linux服务安装 -- SSH服务

1 什么是SSH?


SSH是指Secure Shell的缩写。

它是一个构建在应用层和传输层基础上的安全协议,为计算机是上的shell提供安全的传输和使用环境。利用SSH协议可以有效防止远程管理过程中信息泄露问题,还能够防止DNS欺骗和IP欺骗。

SSH可以对传输的数据进行压缩,从而加快传输速度。

SSH可以替换Telnet,还可以进行文件传输,替换ftp。


下面以centos6.5 为例,介绍如何安装,配置和使用SSH。为了操作方便,这里采用root登陆。


2 安装SSH服务


2.1 检查ssh是否已经安装

方式1:

[root@localhost ~]# rpm -qa|grep ssh
libssh2-1.4.2-1.el6.i686
openssh-5.3p1-94.el6.i686
openssh-askpass-5.3p1-94.el6.i686
openssh-server-5.3p1-94.el6.i686
openssh-clients-5.3p1-94.el6.i686

方式2:

[root@localhost ~]# ssh -version
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Bad escape character 'rsion'.


2.2 使用yum进行安装(必须可以连网)


查看一下和ssh相关的安装包


[root@localhost ~]# yum search ssh
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: ftp.tc.edu.tw
 * extras: mirror.bit.edu.cn
 * updates: ftp.tc.edu.tw
base                                                     | 3.7 kB     00:00     
extras                                                   | 3.3 kB     00:00     
updates                                                  | 3.4 kB     00:00     
=============================== N/S Matched: ssh ===============================
ksshaskpass.i686 : A KDE version of ssh-askpass with KWallet support
libssh2.i686 : A library implementing the SSH2 protocol
libssh2-devel.i686 : Development files for libssh2
libssh2-docs.i686 : Documentation for libssh2
openssh.i686 : An open source implementation of SSH protocol versions 1 and 2
openssh-askpass.i686 : A passphrase dialog for OpenSSH and X
openssh-clients.i686 : An open source SSH client applications
openssh-ldap.i686 : A LDAP support for open source SSH server daemon
openssh-server.i686 : An open source SSH server daemon
pam_ssh_agent_auth.i686 : PAM module for authentication with ssh-agent
trilead-ssh2.noarch : SSH-2 protocol implementation in pure Java
trilead-ssh2-javadoc.noarch : Javadoc for trilead-ssh2
jsch.noarch : Pure Java implementation of SSH2
python-paramiko.noarch : A SSH2 protocol library for python
python-twisted-conch.i686 : SSH and SFTP protocol implementation together with
                          : clients and servers

  Name and summary matches only, use "search all" for everything.


安装openssh


[root@localhost ~]# yum install -y openssh-*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: mirror.bit.edu.cn
 * extras: mirror.bit.edu.cn
 * updates: mirror.bit.edu.cn
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openssh.i686 0:5.3p1-94.el6 will be updated
---> Package openssh.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-askpass.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-askpass.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-clients.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-clients.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-ldap.i686 0:5.3p1-104.el6 will be installed
---> Package openssh-server.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-server.i686 0:5.3p1-104.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                 Arch         Version                Repository    Size
================================================================================
Installing:
 openssh-ldap            i686         5.3p1-104.el6          base          79 k
Updating:
 openssh                 i686         5.3p1-104.el6          base         274 k
 openssh-askpass         i686         5.3p1-104.el6          base          56 k
 openssh-clients         i686         5.3p1-104.el6          base         442 k
 openssh-server          i686         5.3p1-104.el6          base         320 k

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       4 Package(s)

