CentOS7配置SSH服务
1. SSH配置1.1. 使用SSH服务更加安全[root@centos7 ~]# vi /etc/ssh/sshd_config
设置如下
PermitRootLogin no
PermitEmptyPasswords no
PasswordAuthentication yes
[root@centos7 ~]# systemctl restart sshd
1.2. 设置防火墙,允许SSH服务使用22/TCP[root@centos7 ~]# firewall-cmd --add-service=ssh –permanent
[root@centos7 ~]# firewall-cmd –reload
2. SSH文件传输2.1. 应用SCP进行文件远程复制2.1.1. 将本地文件复制到远程服务器[root@centos7 ~]$ scp ./test.txt root@192.168.1.102:~/
root@192.168.1.102\'s password:
test.txt 100% 10 0.0KB/s 00:00
2.1.2. 将远程服务器文件复制到本地[root@centos7 ~]$ scp root@192.168.1.102:/root/test.txt ./test.txt
root@192.168.1.102\'s password:
test.txt 100% 10 0.0KB/s 00:00
2.2. 应用SFTP进行文件远程复制[root@centos7 ~]$ sftp root@192.168.1.102
root@192.168.1.102\'s password:
Connected to 192.168.1.102.
sftp>
# show current directory on remote server
sftp> pwd
Remote working directory: /root
# show current directory on local server
sftp> !pwd
/root
# show files in current directory on FTP server
sftp> ls -l
drwxrwxr-x 2 root root 6 Jul 29 21:33 public_html
-rw-rw-r-- 1 root root 10 Jul 28 22:53 test.txt
# show files in current directory on local server
sftp> !ls -l
total 4
-rw-rw-r-- 1 redhat redhat 10 Jul 29 21:31 test.txt
# change directory
sftp> cd public_html
sftp> pwd
Remote working directory: /root/public_html
# upload a file to remote server
sftp> put test.txt redhat.txt
Uploading test.txt to /root/redhat.txt
test.txt 100% 10 0.0KB/s 00:00
sftp> ls -l
drwxrwxr-x 2 root root 6 Jul 29 21:33 public_html
-rw-rw-r-- 1 root root 10 Jul 29 21:39 redhat.txt
-rw-rw-r-- 1 root root 10 Jul 28 22:53 test.txt
# upload some files to remote server
sftp> put *.txt
Uploading test.txt to /root/test.txt
test.txt 100% 10 0.0KB/s 00:00
Uploading test2.txt to /root/test2.txt
test2.txt 100% 0 0.0KB/s 00:00
sftp> ls -l
drwxrwxr-x 2 root root 6 Jul 29 21:33 public_html
-rw-rw-r-- 1 root root 10 Jul 29 21:39 redhat.txt
-rw-rw-r-- 1 root root 10 Jul 29 21:45 test.txt
-rw-rw-r-- 1 root root 10 Jul 29 21:46 test2.txt
# download a file from remote server
sftp> get test.txt
Fetching /root/test.txt to test.txt
/root/test.txt 100% 10 0.0KB/s 00:00
# download some files from remote server
sftp> get *.txt
Fetching /root/redhat.txt to redhat.txt
/root/redhat.txt 100% 10 0.0KB/s 00:00
Fetching /root/test.txt to test.txt
/root/test.txt 100% 10 0.0KB/s 00:00
Fetching /root/test2.txt to test2.txt
/root/test2.txt 100% 10 0.0KB/s 00:00
# create a directory on remote server
sftp> mkdir testdir
sftp> ls -l
drwxrwxr-x 2 root root 6 Jul 29 21:33 public_html
-rw-rw-r-- 1 root root 10 Jul 29 21:39 redhat.txt
-rw-rw-r-- 1 root root 10 Jul 29 21:45 test.txt
-rw-rw-r-- 1 root root 10 Jul 29 21:46 test2.txt
drwxrwxr-x 2 root root 6 Jul 29 21:53 testdir
# delete a directory on remote server
sftp> rmdir testdir
rmdir ok, `testdir\' removed
sftp> ls -l
drwxrwxr-x 2 root root 6 Jul 29 21:33 public_html
-rw-rw-r-- 1 root root 10 Jul 29 21:39 redhat.txt
-rw-rw-r-- 1 root root 10 Jul 29 21:45 test.txt
-rw-rw-r-- 1 root root 10 Jul 29 21:46 test2.txt
# delete a file on remote server
sftp> rm test2.txt
Removing /root/test2.txt
sftp> ls -l
drwxrwxr-x 2 root root 6 Jul 29 21:33 public_html
-rw-rw-r-- 1 root root 10 Jul 29 21:39 redhat.txt
-rw-rw-r-- 1 root root 10 Jul 29 21:45 test.txt
# execute commands with "![command]"
sftp> !cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
...
...
redhat:x:1001:1001::/root:/bin/bash
# exit
sftp> quit
221 Goodbye.
3. SSH使用密钥对认证3.1. 给服务器用户创建密钥对[root@server1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory \'/root/.ssh\'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:r5uV45jQN9JPbbD0qiegffn+d2HPbKAZR1D8lrnwpqk root@server1.smartmap.com
The key\'s randomart image is:
+---[RSA 2048]----+
| o. |
| . . |
| . .o|
| ..oo|
| S o.o..|
| ..o o.=o* |
| .oo.O.o=O+o|
| ...X+=+= B|
| *ooE*..o.|
+----[SHA256]-----+
[root@server1 ~]# ll
total 4
-rw-------. 1 root root 1496 Oct 28 11:32 anaconda-ks.cfg
[root@server1 ~]# ls -la
total 28
dr-xr-x---. 3 root root 147 Oct 28 12:31 .
dr-xr-xr-x. 17 root root 244 Oct 28 11:54 ..
-rw-------. 1 root root 1496 Oct 28 11:32 anaconda-ks.cfg
-rw-------. 1 root root 326 Oct 28 11:54 .bash_history
-rw-r--r--. 1 root root 18 Dec 29 2013 .bash_logout
-rw-r--r--. 1 root root 176 Dec 29 2013 .bash_profile
-rw-r--r--. 1 root root 176 Dec 29 2013 .bashrc
-rw-r--r--. 1 root root 100 Dec 29 2013 .cshrc
drwx------ 2 root root 38 Oct 28 12:31 .ssh
-rw-r--r--. 1 root root 129 Dec 29 2013 .tcshrc
[root@server1 ~]# cd .ssh/
[root@server1 .ssh]# ll
total 8
-rw------- 1 root root 1679 Oct 28 12:31 id_rsa
-rw-r--r-- 1 root root 407 Oct 28 12:31 id_rsa.pub
[root@server1 .ssh]# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
[root@server1 .ssh]# chmod 600 ~/.ssh/authorized_keys