SSH协议:安全外壳协议。为Secure Shell 缩写。SSH为建立在应用层和传输层基础上的安全协议。

 
1、检查SSH服务端安装情况
  1. [root@rhel6_84 ~]# rpm -qpi /mnt/Packages/openssh-server-5.3p1-94.el6.x86_64.rpm #rpm -qpi packetname 查看安装包的内容
  2. ~]# rpm -qa |grep openssh #检查ssh安装情况。如果没有使用rpm安装一遍。
  3. openssh-5.3p1-94.el6.x86_64
  4. openssh-clients-5.3p1-94.el6.x86_64
  5. openssh-askpass-5.3p1-94.el6.x86_64
  6. openssh-server-5.3p1-94.el6.x86_64
 
2、启动SSHD服务
  1. [root@rhel-6 ~]# service sshd start
  2. [root@rhel-6 ~]# /etc/init.d/sshd start #绝对路径方式启动
  3. [root@rhel-6 ~]# chkconfig sshd on #设置sshd服务开机自启 on自启 off关闭自启
    [root@rhel-6 ~]# chkconfig --list sshd #检查开机自启情况
    sshd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
 
3、客户端保存的密钥
  1. [~]# cat .ssh/known_hosts #查看本机保存的服务端的密钥。
  2. 192.168.3.81 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCzit8dq4s0xZCk1Gme5GJfYaWZzYHW37KHMfpaU7Fc2/npmJpHpufXGiYR+h9bAR6DBJvDzp5Mr/nmoaOxLb9WH4dsD9ZyLVTLzp3gaFpk9Fc7B8VRznIgveRYmIue146DoU3+Hjt7DWA19Cg4vxGZih/RekhmUgwEbKmxoC1KW6Qm6Aqd+F5oNIdign8KtFaIMzE4cNcL6YEb1wdYTk3fdUWhUip0Fir3sej9zjrGdCCA3HPxuPbsPE+3yaQ975yfelKRHI/DUpsKegQHK88RtfElLnDOVgle/yne8vsvDgnB1JYKZTGu8XuHG+vGwQAR+E2AelQcQDVFZ0+eJ+T
 
4、SSHD服务配置文件
  1. [root@rhel6_84 ~]# cp /etc/ssh/sshd_config{,.back} #修改前备份此配置文件
  2. [root@rhel6_84 ~]# ls /etc/ssh/
    moduli ssh_config sshd_config sshd_config.back ssh_host_dsa_key
  3. [root@rhel6_84 ~]# cat -n /etc/ssh/sshd_config
  4. #Port 22 #端口,默认是22,最好修改为其它
  5. [root@rhel6_84 ~]# netstat -anptu |grep ssh #修改好后,查看ssh服务是否正常监听新端口(222)
    tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2597/sshd
    tcp 0 0 0.0.0.0: 0.0.0.0:* LISTEN 2765/sshd
    tcp 0 52 192.168.3.84:22 192.168.3.130:57537 ESTABLISHED 2597/sshd
    tcp 0 0 ::1:6010 :::* LISTEN 2597/sshd
    tcp 0 0 :::222 :::* LISTEN 2765/sshd
 
5、新端口ssh连接
  1. root@192.168.3.84 #加上-p参数 指定222端口 连接新服务器
 
6、SSHD配置文件详解
  1. # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
  2. # This is the sshd server system-wide configuration file. See
  3. # sshd_config(5) for more information.
  4. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin #ssh所执行的bash目录
  5. # The strategy used for options in the default sshd_config shipped with
  6. # OpenSSH is to specify options with their default value where
  7. # possible, but leave them commented. Uncommented options change a
  8. # default value.
  9. Port222 #ssh服务端口号
  10. #AddressFamily any
  11. #ListenAddress 0.0.0.0
  12. #ListenAddress ::
  13. # Disable legacy (protocol version 1) support in the server for new
  14. # installations. In future the default will change to require explicit
  15. # activation of protocol 1
  17. # HostKey for protocol version 1
  18. #HostKey /etc/ssh/ssh_host_key
  19. # HostKeys for protocol version 2
  20. #HostKey /etc/ssh/ssh_host_rsa_key
  21. #HostKey /etc/ssh/ssh_host_dsa_key
  22. # default value.
  24. #AddressFamily any
  25. #ListenAddress 0.0.0.0
  26. #ListenAddress :: #指定只监听的IP地址,设置只允许此IP登陆
  27. # Disable legacy (protocol version 1) support in the server for new
  28. # installations. In future the default will change to require explicit
  29. # activation of protocol 1
  31. # HostKey for protocol version 1
  32. #HostKey /etc/ssh/ssh_host_key
  33. # HostKeys for protocol version 2
  34. #HostKey /etc/ssh/ssh_host_rsa_key
  35. #HostKey /etc/ssh/ssh_host_dsa_key
  36. # Lifetime and size of ephemeral version 1 server key
  37. #KeyRegenerationInterval 1h
  38. #ServerKeyBits 1024 #定义密钥长度,默认长度1024
  39. # Logging
  40. # obsoletes QuietMode and FascistLogging
  41. #SyslogFacility AUTH
  42. SyslogFacility AUTHPRIV
  43. #LogLevel INFO
  44. # Authentication:
  45. #LoginGraceTime 2m #连接断开前等待时间
  46. #PermitRootLogin yes #禁止root用户登陆
  47. #StrictModes yes
  48. #MaxAuthTries 6
  49. #MaxSessions 10
  50. #RSAAuthentication yes
  51. #PubkeyAuthentication yes
  52. #AuthorizedKeysFile .ssh/authorized_keys
  53. #AuthorizedKeysCommand none
  54. #AuthorizedKeysCommandRunAs nobody
  55. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  56. #RhostsRSAAuthentication no
  57. # similar for protocol version 2
  58. #HostbasedAuthentication no
  59. # Change to yes if you don't trust ~/.ssh/known_hosts for
  60. # RhostsRSAAuthentication and HostbasedAuthentication
  61. #IgnoreUserKnownHosts no
  62. # Don't read the user's ~/.rhosts and ~/.shosts files
  63. #IgnoreRhosts yes
  64. # To disable tunneled clear text passwords, change to no here!
  65. #PasswordAuthentication yes
  66. #PermitEmptyPasswords no
  67. PasswordAuthentication yes #是否允许使用账号和密码登陆,改为no将不允许使用账号和密码登陆,可使用私钥登陆。
  68. # Change to no to disable s/key passwords
  69. #ChallengeResponseAuthentication yes
  70. ChallengeResponseAuthentication no
  71. # Kerberos options
  72. #KerberosAuthentication no
  73. #KerberosOrLocalPasswd yes
  74. #KerberosTicketCleanup yes
  75. #KerberosGetAFSToken no
  76. #KerberosUseKuserok yes
  77. # GSSAPI options
  78. #GSSAPIAuthentication no
  79. GSSAPIAuthentication yes
  80. #GSSAPICleanupCredentials yes
  81. GSSAPICleanupCredentials yes
  82. #GSSAPIStrictAcceptorCheck yes
  83. #GSSAPIKeyExchange no
  84. # Set this to 'yes' to enable PAM authentication, account processing,
  85. # and session processing. If this is enabled, PAM authentication will
  86. # be allowed through the ChallengeResponseAuthentication and
  87. # PasswordAuthentication. Depending on your PAM configuration,
  88. # PAM authentication via ChallengeResponseAuthentication may bypass
  89. # the setting of "PermitRootLogin without-password".
  90. # If you just want the PAM account and session checks to run without
  91. # PAM authentication, then enable this but set PasswordAuthentication
  92. # and ChallengeResponseAuthentication to 'no'.
  93. #UsePAM no
  94. UsePAM yes
  95. # Accept locale-related environment variables
  96. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  97. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  98. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  99. AcceptEnv XMODIFIERS
  100. #AllowAgentForwarding yes
  101. #AllowTcpForwarding yes
  102. #GatewayPorts no
  103. #X11Forwarding no
  104. X11Forwarding yes
  105. #X11DisplayOffset 10
  106. #X11UseLocalhost yes
  107. #PrintMotd yes #是否打印 /etc/motd 连接时显示的信息
  108. #PrintLastLog yes #是否显示上次登陆信息
  109. #TCPKeepAlive yes
  110. #UseLogin no
  111. #UsePrivilegeSeparation yes #是否允许低权限用户产生新连接进程,no表示如何用户都是用root权限运行ssh
  112. #PermitUserEnvironment no
  113. #Compression delayed
  114. #ClientAliveInterval 0
  115. #ClientAliveCountMax 3
  116. #ShowPatchLevel no
  117. #UseDNS yes #是否启用DNS验证,外网需要启用
  118. #PidFile /var/run/sshd.pid #存放服务进程ID
  119. #MaxStartups 10:30:100
  120. #PermitTunnel no
  121. #ChrootDirectory none
  122. # no default banner path
  123. #Banner none
  124. # override default of no subsystems
  125. Subsystem sftp /usr/libexec/openssh/sftp-server
  126. # Example of overriding settings on a per-user basis
  127. #Match User anoncvs
  128. # X11Forwarding no
  129. # AllowTcpForwarding no
  130. # ForceCommand cvs server
 