Total download size: 1.1 M
Downloading Packages:
(1/5): openssh-5.3p1-104.el6.i686.rpm                    | 274 kB     00:00     
(2/5): openssh-askpass-5.3p1-104.el6.i686.rpm            |  56 kB     00:00     
(3/5): openssh-clients-5.3p1-104.el6.i686.rpm            | 442 kB     00:00     
(4/5): openssh-ldap-5.3p1-104.el6.i686.rpm               |  79 kB     00:00     
(5/5): openssh-server-5.3p1-104.el6.i686.rpm             | 320 kB     00:00     
--------------------------------------------------------------------------------
Total                                           527 kB/s | 1.1 MB     00:02     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : openssh-5.3p1-104.el6.i686                                   1/9
  Installing : openssh-ldap-5.3p1-104.el6.i686                              2/9
  Updating   : openssh-askpass-5.3p1-104.el6.i686                           3/9
  Updating   : openssh-clients-5.3p1-104.el6.i686                           4/9
  Updating   : openssh-server-5.3p1-104.el6.i686                            5/9
  Cleanup    : openssh-server-5.3p1-94.el6.i686                             6/9
  Cleanup    : openssh-clients-5.3p1-94.el6.i686                            7/9
  Cleanup    : openssh-askpass-5.3p1-94.el6.i686                            8/9
  Cleanup    : openssh-5.3p1-94.el6.i686                                    9/9
  Verifying  : openssh-ldap-5.3p1-104.el6.i686                              1/9
  Verifying  : openssh-askpass-5.3p1-104.el6.i686                           2/9
  Verifying  : openssh-5.3p1-104.el6.i686                                   3/9
  Verifying  : openssh-clients-5.3p1-104.el6.i686                           4/9
  Verifying  : openssh-server-5.3p1-104.el6.i686                            5/9
  Verifying  : openssh-clients-5.3p1-94.el6.i686                            6/9
  Verifying  : openssh-server-5.3p1-94.el6.i686                             7/9
  Verifying  : openssh-5.3p1-94.el6.i686                                    8/9
  Verifying  : openssh-askpass-5.3p1-94.el6.i686                            9/9

Installed:
  openssh-ldap.i686 0:5.3p1-104.el6                                             

Updated:
  openssh.i686 0:5.3p1-104.el6           openssh-askpass.i686 0:5.3p1-104.el6  
  openssh-clients.i686 0:5.3p1-104.el6   openssh-server.i686 0:5.3p1-104.el6   

Complete!


3 测试SSH服务


3.1 配置SSH服务


备份原始配置文件

[root@localhost ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori


修改配置文件

[root@localhost ~]# vim /etc/ssh/sshd_config


修改默认端口:


Port 52113
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::


禁止root远程登录

 #LoginGraceTime 2m
 PermitRootLogin no
 #PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10


禁止DNS:
UseDNS no
#UseDNS yes


不允许密码登录:

PermitEmptyPasswords no
#PermitEmptyPasswords no


检查是否修改正确

[root@localhost ~]# vimdiff /etc/ssh/sshd_config.ori /etc/ssh/sshd_config

3.2 启动SSH服务

[root@localhost ~]# service sshd start
Starting sshd:  

或                                                         [  OK  ]

[root@localhost ~]# /etc/init.d/sshd start
Starting sshd:  

                                                           [  OK  ]

如有需要,可以设为开机启动

[root@localhost ~]# chkconfig --level 35 sshd on

[root@localhost ~]# chkconfig --list sshd
sshd               0:off    1:off    2:off    3:on    4:off    5:on    6:off

3.3 使用SSH服务

下载SSH客户端tunnelier

http://www.bitvise.com/tunnelier


登录linux服务器

输入服务器ip,端口号 52113,输入账号和密码

(如果没有普通账号,可以通过useradd 命令来创建)

wKioL1RVrRPxzZFUAAQhoOOrrkE255.jpg

发现无法登录,这是由防火墙引起的,可以把防火墙先关掉再做尝试。

[root@localhost ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]

登录之后,你可以进行shell命令操作和文件传输操作。


wKiom1RVrQODnQTdAAEdNNQmNHE835.jpg

wKioL1RVrWLh_YzlAATnNy2wXSc654.jpg


如果你尝试使用root用户登录,将会授权失败:

wKioL1RVrw-TGLzLAATT9t8QvHI020.jpg

你可能感兴趣的:(linux,ssh服务)