1 什么是SSH?
SSH是指Secure Shell的缩写。
它是一个构建在应用层和传输层基础上的安全协议,为计算机是上的shell提供安全的传输和使用环境。利用SSH协议可以有效防止远程管理过程中信息泄露问题,还能够防止DNS欺骗和IP欺骗。
SSH可以对传输的数据进行压缩,从而加快传输速度。
SSH可以替换Telnet,还可以进行文件传输,替换ftp。
下面以centos6.5 为例,介绍如何安装,配置和使用SSH。为了操作方便,这里采用root登陆。
2 安装SSH服务
2.1 检查ssh是否已经安装
方式1:
[root@localhost ~]# rpm -qa|grep ssh
libssh2-1.4.2-1.el6.i686
openssh-5.3p1-94.el6.i686
openssh-askpass-5.3p1-94.el6.i686
openssh-server-5.3p1-94.el6.i686
openssh-clients-5.3p1-94.el6.i686
方式2:
[root@localhost ~]# ssh -version
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Bad escape character 'rsion'.
2.2 使用yum进行安装(必须可以连网)
查看一下和ssh相关的安装包
[root@localhost ~]# yum search ssh
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ftp.tc.edu.tw
* extras: mirror.bit.edu.cn
* updates: ftp.tc.edu.tw
base | 3.7 kB 00:00
extras | 3.3 kB 00:00
updates | 3.4 kB 00:00
=============================== N/S Matched: ssh ===============================
ksshaskpass.i686 : A KDE version of ssh-askpass with KWallet support
libssh2.i686 : A library implementing the SSH2 protocol
libssh2-devel.i686 : Development files for libssh2
libssh2-docs.i686 : Documentation for libssh2
openssh.i686 : An open source implementation of SSH protocol versions 1 and 2
openssh-askpass.i686 : A passphrase dialog for OpenSSH and X
openssh-clients.i686 : An open source SSH client applications
openssh-ldap.i686 : A LDAP support for open source SSH server daemon
openssh-server.i686 : An open source SSH server daemon
pam_ssh_agent_auth.i686 : PAM module for authentication with ssh-agent
trilead-ssh2.noarch : SSH-2 protocol implementation in pure Java
trilead-ssh2-javadoc.noarch : Javadoc for trilead-ssh2
jsch.noarch : Pure Java implementation of SSH2
python-paramiko.noarch : A SSH2 protocol library for python
python-twisted-conch.i686 : SSH and SFTP protocol implementation together with
: clients and servers
Name and summary matches only, use "search all" for everything.
安装openssh
[root@localhost ~]# yum install -y openssh-*
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: mirror.bit.edu.cn
* extras: mirror.bit.edu.cn
* updates: mirror.bit.edu.cn
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openssh.i686 0:5.3p1-94.el6 will be updated
---> Package openssh.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-askpass.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-askpass.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-clients.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-clients.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-ldap.i686 0:5.3p1-104.el6 will be installed
---> Package openssh-server.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-server.i686 0:5.3p1-104.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
openssh-ldap i686 5.3p1-104.el6 base 79 k
Updating:
openssh i686 5.3p1-104.el6 base 274 k
openssh-askpass i686 5.3p1-104.el6 base 56 k
openssh-clients i686 5.3p1-104.el6 base 442 k
openssh-server i686 5.3p1-104.el6 base 320 k
Transaction Summary
================================================================================
Install 1 Package(s)
Upgrade 4 Package(s)
Total download size: 1.1 M
Downloading Packages:
(1/5): openssh-5.3p1-104.el6.i686.rpm | 274 kB 00:00
(2/5): openssh-askpass-5.3p1-104.el6.i686.rpm | 56 kB 00:00
(3/5): openssh-clients-5.3p1-104.el6.i686.rpm | 442 kB 00:00
(4/5): openssh-ldap-5.3p1-104.el6.i686.rpm | 79 kB 00:00
(5/5): openssh-server-5.3p1-104.el6.i686.rpm | 320 kB 00:00
--------------------------------------------------------------------------------
Total 527 kB/s | 1.1 MB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssh-5.3p1-104.el6.i686 1/9
Installing : openssh-ldap-5.3p1-104.el6.i686 2/9
Updating : openssh-askpass-5.3p1-104.el6.i686 3/9
Updating : openssh-clients-5.3p1-104.el6.i686 4/9
Updating : openssh-server-5.3p1-104.el6.i686 5/9
Cleanup : openssh-server-5.3p1-94.el6.i686 6/9
Cleanup : openssh-clients-5.3p1-94.el6.i686 7/9
Cleanup : openssh-askpass-5.3p1-94.el6.i686 8/9
Cleanup : openssh-5.3p1-94.el6.i686 9/9
Verifying : openssh-ldap-5.3p1-104.el6.i686 1/9
Verifying : openssh-askpass-5.3p1-104.el6.i686 2/9
Verifying : openssh-5.3p1-104.el6.i686 3/9
Verifying : openssh-clients-5.3p1-104.el6.i686 4/9
Verifying : openssh-server-5.3p1-104.el6.i686 5/9
Verifying : openssh-clients-5.3p1-94.el6.i686 6/9
Verifying : openssh-server-5.3p1-94.el6.i686 7/9
Verifying : openssh-5.3p1-94.el6.i686 8/9
Verifying : openssh-askpass-5.3p1-94.el6.i686 9/9
Installed:
openssh-ldap.i686 0:5.3p1-104.el6
Updated:
openssh.i686 0:5.3p1-104.el6 openssh-askpass.i686 0:5.3p1-104.el6
openssh-clients.i686 0:5.3p1-104.el6 openssh-server.i686 0:5.3p1-104.el6
Complete!
3 测试SSH服务
3.1 配置SSH服务
备份原始配置文件
[root@localhost ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori
修改配置文件
[root@localhost ~]# vim /etc/ssh/sshd_config
修改默认端口:
Port 52113
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
禁止root远程登录:
#LoginGraceTime 2m
PermitRootLogin no
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
禁止DNS:
UseDNS no
#UseDNS yes
不允许密码登录:
PermitEmptyPasswords no
#PermitEmptyPasswords no
检查是否修改正确
[root@localhost ~]# vimdiff /etc/ssh/sshd_config.ori /etc/ssh/sshd_config
3.2 启动SSH服务
[root@localhost ~]# service sshd start
Starting sshd:
或 [ OK ]
[root@localhost ~]# /etc/init.d/sshd start
Starting sshd:
[ OK ]
如有需要,可以设为开机启动
[root@localhost ~]# chkconfig --level 35 sshd on
[root@localhost ~]# chkconfig --list sshd
sshd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
3.3 使用SSH服务
下载SSH客户端tunnelier
http://www.bitvise.com/tunnelier
登录linux服务器
输入服务器ip,端口号 52113,输入账号和密码
(如果没有普通账号,可以通过useradd 命令来创建)
发现无法登录,这是由防火墙引起的,可以把防火墙先关掉再做尝试。
[root@localhost ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
登录之后,你可以进行shell命令操作和文件传输操作。
如果你尝试使用root用户登录,将会授权失败: