基于口令的验证——用账户和密码来验证登录
基于密钥的验证——需要在本地生成密钥对,然后把密钥对中的公钥上传至服务器,并与服务器中的公钥进行比较
| 参数 | 作用 |
|---|---|
| Port-22 | 默认的sshd服务端口 |
| ListenAddress-0.0.0.0 | 设定sshd服务器监听的IP地址 |
| Protocol-2 | SSH协议的版本号 |
| HostKey-/etc/ssh/sshhostkey | SSH协议版本为1时,DES私钥存放的位置 |
| HostKey-/etc/ssh/sshhostrsa_key | SSH协议版本为2时,RSA私钥存放的位置 |
| HostKey-/etc/ssh/sshhostdsa_key | SSH协议版本为2时,DSA私钥存放的位置 |
| PermitRootLogin-yes | 设定是否允许root管理员直接登录 |
| StrictModes-yes | 当远程用户的私钥改变时直接拒绝连接 |
| MaxAuthTries-6 | 最大密码尝试次数 |
| MaxSessions-10 | 最大终端数 |
| PasswordAuthentication-yes | 是否允许密码验证 |
| PermitEmptyPasswords-no | 是否允许空密码登录(很不安全) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80ssh 192.168.10.20 The authenticity of host '192.168.10.20 (192.168.10.20)' can't be established. ECDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.10.20' (ECDSA) to the list of known hosts. root@192.168.10.20's password:此处输入远程主机root管理员的密码 Last login: Wed Apr 15 15:54:21 2017 from 192.168.10.10 exit logout Connection to 192.168.10.10 closed. vim /etc/ssh/sshd_config ………………省略部分输出信息……………… 46 47 #LoginGraceTime 2m 48 PermitRootLogin no 49 #StrictModes yes 50 #MaxAuthTries 6 51 #MaxSessions 10 52 ………………省略部分输出信息……………… systemctl restart sshd systemctl enable sshd ssh 192.168.10.10 root@192.168.10.10's password:此处输入远程主机root管理员的密码 Permission denied, please try again. #生成密钥对 ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa):按回车键或设置密钥的存储路径 Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): 直接按回车键或设置密钥的密码 Enter same passphrase again: 再次按回车键或设置密钥的密码 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 40:32:48:18:e4:ac:c0:c3:c1:ba:7c:6c:3a:a8:b5:22 root@linuxprobe.com The key's randomart image is: +--[ RSA 2048]----+ |+*..o . | |*.o + | |o* . | |+ . . | |o.. S | |.. + | |. = | |E+ . | |+.o | +-----------------+ ssh-copy-id 192.168.10.10 The authenticity of host '192.168.10.20 (192.168.10.10)' can't be established. ECDSA key fingerprint is 4f:a7:91:9e:8d:6f:b9:48:02:32:61:95:48:ed:1e:3f. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.10.10's password:此处输入远程服务器密码 Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.10.10'" and check to make sure that only the key(s) you wanted were added. vim /etc/ssh/sshd_config ………………省略部分输出信息……………… 74 75 # To disable tunneled clear text passwords, change to no here! 76 #PasswordAuthentication yes 77 #PermitEmptyPasswords no 78 PasswordAuthentication no 79 ………………省略部分输出信息……………… systemctl restart sshd ssh 192.168.10.10 Last login: Mon Apr 13 19:34:13 2017
Copyright ©2010-2022 比特日记 All Rights Reserved.