部署openssh服务器

1、安装服务器端软件包
先查看是否已经安装openSSH服务器软件包
# rpm -qa|grep openssh
openssh-askpass-5.3p1-104.el6_6.1.x86_64
openssh-server-5.3p1-104.el6_6.1.x86_64          #服务器端软件包
openssh-clients-5.3p1-104.el6_6.1.x86_64        #客户端软件包
openssh-5.3p1-104.el6_6.1.x86_64                     #包含服务器端和客户端的核心文件
如果没有安装,挂载光盘,
#mkdir /mnt/local                                  #创建一个目录,用于挂载光盘文件
# mount /dev/cdrom /mnt/local/
mount: block device /dev/sr0 is write-protected, mounting read-only
# cd /mnt/local/Packages/                    #DVD镜像文件的盛放目录
进入光盘目录,找到并执行执行下列命令:
#  rpm -ivh openssh-5.3p1-94.el6.x86_64.rpm
#  rpm -ivh openssh-server-5.3p1-94.el6.x86_64.rpm
#  rpm -ivh openssh-clients-5.3p1-94.el6.x86_64.rpm
#  rpm -ivh openssh-askpass-5.3p1-94.el6.x86_64.rpm                      按序安装         

       

# ssh -v                    #版本信息
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-e escape_char] [-F configfile]
           [-I pkcs11] [-i identity_file]
           [-L [bind_address:]port:host:hostport]
           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
           [-R [bind_address:]port:host:hostport] [-S ctl_path]
           [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]
2、服务器端配置文件详解
# cat /etc/ssh/sshd_config
一般默认不需要修改就能连接,每一行都是"关键词   值"的格式。
  
13 #Port 22                                        #服务器监听的端口号
 14 #AddressFamily any
 15 #ListenAddress 0.0.0.0                 #设置OpenSSH服务器绑定的IP
 16 #ListenAddress ::
 
 18 # Disable legacy (protocol version 1) support in the server for new
 19 # installations. In future the default will change to require explicit
 20 # activation of protocol 1
 21 Protocol 2
 
 23 # HostKey for protocol version 1
 24 #HostKey /etc/ssh/ssh_host_key                  #设置包含计算机私有主机秘钥的文件
 25 # HostKeys for protocol version 2
 26 #HostKey /etc/ssh/ssh_host_rsa_key
 27 #HostKey /etc/ssh/ssh_host_dsa_key
 
 29 # Lifetime and size of ephemeral version 1 server key
 30 #KeyRegenerationInterval 1h
 31 #ServerKeyBits 1024                                    #设置服务器秘钥的位数,最小值512,默认1024
 
 33 # Logging
 34 # obsoletes QuietMode and FascistLogging
 35 #SyslogFacility AUTH
 36 SyslogFacility AUTHPRIV
 37 #LogLevel INFO                                           #设置记录ssh日志消息的级别
 
 39 # Authentication:
 
 41 #LoginGraceTime 2m                                 #设置如果用户不能成功登录,在切断连接之前服务器需要等待的时间
 42 #PermitRootLogin yes                               #设置root用户是否能够使用ssh登录
 43 #StrictModes yes
 44 #MaxAuthTries 6
 45 #MaxSessions 10                   #指定允许每个网络连接打开的最大会话数,默认10
 
 47 #RSAAuthentication yes                                                    #设置是否允许只有RSA安全验证
 48 #PubkeyAuthentication yes
 49 #AuthorizedKeysFile     .ssh/authorized_keys
 50 #AuthorizedKeysCommand none
 51 #AuthorizedKeysCommandRunAs nobody
 
 53 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
 54 #RhostsRSAAuthentication no                                                    #设置是否允许用rhosts或/etc/hosts.equiv加上RSA进行安全验证
 55 # similar for protocol version 2
 56 #HostbasedAuthentication no
 57 # Change to yes if you don't trust ~/.ssh/known_hosts for
 58 # RhostsRSAAuthentication and HostbasedAuthentication
 59 #IgnoreUserKnownHosts no
 60 # Don't read the user's ~/.rhosts and ~/.shosts files
 61 #IgnoreRhosts yes                                        #设置RhostsRSA验证和Hostbased验证的时候是否使用.rhosts和.shosts文件
 
 63 # To disable tunneled clear text passwords, change to no here!
 64 #PasswordAuthentication yes                  #设置是否允许口令验证
 65 #PermitEmptyPasswords no                     #设置是否允许用户口令为空字符串的账号登陆,默认no
 66 PasswordAuthentication yes                     #设置是否允许口令验证
 
