Ubuntu 配置 SSH服务器

这两天在公司配置Linux服务器，需要用到ssh，记录下来配置过程备忘。

环境

os：Ubuntu 12.04

1.安装
服务器端：

sudo apt-get install ssh openssh-server ssh-import-id
客户端：
@linux:~$ sudo apt-get install openssh-client

2.配置
2.1.修改ssh端口
默认的ssh端口是22，太扎眼，建议改成别的端口，比如3301。
修改 /etc/ssh/sshd_config文件
将其中的

# port 22
改成
port 3301
改完要重启ssh服务

@linux:~$ sudo /etc/init.d/ssh restart

3.登录
一般的登录ssh服务器的方式有两种，一种是使用密码，还有一种是使用密钥文件登录。
3.1.使用密码登录

@linux:~$ ssh testuser@192.168.56.101 -p3301
testuser@192.168.56.101's password:
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic-pae i686)

* Documentation:  https://help.ubuntu.com/

System information as of Thu May 17 00:31:21 CST 2012

System load:  0.0               Processes:           73
  Usage of /:   9.1% of 19.18GB   Users logged in:     1
  Memory usage: 14%               IP address for eth0: 192.168.56.101
  Swap usage:   0%

Graph this data and manage this system at https://landscape.canonical.com/

Last login: Thu May 17 00:22:04 2012 from 192.168.56.1
看到类似这些信息就说明登录成功了。
这种方式比较简单，但安全性稍差。
3.2.公钥-私钥登录
首先在终端执行

@linux:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jim/.ssh/id_rsa):    
Enter passphrase (empty for no passphrase):  //这里需要输入你的passphrase密码，这个密码一会还要用到
Enter same passphrase again:
Your identification has been saved in /home/jim/.ssh/id_rsa.
Your public key has been saved in /home/jim/.ssh/id_rsa.pub.
The key fingerprint is:
b9:8f:4b:e4:a8:39:9d:57:df:cb:4e:6c:79:76:db:7f @linux
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|         .       |
|        S        |
|       + ..  . . |
|     ...+. . .= +|
|    .oo..o  .+.oE|
|    o. .o..  .+o=|
+-----------------+
@linux:~$
上传公钥

@linux:~$ ssh-copy-id "-p 3301 -i ~/.ssh/id_rsa.pub testuser@192.168.56.101"
Warning: Identity file ~/.ssh/id_rsa.pub not accessible: No such file or directory.
testuser@192.168.56.101's password:
Now try logging into the machine, with "ssh '-p 3301 -i ~/.ssh/id_rsa.pub testuser@192.168.56.101'", and check in:

~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

@linux:~$

程序提示你连接一下试试，照做吧

@linux:~$ ssh -p 3301 -i ~/.ssh/id_rsa.pub testuser@192.168.56.101
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic-pae i686)

* Documentation:  https://help.ubuntu.com/

System information as of Thu May 17 00:48:35 CST 2012

System load:  0.01              Processes:           73
  Usage of /:   9.1% of 19.18GB   Users logged in:     1
  Memory usage: 15%               IP address for eth0: 192.168.56.101
  Swap usage:   0%

Graph this data and manage this system at https://landscape.canonical.com/

Last login: Thu May 17 00:45:27 2012 from 192.168.56.1
testuser@demo-server:~$ exit
中间有个提示，让你输入先前的passphrase密码，只需要输入一次，以后就再也不用输入了。
ok，再登录一下试试，这次不导入公钥了v
@linux:~$ ssh testuser@192.168.56.101 -p 2201
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic-pae i686)

* Documentation:  https://help.ubuntu.com/

System information as of Thu May 17 00:49:08 CST 2012

System load:  0.06              Processes:           73
  Usage of /:   9.1% of 19.18GB   Users logged in:     1
  Memory usage: 15%               IP address for eth0: 192.168.56.101
  Swap usage:   0%

Graph this data and manage this system at https://landscape.canonical.com/