OpenSSH
telnet
查看telnet的程序包
telnet是客户端
telnet-server是服务端
[root@zz ~]# yum list all telnet*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
Available Packages
telnet.x86_64 1:0.17-48.el6 CD
telnet-server.x86_64 1:0.17-48.el6 CD
[root@zz ~]#
开启telnet服务端
有点奇葩
[root@qq ~]# chkconfig telnet on
[root@qq ~]# service xinetd restart
Stopping xinetd: [FAILED]
Starting xinetd: [ OK ]
[root@qq ~]#
[root@qq ~]# ss -tnl | grep :23
LISTEN 0 64 :::23 :::*
[root@qq ~]#
telnet连接服务端测试
[root@zz ~]# telnet 10.201.106.129
Trying 10.201.106.129...
Connected to 10.201.106.129.
Escape character is '^]'.
CentOS release 6.6 (Final)
Kernel 2.6.32-504.el6.x86_64 on an x86_64
login: qq
Password:
Last login: Thu Jul 28 15:50:28 from 10.201.106.1
[qq@qq ~]$ su -
Password:
[root@qq ~]# ifconfig
[root@qq ~]# ss -tn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
ESTAB 0 0 10.201.106.129:23 10.201.106.128:39829
ESTAB 0 52 10.201.106.129:22 10.201.106.1:52513
ESTAB 0 0 10.201.106.129:23 10.201.106.1:55147
ssh登录测试
[root@qq ~]# ssh [email protected]
[email protected]'s password:
Last login: Thu Jul 28 21:11:53 2016 from 10.201.106.129
[root@qq ~]# exit
logout
Connection to 10.201.106.129 closed.
[root@qq ~]#
[root@qq ~]# ssh -l root 10.201.106.129
[email protected]'s password:
Last login: Thu Jul 28 21:16:25 2016 from 10.201.106.129
[root@qq ~]#
查看系统内核、系统
[root@qq ~]# uname -r
2.6.32-504.el6.x86_64
[root@qq ~]# uname -s
Linux
远程登录执行完命令后退出
[root@zz ~]# ssh [email protected] 'hostname'
[email protected]'s password:
qq
[root@zz ~]# hostname
zz
[root@zz ~]#
查看ssh客户端配置文件,并设置不做严格检查(第一次信任密钥)
[root@zz ~]# vim /etc/ssh/ssh_config
Host *
GSSAPIAuthentication yes
StrictHostKeyChecking no
ssh密钥登录
1、生成密钥
[root@zz .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e5:7f:8a:b4:b6:24:c3:68:77:a8:59:24:e1:e9:8c:b7 root@zz
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . . |
| . o o |
| + S . |
| + = . . |
| . * B + . . |
| o * *.o o |
| E .+.. |
+-----------------+
[root@zz .ssh]#
id_rsa:私钥;id_rsa.pub:公钥
[root@zz .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@zz .ssh]#
或者 -P:空密码;
[root@zz .ssh]# ssh-keygen -t rsa -P '' -f '/root/.ssh/id_rsa'
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
87:bf:22:54:b9:1a:f1:3a:41:ed:7c:b7:59:9f:2b:81 root@zz
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . . |
| o +. |
| . *S.. . |
| + =o.E... |
| . = ... +...|
| = . .o. ..|
| o .. ...|
+-----------------+
[root@zz .ssh]#
把公钥传输至远程服务器对应用户的家目录
[root@zz .ssh]# ssh-copy-id -i id_rsa.pub [email protected]
[email protected]'s password:
Now try logging into the machine, with "ssh '[email protected]'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@zz .ssh]#
[root@qq ~]# cd .ssh/
[root@qq .ssh]# ls
authorized_keys
[root@qq .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtq90JaSmELfUUbf/Ou9mawVRHZ2u4wUCjdu+7qyeMCeHu2QxRkS2pfvy806RA/BHzDvKdFfnsSBBa9phfucKOF7Z6SqCr7T9S+wTiqht1OStMYAOUPRWV911GSk4TJWJbL6x/Hq2q9dKcFjLVD3CMpu1AXM4K3VTr7MYwF9LNjhHVwFfvsNzIyVyEWFUkbfjOs/xlv1EWqiDwVQHrnWdgPdUu0E4JkU70A0yEPnMDvfNp4nPbeC6taXy+/RatHEOS45VlBhPEmhmDAzP5cE4Woi0QSAa6kDGA2UzUgkAtyFqcN0UapGzA1aTgl/+6eXDoP5fBU3QSUhdsN6ugzQMiw== root@zz
[root@qq .ssh]#
登陆测试:无须密码直接就可以登录了;
[root@zz .ssh]# ssh [email protected]
Last login: Sat Jul 30 15:51:25 2016 from 10.201.106.1
[root@qq ~]#
需要密码,远程执行命令;
[root@zz .ssh]# ssh [email protected] 'ifconfig'
[email protected]'s password:
[root@zz .ssh]# ssh [email protected] 'ifconfig'
eth1 Link encap:Ethernet HWaddr 00:0C:29:4E:AF:24
inet addr:10.201.106.128 Bcast:10.201.106.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4e:af24/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:36788 errors:0 dropped:0 overruns:0 frame:0
TX packets:28018 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24669470 (23.5 MiB) TX bytes:12170441 (11.6 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1288 errors:0 dropped:0 overruns:0 frame:0
TX packets:1288 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:126326 (123.3 KiB) TX bytes:126326 (123.3 KiB)
[root@zz .ssh]#
使用xshell生成的密钥登录linux
xshell-工具-新建用户密钥生成向导生成密钥,将公钥复制到linux系统的用户目录/.ssh/authorized_key文件里面;
登录测试:注意选择刚才生成的私钥登录
[c:\~]$ ssh [email protected]
Connecting to 10.201.106.128:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Last login: Sat Jul 30 15:52:30 2016 from 10.201.106.129
scp 跨主机复制文件
复制远程文件到主机
[root@zz ~]# scp [email protected]:/etc/fstab /tmp/fstab.txt
The authenticity of host '10.201.106.129 (10.201.106.129)' can't be established.
