您好,登錄后才能下訂單哦!
#############第九單元##############
1.ssh的key認(rèn)證
#######生成key###########
[test@foundation0 ~]$ ssh-keygen ###生成公鑰和私鑰的工具
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):『enter』 ###指定加密字符保存文件,使用默認(rèn)
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase): ###密碼,必須大于4位
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is: ###確認(rèn)密碼
a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| .*+ |
| +. o . |
| .. . E . |
| o + + * |
| S + * + |
| . * . o |
| . . |
| |
| |
+-----------------+
[test@foundation0 .ssh]$ pwd
/home/test/.ssh ###生成密鑰存放位置
[test@foundation0 .ssh]$ ls
id_rsa id_rsa.pub ####id_rsa位私鑰,id_rsa.pub位公鑰
#####################使用key加密目標(biāo)主機(jī)的目標(biāo)用戶############
[test@foundation0 ~]$ ssh-copy-id -i /home/test/.ssh/id_rsa.pub westos@172.25.254.100
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
westos@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'westos@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
ssh-copy-id ####上傳key的工具
-i ####指定使用的公鑰
/home/test/.ssh/id_rsa.pub #####使用公鑰的名稱
westos ####被管理的目標(biāo)用戶
172.25.254.100 ####被管理用戶所在主機(jī)的ip
authorized_keys###此文件在目標(biāo)用戶加目錄的.ssh中,這個(gè)文件就是目標(biāo)用戶被加密的標(biāo)識(shí),文件內(nèi)容位公鑰內(nèi)容。
2.sshd服務(wù)的簡(jiǎn)單配置
vim /etc/ssh/sshd_config ###sshd服務(wù)的配置文件
48 PermitRootLogin yes|no ###是否允許root用戶通過(guò)sshd的認(rèn)證
78 PasswordAuthentication yes|no ###開(kāi)啟或關(guān)閉用戶密碼認(rèn)證
AllowUsers student westos ###用戶白名單,只允許在名單中出現(xiàn)的用戶使用sshd服務(wù)
systemctl restart sshd ###從新加載配置
3.系統(tǒng)服務(wù)的控制
1)systemd
系統(tǒng)初始化程序,系統(tǒng)開(kāi)始的第一個(gè)進(jìn)程,pid為1
2)systemctl 命令
systemctl list-units ##列出當(dāng)前系統(tǒng)服務(wù)的狀態(tài)
systemctl list-unit-files ##列出服務(wù)的開(kāi)機(jī)狀態(tài)
systemctl status sshd ##查看指定服務(wù)的狀態(tài)
systemctl stop sshd ##關(guān)閉指定服務(wù)
systemctl start sshd ##開(kāi)啟指定服務(wù)
systemctl enable sshd ##設(shè)定指定服務(wù)開(kāi)機(jī)開(kāi)啟
systemctl disable sshd ##設(shè)定指定服務(wù)開(kāi)機(jī)關(guān)閉
systemctl reload sshd ##是制定服務(wù)從新加載配置
systemctl list-dependencies sshd ##查看指定服務(wù)的依賴關(guān)系
systemctl mask sshd ##凍結(jié)指定服務(wù)
sustemctl unmask sshd ##啟用服務(wù)
3)服務(wù)狀態(tài)
systemctl status 服務(wù)名稱
loaded ##系統(tǒng)服務(wù)已經(jīng)初始化完成,加載過(guò)配置
active(running) ##服務(wù)正在被系統(tǒng)利用
active(exited) ##服務(wù)已經(jīng)加載配置,等待被系統(tǒng)利用
active(waiting) ##服務(wù)等待被系統(tǒng)處理
inactive ##服務(wù)關(guān)閉
enabled ##服務(wù)開(kāi)機(jī)啟動(dòng)
disabled ##服務(wù)開(kāi)機(jī)不自啟
static ##服務(wù)開(kāi)機(jī)啟動(dòng)項(xiàng)不可被管理
failed ##系統(tǒng)配置錯(cuò)誤
4.openssh-server
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。