.pub.
\nThe key fingerprint is:
\nSHA256:jaQg2mkGgueXcF01dI4XaNljXAo+h\/g2opmzxXZCaSk root@sshd
\nThe key’s randomart image is:
\n+—[RSA 2048]—-+
\n| .o==o.. |
\n|. . . o+B=o |
\n|+ + o . o.=.=. |
\n|.* = o o * + |
\n|. * o E S = |
\n| o . O o . |
\n| = = . |
\n| = o |
\n| . |
\n+—-[SHA256]—–+<\/p>\n
\u975e\u4ea4\u4e92\u5f0f\u5206\u53d1\u5bc6\u94a5\u5bf9<\/h4>\n
[root@sshd ~]$ ssh-copy-id -i \/root\/.ssh\/id_rsa.pub -o StrictHostKeyChecking=no -p22 172.16.1.113
\n\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: “\/root\/.ssh\/id_rsa.pub”
\n\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
\n\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
\nroot@172.16.1.113’s password:<\/p>\n
Number of key(s) added: 1<\/p>\n
Now try logging into the machine, with: “ssh -o ‘StrictHostKeyChecking=no’ -p ’22’ ‘172.16.1.113’”
\nand check to make sure that only the key(s) you wanted were added.<\/p>\n
\u975e\u4ea4\u4e92\u5f0f\u8f93\u5165\u5bc6\u7801<\/h4>\n
\u5b89\u88c5sshpass<\/h4>\n
[root@sshd ~]$ yum install -y sshpass<\/p>\n
[root@sshd ~]$ sshpass -p1 ssh-copy-id -i \/root\/.ssh\/id_rsa.pub -o StrictHostKeyChecking=no -p22 172.16.1.113
\n\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: “\/root\/.ssh\/id_rsa.pub”
\n\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
\n\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys<\/p>\n
Number of key(s) added: 1<\/p>\n
Now try logging into the machine, with: “ssh -o ‘StrictHostKeyChecking=no’ -p ’22’ ‘172.16.1.113’”
\nand check to make sure that only the key(s) you wanted were added.<\/p>\n
\u6279\u91cf\u53d1\u9001<\/h2>\n
\u5faa\u73af\u811a\u672c<\/h4>\n
[root@sshd ~]$ cat sshd.sh
\nfor ip in {113,213}
\ndo
\nsshpass -p1 ssh-copy-id -i \/root\/.ssh\/id_rsa.pub -o StrictHostKeyChecking=no -p22 172.16.1.$ip
\ndone<\/p>\n
[root@sshd ~]$ sh sshd.sh
\n\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: “\/root\/.ssh\/id_rsa.pub”
\n\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
\n\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys<\/p>\n
Number of key(s) added: 1<\/p>\n
Now try logging into the machine, with: “ssh -o ‘StrictHostKeyChecking=no’ -p ’22’ ‘172.16.1.113’”
\nand check to make sure that only the key(s) you wanted were added.<\/p>\n
\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: “\/root\/.ssh\/id_rsa.pub”
\n\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
\n\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys<\/p>\n
Number of key(s) added: 1<\/p>\n
Now try logging into the machine, with: “ssh -o ‘StrictHostKeyChecking=no’ -p ’22’ ‘172.16.1.213’”
\nand check to make sure that only the key(s) you wanted were added.<\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":""},"categories":[8],"tags":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=\/wp\/v2\/posts\/613"}],"collection":[{"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=613"}],"version-history":[{"count":7,"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=\/wp\/v2\/posts\/613\/revisions"}],"predecessor-version":[{"id":751,"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=\/wp\/v2\/posts\/613\/revisions\/751"}],"wp:attachment":[{"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=613"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=613"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.qiangzhenshuai.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}