RSA key fingerprint is 20:97:23:34:df:77:2a:91:ee:bf:ac:bd:fe:3d:35:38.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.201.106.129' (RSA) to the list of known hosts.
[email protected]'s password:
fstab 100% 1369 1.3KB/s 00:00
[root@zz ~]# cat /tmp/fstab.txt
#
# /etc/fstab
# Created by anaconda on Thu Jul 28 00:37:31 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=01c53735-f7c4-4294-a944-e69df17ab9cd / ext4 defaults 1 1
上传文件到远程目录
[root@zz ~]# scp /root/test.txt [email protected]:/tmp/
[email protected]'s password:
test.txt 100% 68 0.1KB/s 00:00
[root@zz ~]#
[root@qq ~]# cat /tmp/test.txt
888888888888888888888888888888888
999999999999999999999999999999999
[root@qq ~]#
sftp,类似于ftp客户端
[root@zz ~]# sftp [email protected]
Connecting to 10.201.106.129...
[email protected]'s password:
sftp>
sftp>
sftp> ls
anaconda-ks.cfg bin bind-9.10.4-P2
bind-9.10.4-P2.tar.gz install.log install.log.syslog
test
sftp> cd /etc
sftp> ls
ConsoleKit DIR_COLORS
DIR_COLORS.256color DIR_COLORS.lightbgcolor
NetworkManager Trolltech.conf
X11 abrt
acpi adjtime
服务器端ssh:sshd
查看ssh服务器端是否有安装:
[root@zz ~]# rpm -q openssh
openssh-5.3p1-117.el6.x86_64
密钥
[root@qq ~]# ls /etc/ssh/
moduli ssh_host_dsa_key ssh_host_key.pub
ssh_config ssh_host_dsa_key.pub ssh_host_rsa_key
sshd_config ssh_host_key ssh_host_rsa_key.pub
[root@qq ~]#
查看ssh登录日志
[root@qq ~]# tail /var/log/secure
Jul 29 06:22:39 qq sshd[55357]: pam_unix(sshd:session): session closed for user root
Jul 29 06:24:30 qq sshd[55376]: Accepted password for root from 10.201.106.128 port 41228 ssh2
Jul 29 06:24:31 qq sshd[55376]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 29 06:24:31 qq sshd[55376]: subsystem request for sftp
Jul 29 06:27:35 qq sshd[55376]: Received disconnect from 10.201.106.128: 11: disconnected by user
Jul 29 06:27:35 qq sshd[55376]: pam_unix(sshd:session): session closed for user root
Jul 29 06:44:52 qq sshd[55439]: Accepted password for root from 10.201.106.1 port 52071 ssh2
Jul 29 06:44:52 qq sshd[55439]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 29 06:46:50 qq sshd[55470]: Accepted password for root from 10.201.106.1 port 52104 ssh2
Jul 29 06:46:50 qq sshd[55470]: pam_unix(sshd:session): session opened for user root by (uid=0)
[root@qq ~]# ll /var/log//secure
-rw-------. 1 root root 14122 Jul 29 06:46 /var/log//secure
[root@qq ~]#
在图形界面超级终端开启远程服务器的图形界面程序
1、登录服务器的服务器界面,开启超级终端;
2、带-X选项登录远程服务器:
ssh -X [email protected]
3、在远程服务器执行 xcl命令,打开时钟;
ssh更改端口后登录
[root@qq ~]# vim /etc/ssh/sshd_config
Port 22222
[root@qq ~]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd:
登录测试
[root@zz ~]# ssh 10.201.106.129 -p 22222
[email protected]'s password:
Last login: Fri Jul 29 06:46:50 2016 from 10.201.106.1
[root@qq ~]#
