创作不易,来了的客官点点关注,收藏,订阅一键三连❤
上期文章
Linux——万字总结用户与组的权限那些事儿!建议收藏!
目录
SSH原理
SSH基本概念
SSH算法
ssh配置文件(传递参数)
ssh_config与sshd_config
SSH的使用
查看SSH是否运行
查看哪些用户远程登录上本机
ubuntu远程连接centos
禁用远程连接
这些问题你解决了吗?
sshd服务关闭之后,还能远程连接吗?
如何查看远程登陆失败的用户?
如何加固ssh服务?
练习
SSH 为 Secure Shell 的缩写,由 IETF 的网络小组(Network Working Group)所制定;SSH 为建立在应用层基础上的安全协议。
SSH 是较可靠,专为远程登录会话和其他网络服务提供安全性的协议。利用 SSH 协议可以有效防止远程管理过程中的信息泄露问题。
运行的sshd进程会监听22号端口(tcp),提供远程登陆服务,服务的内容:远程操作服务器。
SSH最初是UNIX系统上的一个程序,后来又迅速扩展到其他操作平台。SSH在正确使用时可弥补网络中的漏洞。
SSH客户端适用于多种平台。几乎所有UNIX平台—包括HP-UX、Linux、AIX、Solaris、Digital UNIX、Irix,以及其他平台,都可运行SSH。
注:早期的远程控制服务协议为talent,由于在网络上是明文的,不安全。
SSH基于公钥(pubey)加密(非对称加密)技术
[root@chaochao ~]# cd /etc/ssh
[root@chaochao ssh]# ls
moduli ssh_config.d ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
ssh_config sshd_config ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
[root@chaochao ssh]# cat ssh_host_ecdsa_key.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAhmtw87NC81AX+e4yFdIBQKuvvHNVVc5VQxv39+dVLFHWr/lZ27+VTfRAySXdgEwhodRrPCOQxZNTxb9RzhD3k=
公钥和私钥(private key)
什么时候需要使用公钥和私钥?
1.数据加密
2.数字签名
加密算法(相当于一个函数)
base64,哈希算法(md5sum),RSA、Elgamal、背包算法、Rabin、D-H、ECC(椭圆曲线加密算法)、 ECDSA
[root@chaochao ssh]# echo 123456|base64
MTIzNDU2Cg==
[root@chaochao ssh]# echo 123456|md5sum
f447b20a7fcbf53a5d5be013ea0b15af
[root@chaochao ~]# cd /etc/ssh
[root@chaochao ssh]# ls
moduli ssh_config.d ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key
ssh_config sshd_config ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub
ssh_config:客户机的
sshd_config:服务器的
命令1:rpm -qa|grep ssh
[root@chaochao ~]# rpm -qa|grep ssh
openssh-clients-8.0p1-5.el8.x86_64
libssh-config-0.9.4-2.el8.noarch
libssh-0.9.4-2.el8.x86_64
openssh-askpass-8.0p1-5.el8.x86_64
openssh-server-8.0p1-5.el8.x86_64
qemu-kvm-block-ssh-4.2.0-34.module_el8.3.0+555+a55c8938.x86_64
openssh-8.0p1-5.el8.x86_64
命令2(查看进程):ps aux|grep ssh
[root@chaochao ~]# ps aux|grep sshd # d-->demon ssh的守护进程
root 1769 0.0 1.3 163704 10452 ? Ss 10:21 0:00 sshd: root [priv]
root 1773 0.0 0.6 163704 5568 ? S 10:21 0:00 sshd: root@pts/0
root 1774 0.0 1.3 163704 10484 ? Ss 10:21 0:00 sshd: root [priv]
root 1791 0.0 0.6 163704 5576 ? S 10:21 0:00 sshd: root@notty
root 1802 0.0 0.6 47220 5024 ? Ss 10:21 0:00 /usr/libexec/openssh/sftp-server
root 1892 0.0 0.1 12324 992 pts/0 S+ 10:29 0:00 grep --color=auto ssh
②netstat -anplut|grep ssh
③lsof -i:22
[root@chaochao ~]# ss -anplut|grep ssh
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1022,fd=5))
tcp LISTEN 0 128 127.0.0.1:6010 0.0.0.0:* users:(("sshd",pid=1773,fd=15))
tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1022,fd=7))
tcp LISTEN 0 128 [::1]:6010 [::]:* users:(("sshd",pid=1773,fd=14))
[root@chaochao ~]# netstat -anplut|grep ssh
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1022/sshd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 1773/sshd: root@pts
tcp 0 0 192.168.2.7:22 192.168.2.6:62500 ESTABLISHED 1774/sshd: root [pr
tcp 0 36 192.168.2.7:22 192.168.2.6:62499 ESTABLISHED 1769/sshd: root [pr
tcp6 0 0 :::22 :::* LISTEN 1022/sshd
tcp6 0 0 ::1:6010 :::* LISTEN 1773/sshd: root@pts
[root@chaochao ~]# lsof -i:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 1022 root 5u IPv4 31017 0t0 TCP *:ssh (LISTEN)
sshd 1022 root 7u IPv6 31019 0t0 TCP *:ssh (LISTEN)
sshd 1769 root 5u IPv4 37144 0t0 TCP chaochao:ssh->192.168.2.6:62499 (ESTABLISHED)
sshd 1773 root 5u IPv4 37144 0t0 TCP chaochao:ssh->192.168.2.6:62499 (ESTABLISHED)
sshd 1774 root 5u IPv4 37297 0t0 TCP chaochao:ssh->192.168.2.6:62500 (ESTABLISHED)
sshd 1791 root 5u IPv4 37297 0t0 TCP chaochao:ssh->192.168.2.6:62500 (ESTABLISHED)
命令:w
Ubuntu命令:
lizhichao@chaochao:~$ ssh [email protected]
The authenticity of host '192.168.2.7 (192.168.2.7)' can't be established.