 68 # Change to no to disable s/key passwords
 69 #ChallengeResponseAuthentication yes
 70 ChallengeResponseAuthentication no
 
 72 # Kerberos options
 73 #KerberosAuthentication no
 74 #KerberosOrLocalPasswd yes
 75 #KerberosTicketCleanup yes
 76 #KerberosGetAFSToken no
 77 #KerberosUseKuserok yes
 
 79 # GSSAPI options
 80 #GSSAPIAuthentication no
 81 GSSAPIAuthentication yes
 82 #GSSAPICleanupCredentials yes
 83 GSSAPICleanupCredentials yes
 84 #GSSAPIStrictAcceptorCheck yes
 85 #GSSAPIKeyExchange no
 
 87 # Set this to 'yes' to enable PAM authentication, account processing,
 88 # and session processing. If this is enabled, PAM authentication will
 89 # be allowed through the ChallengeResponseAuthentication and
 90 # PasswordAuthentication.  Depending on your PAM configuration,
 91 # PAM authentication via ChallengeResponseAuthentication may bypass
 92 # the setting of "PermitRootLogin without-password".
 93 # If you just want the PAM account and session checks to run without
 94 # PAM authentication, then enable this but set PasswordAuthentication
 95 # and ChallengeResponseAuthentication to 'no'.
 96 #UsePAM no
 97 UsePAM yes
 
 99 # Accept locale-related environment variables
100 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
101 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
102 AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
103 AcceptEnv XMODIFIERS
 
105 #AllowAgentForwarding yes
106 #AllowTcpForwarding yes
107 #GatewayPorts no
108 #X11Forwarding no
109 X11Forwarding yes                     #设置是否允许X11转发
110 #X11DisplayOffset 10
111 #X11UseLocalhost yes
112 #PrintMotd yes                         #设置sshd是否在用户登陆的时候显示/etc/motd文件的信息
113 #PrintLastLog yes
114 #TCPKeepAlive yes
115 #UseLogin no
116 #UsePrivilegeSeparation yes
117 #PermitUserEnvironment no
118 #Compression delayed
119 #ClientAliveInterval 0
120 #ClientAliveCountMax 3         #设置允许超时的次数(指定从客户端断开连接之前,在没有接到响应时能够发送客户端活跃消息的次数)
121 #ShowPatchLevel no
122 #UseDNS yes
123 #PidFile /var/run/sshd.pid
124 #MaxStartups 10:30:100           #指定SSH守护进程并未经身份验证连接的最大数量,默认值是10
125 #PermitTunnel no
126 #ChrootDirectory none
 
128 # no default banner path
129 #Banner none
 
131 # override default of no subsystems
132 Subsystem       sftp    /usr/libexec/openssh/sftp-server
 
134 # Example of overriding settings on a per-user basis
135 #Match User anoncvs
136 #       X11Forwarding no
137 #       AllowTcpForwarding no
138 #       ForceCommand cvs server
 
AllowGroups      #设置允许连接的组群
AllowUsers         #设置允许连接的用户
DenyGroup        #设置拒绝连接的组群
DenyUsers         #设置拒绝连接的用户(默认没有这个项,需要手动添加,若模式写成User@Host,则User和Host将同时被检查,限制特定用户在特定主机上连接SSH服务器,例Tom@192.168.10.10,表示拒绝用户Tom在192.168.10.10的主机上连接openSSH服务器
View Code

 

2、服务器配置实例
某公司内部部署OpenSSH服务器,为公司网络内的客户端计算机提供远程SSH登陆服务,具体参数:
服务器IP:192.168.0.2
监听端口:22
不允许空口令用户登陆
禁止test用户登陆
修改sshd_config文件参数如下;
 
13Port 22
 15 ListenAddress   192.168.0.2
 21 Protocol 2
 36 SyslogFacility AUTHPRIV
 65 #PermitEmptyPasswords no    
 66 PasswordAuthentication yes
DenyUsers   test
 70 ChallengeResponseAuthentication no
 81 GSSAPIAuthentication yes
 83 GSSAPICleanupCredentials yes
  97 UsePAM yes
100 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
101 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
102 AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
103 AcceptEnv XMODIFIERS
109 X11Forwarding yes                     #设置是否允许X11转发
132 Subsystem       sftp    /usr/libexec/openssh/sftp-server
View Code

 

  3、控制SSH服务                                           
[root@vnc Packages]# vim /etc/ssh/
moduli                ssh_host_dsa_key      ssh_host_key.pub      
ssh_config            ssh_host_dsa_key.pub  ssh_host_rsa_key      
sshd_config           ssh_host_key          ssh_host_rsa_key.pub 
ssh_config             客户端配置文件
sshd_config           服务器配置文件

 

控制sshd服务
# service  sshd  start
# service  sshd  status
# service  sshd  stop   restart
# service sshd   reload 重新加载sshd服务配置
# chkconfig sshd on    开机自启动
# chkconfig  --list  sshd  
四、配置Linux客户端软件
1、安装软件包
光盘或yum安装openssh和openssh-clients软件包
客户端配置文件ssh_config
# Host *                                                                只对匹配后面字符串的计算机有效,* 表示所有计算机
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
Host *
GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
SendEnv XMODIFIERS
View Code
2、ssh远程登录程序
ssh  [选项]   [用户]@主机[命令]
注意:设置好防火墙和SELinux,如果客户端无法连接,很多情况是这里出的问题
 
登录时不指定用户名,在本地服务器上的登陆名就会被传递给远程主机;
$ ssh 192.168.175.134
若希望指定不同用户名,用下面的命令:
例:2.1、以用户vn登陆到IP为192.168.175.138的用户
# ssh vn@192.168.175.138 
 
例:登陆并查看目录信息
# ssh root@192.168.175.138 ls -ahl /home
 
3、scp安全远程文件复制程序
命令的语法:
scp  [选项]  [[用户@主机1:]]文件1   [[用户@主机2:]文件2

例子1:用vn账户将本地/home目录下的update.sh文件传到192.168.175.138主机;/root目录下,同时更名为u.sh
[vn@vn /]$ whoami
vn                  当前用户名
[vn@vn /]$ scp /home/update.sh root@192.168.175.138:/root/u.sh
 
例子2:用vn账户把/home及其目录下所有文件和子目录都传送到远程主机/root/test目录下:
[vn@vn /]$ scp -r /home root@192.168.175.138:/root/test
root@192.168.175.138's password:              //输入密码
[vn@vn /]$ ssh root@192.168.175.138 ls -ld /root/test/home            //这里可以查看传送的文件
root@192.168.175.138's password:
drwxr-xr-x. 3 root root 4096 7月   1 21:10 /root/test/home
 
例子3:将远程主机上/root/test/home目录及其子目录传送到本地主机/root目录下
[root@vn vn]# scp -r root@192.168.175.138:/root/test/home /root
root@192.168.175.138's password: 
[root@vn vn]# ls -ld /root/home/
drwxr-xr-x. 3 root root 4096 7月   1 13:22 /root/home/ 
4、sftp安全的文件传输程序
命令语法:
sftp  [选项]主机
sftp  [用户@]主机[:文件]
sftp  [用户@]主机[:dir[/]]
sftp  [选项][用户@]主机
例子:
[root@vn vn]# scp -r root@192.168.175.138:/root/test/home /root
root@192.168.175.138's password: 
[root@vn vn]# ls -ld /root/home/
drwxr-xr-x. 3 root root 4096 7月   1 13:22 /root/home/

sftp> help                                             一些命令

Available commands:
bye                                Quit sftp
cd path                            Change remote directory to 'path'
chgrp grp path                     Change group of file 'path' to 'grp'
chmod mode path                    Change permissions of file 'path' to 'mode'
chown own path                     Change owner of file 'path' to 'own'
df [-hi] [path]                    Display statistics for current directory or
                                   filesystem containing 'path'
exit                               Quit sftp
get [-P] remote-path [local-path]  Download file
help                               Display this help text
lcd path                           Change local directory to 'path'
lls [ls-options [path]]            Display local directory listing
lmkdir path                        Create local directory
ln oldpath newpath                 Symlink remote file
lpwd                               Print local working directory
ls [-1aflnrSt] [path]              Display remote directory listing
lumask umask                       Set local umask to 'umask'
mkdir path                         Create remote directory
progress                           Toggle display of progress meter
put [-P] local-path [remote-path]  Upload file
pwd                                Display remote working directory
quit                               Quit sftp
rename oldpath newpath             Rename remote file
rm path                            Delete remote file
rmdir path                         Remove remote directory
symlink oldpath newpath            Symlink remote file
version                            Show SFTP version
!command                           Execute 'command' in local shell
!                                  Escape to local shell
?                                  Synonym for help
sftp> 
View Code
五、Windows客户端
putty或Xshell
 
六、OpenSSH服务器高级配置:
1、禁止root用户ssh登陆
编辑配置文件:
[root@computer ~]# vim /etc/ssh/sshd_config 
将#PermitRootLogin yes  去掉注释,将yes更改为no
 
重启ssh服务:
[root@computer ~]# service sshd restart
 
测试:
[root@vn ~]# ssh root@192.168.175.138
root@192.168.175.138's password: 
Permission denied, please try again.            //连接被拒绝
 
2、创建SSH认证秘钥
ssh-keygen命令可以生成、管理和转换SSH认证秘钥,使用SSH v1创建RSA秘钥,使用SSH v2创建RSA或DSA秘钥。-t指定生成类型,默认为SSH v2连接的RSA秘钥。
命令语法:
ssh-kengen [选项]
 
[ root@computer ~]# ssh-keygen help
Too many arguments.
usage: ssh-keygen [options]
Options:
  -a trials   Number of trials for screening DH-GEX moduli.
  -B          Show bubblebabble digest of key file.
  -b bits     Number of bits in the key to create.
  -C comment  Provide new comment.
  -c          Change comment in private and public key files.
  -D pkcs11   Download public key from pkcs11 token.
  -e          Convert OpenSSH to RFC 4716 key file.
  -F hostname Find hostname in known hosts file.
  -f filename Filename of the key file.
  -G file     Generate candidates for DH-GEX moduli.
  -g          Use generic DNS resource record format.
  -H          Hash names in known_hosts file.
  -h          Generate host certificate instead of a user certificate.
  -I key_id   Key identifier to include in certificate.
  -i          Convert RFC 4716 to OpenSSH key file.
  -L          Print the contents of a certificate.
  -l          Show fingerprint of key file.
  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.
  -N phrase   Provide new passphrase.
  -O option   Specify a certificate option.
  -P phrase   Provide old passphrase.
  -p          Change passphrase of private key file.
  -q          Quiet.
  -R hostname Remove host from known_hosts file.
  -r hostname Print DNS resource record.
  -S start    Start point (hex) for generating DH-GEX moduli.
  -s ca_key   Certify keys with CA key.
  -T file     Screen candidates for DH-GEX moduli.
  -t type     Specify type of key to create.
  -V from:to  Specify certificate validity interval.
  -v          Verbose.
  -W gen      Generator to use for generating DH-GEX moduli.
  -y          Read private key file and print public key.
  -Z name,... User/host principal names to include in certificate
  -z serial   Specify a serial number.
View Code

例1、创建RSA秘钥
[ root@computer ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):                 //直接回车,使用默认文件保存秘钥
Created directory '/root/.ssh'.                                     
Enter passphrase (empty for no passphrase):               //输入秘钥保护密码
Enter same passphrase again:                                        //再次输入秘钥保护密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
04:5f:46:79:4a:7a:9d:5a:fb:64:29:57:c7:28:97:b9 root@computer
The key's randomart image is:
+--[ RSA 2048]----+
|      .  .+.     |
|       o oo .    |
|        oo + . = |
|       .. o = = +|
|        S. o + +.|
|          . o E  |
|             *   |
|              .  |
|                 |
+-----------------+
View Code
例2、显示主机的公钥文件的SSHFP指纹资源记录
[root@computer ~]# ssh-keygen -r rhel
rhel IN SSHFP 1 1 38b3bd45ce295040ebb21a415f5a4674e36c0389
rhel IN SSHFP 2 1 2cf544964ba9cba2c1135f5decc96dd92a897c1d
 
例3、创建ssh认证秘钥,指定秘钥文件为/root/.ssh/known_hosts
[ root@computer ~]# ssh-keygen -f /root/.ssh/known_hosts
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):               //输入秘钥保护密码
Enter same passphrase again:                                      //再次输入秘钥保护密码
Your identification has been saved in /root/.ssh/known_hosts.
Your public key has been saved in /root/.ssh/known_hosts.pub.
The key fingerprint is:
f8:b0:c0:8d:bd:1f:d3:c9:ae:e5:74:5f:08:ca:40:b9 root@computer
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|         .       |
|        o        |
|   . + o .       |
|    + = E   .    |
|     . = = o . . |
|      o + O . . .|
|       . B . . . |
|        o.o   .  |
+-----------------+
 
View Code
例4、创建DSA秘钥
[ root@computer ~]# ssh-keygen -d
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):              直接回车,使用默认文件保存秘钥
Enter passphrase (empty for no passphrase):                               使用秘钥保护密码
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
b0:fd:14:1d:79:f2:35:b4:a0:cb:ad:be:94:3c:d2:22 root@computer
The key's randomart image is:
+--[ DSA 1024]----+
|            .o.. |
|           .+.o.o|
|      .   ...+ o.|
|       +  ..o .  |
|      . S .o .   |
|         oo o    |
|       E o.B     |
|        . = .    |
|           o.    |
+-----------------+
View Code
 
七、使用秘钥认证方式连接OpenSSH服务器实例
服务器端:192.168.175.134 (hostname:   vn)
客户端:192.168.175.138 (hostname:  computer)
 
1、OpenSSH客户端配置
(1)、创建DSA秘钥
[ root@computer ~]# ssh-keygen -d
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Passphrases do not match.  Try again.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
72:83:0d:65:87:13:dc:e8:b2:2b:58:74:1d:7d:ba:34 root@computer
The key's randomart image is:
+--[ DSA 1024]----+
|       .+*.      |
|       o*.o .    |
|      .o o o     |
|    . o+o E      |
|   . .ooS. o     |
|    . .o ..      |
|   o   .         |
|  . . .          |
|     .           |
+-----------------+
View Code
查看 /root/.ssh目录下生成的公钥和私钥文件:
[root@computer ~]# ls /root/.ssh/id_dsa*
/root/.ssh/id_dsa  /root/.ssh/id_dsa.pub
安装公钥到OpenSSH服务器
[ root@computer ~]# ssh-copy-id -i ~/.ssh/id_dsa.pub 192.168.175.134
The authenticity of host '192.168.175.134 (192.168.175.134)' can't be established.
RSA key fingerprint is 5e:0c:e1:cc:35:16:a1:9b:22:d5:aa:2b:6d:7b:c3:07.
Are you sure you want to continue connecting (yes/no)? yes                                      同意连接
Warning: Permanently added '192.168.175.134' (RSA) to the list of known hosts.
root@192.168.175.134's password:                                                                                  输入主机192.168.175.134的root用户密码
Now try logging into the machine, with "ssh '192.168.175.134'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
View Code
2、OpenSSH服务器配置
(1)、修改配置文件
# vim /etc/ssh/sshd_config
 
 66 PasswordAuthentication no
 
(2)、重启服务
# service sshd restart
停止 sshd:                                                [确定]
正在启动 sshd:                                            [确定]
 
(3)、查看公钥(
[root@vn ~]# ls /root/.ssh/
authorized_keys  known_hosts
[root@vn ~]# cat /root/.ssh/authorized_keys  该文件的内容和OpenSSH客户端上的公钥文件是一致的

ssh-dss AAAAB3NzaC1kc3MAAACBAPuwIw7NDzwNXWaxG5rUsySBzqMlGRTBtAqXWmA2gUsPgJXuf8F0y+cqjCt6EnISp98dPbUR9UkkGOtnl627kDrW1Q/zT6S4Z4d9QT94zEYhXZ8u3OJsxHW8vru1wEdyPG0AmYHrZyBONUdw8vjOn2RX1pIZ3qaHTgwcxWPPNH43AAAAFQDYTPLsiarPPiE1D5dQ0RcmfySwjQAAAIEA3aULtXsmcoB71kgZxj6iRIZpz+t06EfnRaXZbTCY7BlFNF16bY/Fjub/fOD51nZN4q9kaxkDFD6P7z2kMDP47j+9BVHEJFlCixUr8RimYCDPLgE8KIQuyt5ymdZ8TaGUOt1Fz5YsJ1YsSpk09rl0jGjl+vaqVVaihsGmmZdHkskAAACAZnNOLCE+T9mQmR4MNQUNFCDm0uDE8aet1UEHdh1GyQjLy4LfU/u2vRin8w4/2rmq2/zNUHTVXvWed/FG1oQQxSwUfOFhDmyh3mjl7O+fk1qznexC/mPuO3p49dhkkCBECqYGK9ZjrpLojoM7bxvkHT1TU86N7wLJK/n37/VIiXE= root@computer
View Code
3、连接OpenSSH服务器
[root@computer ~]# ssh 192.168.175.134
Enter passphrase for key '/root/.ssh/id_dsa':                            输入秘钥保护密码
Last login: Fri Jul  3 10:46:13 2015 from 192.168.175.1
[root@vn ~]# ifconfig eth1|grep "inet addr"                            登陆服务器成功
          inet addr:192.168.175.134  Bcast:192.168.175.255  Mask:255.255.255.0

 

 

转载于:https://www.cnblogs.com/chinas/p/4637145.html

你可能感兴趣的:(运维,开发工具,shell)