1 什麼是SSH?
SSH是指Secure Shell的縮寫。
它是一個建構在應用層和傳輸層基礎上的安全協定,為計算機是上的shell提供安全的傳輸和使用環境。利用SSH協定可以有效防止遠端管理過程中資訊洩露問題,還能夠防止DNS欺騙和IP欺騙。
SSH可以對傳輸的資料進行壓縮,進而加快傳輸速度。
SSH可以替換Telnet,還可以進行檔案傳輸,替換ftp。
下面以centos6.5 為例,介紹如何安裝,配置和使用SSH。為了操作友善,這裡采用root登陸。
2 安裝SSH服務
2.1 檢查ssh是否已經安裝
方式1:
[root@localhost ~]# rpm -qa|grep ssh
libssh2-1.4.2-1.el6.i686
openssh-5.3p1-94.el6.i686
openssh-askpass-5.3p1-94.el6.i686
openssh-server-5.3p1-94.el6.i686
openssh-clients-5.3p1-94.el6.i686
方式2:
[root@localhost ~]# ssh -version
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Bad escape character 'rsion'.
2.2 使用yum進行安裝(必須可以連網)
檢視一下和ssh相關的安裝包
[root@localhost ~]# yum search ssh
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: ftp.tc.edu.tw
* extras: mirror.bit.edu.cn
* updates: ftp.tc.edu.tw
base | 3.7 kB 00:00
extras | 3.3 kB 00:00
updates | 3.4 kB 00:00
=============================== N/S Matched: ssh ===============================
ksshaskpass.i686 : A KDE version of ssh-askpass with KWallet support
libssh2.i686 : A library implementing the SSH2 protocol
libssh2-devel.i686 : Development files for libssh2
libssh2-docs.i686 : Documentation for libssh2
openssh.i686 : An open source implementation of SSH protocol versions 1 and 2
openssh-askpass.i686 : A passphrase dialog for OpenSSH and X
openssh-clients.i686 : An open source SSH client applications
openssh-ldap.i686 : A LDAP support for open source SSH server daemon
openssh-server.i686 : An open source SSH server daemon
pam_ssh_agent_auth.i686 : PAM module for authentication with ssh-agent
trilead-ssh2.noarch : SSH-2 protocol implementation in pure Java
trilead-ssh2-javadoc.noarch : Javadoc for trilead-ssh2
jsch.noarch : Pure Java implementation of SSH2
python-paramiko.noarch : A SSH2 protocol library for python
python-twisted-conch.i686 : SSH and SFTP protocol implementation together with
: clients and servers
Name and summary matches only, use "search all" for everything.
安裝openssh
[root@localhost ~]# yum install -y openssh-*
* base: mirror.bit.edu.cn
* updates: mirror.bit.edu.cn
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package openssh.i686 0:5.3p1-94.el6 will be updated
---> Package openssh.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-askpass.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-askpass.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-clients.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-clients.i686 0:5.3p1-104.el6 will be an update
---> Package openssh-ldap.i686 0:5.3p1-104.el6 will be installed
---> Package openssh-server.i686 0:5.3p1-94.el6 will be updated
---> Package openssh-server.i686 0:5.3p1-104.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
Installing:
openssh-ldap i686 5.3p1-104.el6 base 79 k
Updating:
openssh i686 5.3p1-104.el6 base 274 k
openssh-askpass i686 5.3p1-104.el6 base 56 k
openssh-clients i686 5.3p1-104.el6 base 442 k
openssh-server i686 5.3p1-104.el6 base 320 k
Transaction Summary
Install 1 Package(s)
Upgrade 4 Package(s)
Total download size: 1.1 M
Downloading Packages:
(1/5): openssh-5.3p1-104.el6.i686.rpm | 274 kB 00:00
(2/5): openssh-askpass-5.3p1-104.el6.i686.rpm | 56 kB 00:00
(3/5): openssh-clients-5.3p1-104.el6.i686.rpm | 442 kB 00:00
(4/5): openssh-ldap-5.3p1-104.el6.i686.rpm | 79 kB 00:00
(5/5): openssh-server-5.3p1-104.el6.i686.rpm | 320 kB 00:00
--------------------------------------------------------------------------------
Total 527 kB/s | 1.1 MB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssh-5.3p1-104.el6.i686 1/9
Installing : openssh-ldap-5.3p1-104.el6.i686 2/9
Updating : openssh-askpass-5.3p1-104.el6.i686 3/9
Updating : openssh-clients-5.3p1-104.el6.i686 4/9
Updating : openssh-server-5.3p1-104.el6.i686 5/9
Cleanup : openssh-server-5.3p1-94.el6.i686 6/9
Cleanup : openssh-clients-5.3p1-94.el6.i686 7/9
Cleanup : openssh-askpass-5.3p1-94.el6.i686 8/9
Cleanup : openssh-5.3p1-94.el6.i686 9/9
Verifying : openssh-ldap-5.3p1-104.el6.i686 1/9
Verifying : openssh-askpass-5.3p1-104.el6.i686 2/9
Verifying : openssh-5.3p1-104.el6.i686 3/9
Verifying : openssh-clients-5.3p1-104.el6.i686 4/9
Verifying : openssh-server-5.3p1-104.el6.i686 5/9
Verifying : openssh-clients-5.3p1-94.el6.i686 6/9
Verifying : openssh-server-5.3p1-94.el6.i686 7/9
Verifying : openssh-5.3p1-94.el6.i686 8/9
Verifying : openssh-askpass-5.3p1-94.el6.i686 9/9
Installed:
openssh-ldap.i686 0:5.3p1-104.el6
Updated:
openssh.i686 0:5.3p1-104.el6 openssh-askpass.i686 0:5.3p1-104.el6
openssh-clients.i686 0:5.3p1-104.el6 openssh-server.i686 0:5.3p1-104.el6
Complete!
3 測試SSH服務
3.1 配置SSH服務
備份原始配置檔案
[root@localhost ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ori
修改配置檔案
[root@localhost ~]# vim /etc/ssh/sshd_config
修改預設端口:
Port 52113
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
禁止root遠端登入:
#LoginGraceTime 2m
PermitRootLogin no
#PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
禁止DNS:
UseDNS no
#UseDNS yes
不允許密碼登入:
PermitEmptyPasswords no
#PermitEmptyPasswords no
檢查是否修改正确
[root@localhost ~]# vimdiff /etc/ssh/sshd_config.ori /etc/ssh/sshd_config
3.2 啟動SSH服務
[root@localhost ~]# service sshd start
Starting sshd:
或 [ OK ]
[root@localhost ~]# /etc/init.d/sshd start
[ OK ]
如有需要,可以設為開機啟動
[root@localhost ~]# chkconfig --level 35 sshd on
[root@localhost ~]# chkconfig --list sshd
sshd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
3.3 使用SSH服務
下載下傳SSH用戶端tunnelier
http://www.bitvise.com/tunnelier
登入linux伺服器
輸入伺服器ip,端口号 52113,輸入賬号和密碼
(如果沒有普通賬号,可以通過useradd 指令來建立)
發現無法登入,這是由防火牆引起的,可以把防火牆先關掉再做嘗試。
[root@localhost ~]# /etc/init.d/iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
登入之後,你可以進行shell指令操作和檔案傳輸操作。
如果你嘗試使用root使用者登入,将會授權失敗: