#############第九单元##############
1.ssh的key认证
#######生成key###########
[test@foundation0 ~]$ ssh-keygen ###生成公钥和私钥的工具
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):『enter』 ###指定加密字符保存文件,使用默认
Created directory '/home/test/.ssh'.
Enter passphrase (empty for no passphrase): ###密码,必须大于4位
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is: ###确认密码
a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| .*+ |
| +. o . |
| .. . E . |
| o + + * |
| S + * + |
| . * . o |
| . . |
| |
| |
+-----------------+
[test@foundation0 .ssh]$ pwd
/home/test/.ssh ###生成密钥存放位置
[test@foundation0 .ssh]$ ls
id_rsa id_rsa.pub ####id_rsa位私钥,id_rsa.pub位公钥
#####################使用key加密目标主机的目标用户############
[test@foundation0 ~]$ ssh-copy-id -i /home/test/.ssh/id_rsa.pub westos@172.25.254.100
The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.
ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
westos@172.25.254.100's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'westos@172.25.254.100'"
and check to make sure that only the key(s) you wanted were added.
ssh-copy-id ####上传key的工具
-i ####指定使用的公钥
/home/test/.ssh/id_rsa.pub #####使用公钥的名称
westos ####被管理的目标用户
172.25.254.100 ####被管理用户所在主机的ip
authorized_keys###此文件在目标用户加目录的.ssh中,这个文件就是目标用户被加密的标识,文件内容位公钥内容。
2.sshd服务的简单配置
vim /etc/ssh/sshd_config ###sshd服务的配置文件
48 PermitRootLogin yes|no ###是否允许root用户通过sshd的认证
78 PasswordAuthentication yes|no ###开启或关闭用户密码认证
AllowUsers student westos ###用户白名单,只允许在名单中出现的用户使用sshd服务
systemctl restart sshd ###从新加载配置
3.系统服务的控制
1)systemd
系统初始化程序,系统开始的第一个进程,pid为1
2)systemctl 命令
systemctl list-units ##列出当前系统服务的状态
systemctl list-unit-files ##列出服务的开机状态
systemctl status sshd ##查看指定服务的状态
systemctl stop sshd ##关闭指定服务
systemctl start sshd ##开启指定服务
systemctl enable sshd ##设定指定服务开机开启
systemctl disable sshd ##设定指定服务开机关闭
systemctl reload sshd ##是制定服务从新加载配置
systemctl list-dependencies sshd ##查看指定服务的依赖关系
systemctl mask sshd ##冻结指定服务
sustemctl unmask sshd ##启用服务
3)服务状态
systemctl status 服务名称
loaded ##系统服务已经初始化完成,加载过配置
active(running) ##服务正在被系统利用
active(exited) ##服务已经加载配置,等待被系统利用
active(waiting) ##服务等待被系统处理
inactive ##服务关闭
enabled ##服务开机启动
disabled ##服务开机不自启
static ##服务开机启动项不可被管理
failed ##系统配置错误
4.openssh-server
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
