远程管理服务器 ssh客户端工具使用 2(运维笔记)

远程管理服务器 ssh客户端工具使用 2(运维笔记)

将jumper-server的a.sh文件拷贝到server1 /tmp路径上

[root@jumper-server ~]# touch a.sh
[root@jumper-server ~]# ll
总用量 8
-rw-------. 1 root root 1752 412 05:48 anaconda-ks.cfg
-rw-r--r--  1 root root    0 413 14:31 a.sh

scp远程拷贝:

[root@jumper-server ~]# scp a.sh 121.199.54.222:/tmp #server1的ip地址
[email protected]'s password: 
a.sh                                                100%    0     0.0KB/s   00:00  

查看拷贝是否成功:

[root@server1 ~]# cd /tmp
[root@server1 tmp]# ll
total 4
-rw------- 1 root root    0 Apr  7 10:01 AliyunAssistClientSingleLock.lock
srwxr-xr-x 1 root root    0 Apr 11 14:27 aliyun_assist_service.sock
-rw-r--r-- 1 root root    0 Apr 13 14:33 a.sh

禁止root远程登录

查看22端口状态:

[root@server1 ~]# netstat -tlnp |grep 22
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1100/sshd  
[root@server1 ~]# netstat -npt |grep 22
tcp        0     36 172.20.207.39:22        123.138.15.66:33542     ESTABLISHED 10232/sshd: root@pt 
tcp        0      0 172.20.207.39:22        123.138.15.66:48109     ESTABLISHED 10371/sshd: root@pt 

查找sshd服务:

[root@server1 ~]# which sshd
/usr/sbin/sshd

查看所在软件包:

[root@server1 ~]# rpm -qf /usr/sbin/sshd
openssh-server-7.4p1-22.el7_9.x86_64

查看软件包文件:

[root@server1 ~]# rpm -ql openssh-server
/etc/pam.d/sshd
/etc/ssh/sshd_config  #配置文件
/etc/sysconfig/sshd  
/usr/lib/systemd/system/sshd-keygen.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd.socket
/usr/lib/systemd/system/[email protected]
/usr/lib64/fipscheck/sshd.hmac
/usr/libexec/openssh/sftp-server
/usr/sbin/sshd
/usr/sbin/sshd-keygen
/usr/share/man/man5/moduli.5.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd


禁止root远程登录主机

vim 进入配置文件:

[root@server1 ~]# vim  /etc/ssh/sshd_config  

修改这个:

PermitRootLogin no

改完配置文件重启服务

service sshd restart

更改sshd服务默认端口

线上生产服务器sshd服务不允许使用默认端口,防止黑客进入端口扫描

将默认22端口更改为10022

查看在当前服务器中10022端口是否被使用:

[root@server1 ~]# netstat -a |grep 10022

未显示说明未被使用

也可以进入/ect/services文件查看:

[root@server1 ~]# grep ssh  /etc/services
ssh             22/tcp                          # The Secure Shell (SSH) Protocol
ssh             22/udp                          # The Secure Shell (SSH) Protocol
x11-ssh-offset  6010/tcp                        # SSH X11 forwarding offset
ssh             22/sctp                 # SSH
sshell          614/tcp                 # SSLshell
sshell          614/udp                 #       SSLshell
netconf-ssh     830/tcp                 # NETCONF over SSH
netconf-ssh     830/udp                 # NETCONF over SSH
sdo-ssh         3897/tcp                # Simple Distributed Objects over SSH
sdo-ssh         3897/udp                # Simple Distributed Objects over SSH
snmpssh         5161/tcp                # SNMP over SSH Transport Model
snmpssh-trap    5162/tcp                # SNMP Notification over SSH Transport Model
tl1-ssh         6252/tcp                # TL1 over SSH
tl1-ssh         6252/udp                # TL1 over SSH
ssh-mgmt        17235/tcp               # SSH Tectia Manager
ssh-mgmt        17235/udp               # SSH Tectia Manager

[root@server1 ~]# grep "10022"  /etc/services

进入配置文件修改配置:


vim /etc/ssh/sshd_config
Port 10022
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

将端口号修改为10022

重启服务:

[root@server1 ~]# service sshd restart
Redirecting to /bin/systemctl restart sshd.service

切换一台主机,远程连接:


[root@jumper-server code]# ssh -lroot 121.199.54.222 #刚刚修改端口的主机
ssh: connect to host 121.199.54.222 port 22: Connection refused


不加端口默认使用22连接

更改端口则需要指定端口ssh连接

这里我使用的是云服务器,需要给服务器安全组添加授权端口才能使用新端口号登录远程主机

测试:

[root@jumper-server code]# ssh -lroot 121.199.54.222 -p10022

ssh: connect to host 121.199.54.222 port 10022: Connection refused
[root@jumper-server code]# 
[root@jumper-server code]# ssh -lroot 121.199.54.222 -p10022
[email protected]'s password: 
Last login: Thu Apr 13 17:05:23 2023 from 123.138.15.66

Welcome to Alibaba Cloud Elastic Compute Service !

成功登录!

你可能感兴趣的:(运维,服务器,运维,ssh)