第九單元總結(jié)

#############第九單元##############

1.ssh的key認(rèn)證

#######生成key###########

[test@foundation0 ~]$ ssh-keygen                                       ###生成公鑰和私鑰的工具

Generating public/private rsa key pair.

Enter file in which to save the key (/home/test/.ssh/id_rsa):『enter』 ###指定加密字符保存文件，使用默認(rèn)

Created directory '/home/test/.ssh'.

Enter passphrase (empty for no passphrase):                            ###密碼，必須大于4位

Enter same passphrase again:

Your identification has been saved in /home/test/.ssh/id_rsa.

Your public key has been saved in /home/test/.ssh/id_rsa.pub.

The key fingerprint is:                                                ###確認(rèn)密碼

a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com

The key's randomart p_w_picpath is:

+--[ RSA 2048]----+

|      .*+        |

|      +. o .     |

|     .. . E .    |

|       o + + *   |

|        S + * +  |

|       . * . o   |

|        . .      |

|                 |

|                 |

+-----------------+

[test@foundation0 .ssh]$ pwd

/home/test/.ssh                            ###生成密鑰存放位置

[test@foundation0 .ssh]$ ls

id_rsa  id_rsa.pub                    ####id_rsa位私鑰，id_rsa.pub位公鑰

#####################使用key加密目標(biāo)主機(jī)的目標(biāo)用戶############

[test@foundation0 ~]$  ssh-copy-id -i /home/test/.ssh/id_rsa.pub westos@172.25.254.100

The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Are you sure you want to continue connecting (yes/no)? yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

westos@172.25.254.100's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'westos@172.25.254.100'"

and check to make sure that only the key(s) you wanted were added.

ssh-copy-id                      ####上傳key的工具

-i                               ####指定使用的公鑰

/home/test/.ssh/id_rsa.pub       #####使用公鑰的名稱

westos                           ####被管理的目標(biāo)用戶

172.25.254.100                   ####被管理用戶所在主機(jī)的ip

authorized_keys###此文件在目標(biāo)用戶加目錄的.ssh中，這個(gè)文件就是目標(biāo)用戶被加密的標(biāo)識(shí)，文件內(nèi)容位公鑰內(nèi)容。

2.sshd服務(wù)的簡(jiǎn)單配置

vim /etc/ssh/sshd_config             ###sshd服務(wù)的配置文件

48 PermitRootLogin yes|no            ###是否允許root用戶通過(guò)sshd的認(rèn)證

78 PasswordAuthentication yes|no     ###開(kāi)啟或關(guān)閉用戶密碼認(rèn)證

AllowUsers student westos             ###用戶白名單，只允許在名單中出現(xiàn)的用戶使用sshd服務(wù)

systemctl restart sshd                ###從新加載配置

3.系統(tǒng)服務(wù)的控制

1）systemd

系統(tǒng)初始化程序，系統(tǒng)開(kāi)始的第一個(gè)進(jìn)程，pid為1

2）systemctl 命令

systemctl list-units          ##列出當(dāng)前系統(tǒng)服務(wù)的狀態(tài)

systemctl list-unit-files     ##列出服務(wù)的開(kāi)機(jī)狀態(tài)

systemctl status sshd         ##查看指定服務(wù)的狀態(tài)

systemctl stop sshd           ##關(guān)閉指定服務(wù)

systemctl start sshd          ##開(kāi)啟指定服務(wù)

systemctl enable sshd         ##設(shè)定指定服務(wù)開(kāi)機(jī)開(kāi)啟

systemctl disable sshd        ##設(shè)定指定服務(wù)開(kāi)機(jī)關(guān)閉

systemctl reload sshd         ##是制定服務(wù)從新加載配置

systemctl list-dependencies sshd  ##查看指定服務(wù)的依賴關(guān)系

systemctl mask sshd           ##凍結(jié)指定服務(wù)

sustemctl unmask sshd         ##啟用服務(wù)

3）服務(wù)狀態(tài)

systemctl     status          服務(wù)名稱

loaded                       ##系統(tǒng)服務(wù)已經(jīng)初始化完成，加載過(guò)配置

active（running）            ##服務(wù)正在被系統(tǒng)利用

active（exited）             ##服務(wù)已經(jīng)加載配置，等待被系統(tǒng)利用

active（waiting）            ##服務(wù)等待被系統(tǒng)處理

inactive                     ##服務(wù)關(guān)閉

enabled                      ##服務(wù)開(kāi)機(jī)啟動(dòng)

disabled                     ##服務(wù)開(kāi)機(jī)不自啟

static                       ##服務(wù)開(kāi)機(jī)啟動(dòng)項(xiàng)不可被管理

failed                       ##系統(tǒng)配置錯(cuò)誤

4.openssh-server