ECDSA key fingerprint is SHA256:kdKkg7NGrG4s4W+MUvM2ZSHsdUfXPwQ6arugFv/LV3Y.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.2.7' (ECDSA) to the list of known hosts.
[email protected]'s password:
Activate the web console with: systemctl enable --now cockpit.socket
centos查看:
[root@chaochao home]# w
15:19:49 up 3:05, 4 users, load average: 0.26, 0.08, 0.02
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root tty1 - 10:21 4:58m 0.04s 0.04s -bash
root pts/0 192.168.2.6 10:21 3:43m 0.09s 0.09s -bash
root pts/1 192.168.2.6 14:32 0.00s 0.05s 0.02s w
sc1 pts/2 192.168.2.6 15:19 3.00s 0.04s 0.04s -bash
方式一:编辑/etc/shadow,在对应的用户前加2个!
[root@chaochao home]# vim /etc/shadow
!!sc1:$6$WU/6hsay8JRFzaO1$CPgtheULosKacnRw/8FWnNdhWu5KMey18mpXFuvECCp2TwTilxrxumFoky2ZJpxKKsR5lEPknwLF8pfCQHVeE1:18844:0:99999:7:::
方式二
使用命令: kill -9 进程号
centos上:
[root@chaochao ~]# ps aux|grep bash #查看进程号
root 945 0.0 0.2 26296 2264 ? S 12:14 0:00 /bin/bash /usr/sbin/ksmtuned
root 3812 0.0 0.6 27736 5348 pts/0 Ss 15:30 0:00 -bash
sc1 3886 0.0 0.7 28524 5820 pts/1 Ss+ 15:30 0:00 -bash
root 3980 0.0 0.1 12324 972 pts/0 R+ 15:33 0:00 grep --color=auto bash
[root@chaochao ~]# kill -9 3886
[root@chaochao ~]# kill -9 3886
-bash: kill: (3886) - 没有那个进程
查看是否关闭成功
[sc1@chaochao ~]$ Connection to 192.168.2.7 closed.
lizhichao@chaochao:~$
关闭ssh服务之后,已经连接的远程ssh可以继续使用。
[root@chaochao ~]# ps aux|grep sshd
root 1769 0.0 1.3 163704 10444 ? Ss 12:14 0:00 sshd: root [priv]
root 1773 0.0 0.6 163704 5568 ? S 12:14 0:00 sshd: root@pts/0
root 1774 0.0 1.3 163704 10476 ? Ss 12:14 0:00 sshd: root [priv]
root 1791 0.0 0.6 163704 5576 ? S 12:14 0:00 sshd: root@notty
root 3807 0.0 1.2 163704 10376 ? Ss 15:30 0:00 sshd: root [priv]
root 3811 0.0 0.6 163704 5592 ? S 15:30 0:00 sshd: root@pts/0
root 3813 0.0 1.3 163704 10584 ? Ss 15:30 0:00 sshd: root [priv]
root 3829 0.0 0.6 163704 5536 ? S 15:30 0:00 sshd: root@notty
root 4017 0.0 1.3 163704 10656 ? Ss 15:36 0:00 sshd: sc1 [priv]
sc1 4043 0.0 0.7 163704 5792 ? S 15:36 0:00 sshd: sc1@pts/1
[root@chaochao ~]# systemctl stop sshd
[root@chaochao ~]# pstree -p
├─sshd(1769)───sshd(1773)
├─sshd(1774)───sshd(1791)───sftp-server(1802)
├─sshd(3807)───sshd(3811)───bash(3812)───pstree(4160)
├─sshd(3813)───sshd(3829)───sftp-server(3840)
├─sshd(4017)───sshd(4043)───bash(4044)
├─sssd(919)─┬─sssd_be(961)
│ └─sssd_nss(989)
命令:cat /var/log/secure|grep "Failed password"
[root@kafka01 home]# cat /var/log/secure|grep "Failed password"
Aug 13 21:09:38 kafka01 sshd[24916]: Failed password for root from 121.43.177.113 port 56516 ssh2
Aug 13 23:15:55 kafka01 sshd[25040]: Failed password for mysql from 182.254.156.93 port 36918 ssh2
Aug 14 05:08:25 kafka01 sshd[25518]: Failed password for ftp from 182.254.156.93 port 46560 ssh2
Aug 14 15:11:22 kafka01 sshd[26315]: Failed password for root from 113.246.77.152 port 21697 ssh2
Aug 14 15:11:30 kafka01 sshd[26315]: Failed password for root from 113.246.77.152 port 21697 ssh2
Aug 14 15:11:35 kafka01 sshd[26315]: Failed password for root from 113.246.77.152 port 21697 ssh2
方法一:禁止root用户远程登陆,进入/etc/shadow,在root前面加!!
方法二:设置复杂的密码
方法三:修改端口号
[root@firewall ssh]# vim /etc/ssh/sshd_config
Port 2299 修改sshd监听的端口号为2299
1.修改端口号,具体自定义
2.禁用root用户登录,新建一个普通的用户sc,并且设置密码
3.ssh远程登录,在其他的linux系统上或者windows上
4.查看日志
5.查看kown_hosts文件的内容
创作不易,客官点个赞吧!评论一下!一起加油❤