 

SSHD服务搭建的更多相关文章

  1. cygwin安装sshd服务并实现无密码登录

    http://blog.csdn.net/cybercode/article/details/7080743 这篇文章主要是为我在win7(64位)下搭建hadoop环境所准备的.首先参照在cygwi ...

  2. SFTP 服务搭建

    1. 介绍 sftp是Secure File Transfer Protocol的缩写,安全文件传送协议.可以为传输文件提供一种安全的加密方法.sftp 与 ftp 有着几乎一样的语法和功能.SFTP ...

  3. sshd服务器搭建管理和防止暴力破解

    1.1 Linux服务前期环境准备,搭建一个RHEL7环境 1.2 sshd服务安装-ssh命令使用方法 1.3 sshd服务配置和管理 1.4 防止SSHD服务暴力破解的几种方式 1.1 Linux ...

  4. 开源服务专题之------sshd服务安装管理及配置文件理解和安全调优

    本专题我将讨论一下开源服务,随着开源社区的日趋丰富,开源软件.开源服务,已经成为人类的一种公共资源,发展势头可谓一日千里,所以不可不知.SSHD服务,在我们的linux服务器上经常用到,很重要,涉及到 ...

  5. BackTrack 5 开启SSHD服务

    BackTrack 5 开启SSHD服务 1 service ssh start 但启动后,仍然无法从远程连接,会有提示: 1 Read from socket failed: Connection ...

  6. Fedora 启动sshd服务:

    .先确认是否已安装ssh服务: [root@localhost ~]# rpm -qa | grep openssh-server openssh-server-.3p1-.fc12.i686 (这行 ...

  7. kaili开启sshd服务

    使用xshell远程连接kali 2.0时要开启kaili上的sshd服务,具体方法如下: 命令: vim /etc/ssh/sshd_config # Package generated confi ...

  8. sshd服务---暴力破解应对策略

    sshd服务暴力破解步骤 sshd暴力破解方法 防止暴力破解调优 1. 变更默认端口 2. 变更root用户 3. 日志监控-->防止暴力破解(fail2ban应用) fail2ban详解 在初 ...

  9. ServiceStack.Hello——跨平台.net REST api服务搭建

    ServiceStack.Hello--跨平台.net REST api服务搭建 自己创建: https://github.com/ServiceStack/ServiceStack/wiki/Cre ...

随机推荐

  1. 用docker toolBox 搭建 nginx + flask + redis 环境

    本篇博客,主要是了解一下docker-compose的使用,docker-compose是官方给出的同时部署多个容器的解决方案:当你需要多个容器同时运行作为你的解决方案时:比如构建一个网站,需要php ...

  2. Android编译系统参考手册

    build/core/clear_vars.mk Clear out values of all variables used by rule templates 清除LOCAL变量,每个模块的And ...

  3. Tips for VNCServer config

    Tips for VNCServer After the ClearCase server reboot by Jingwei, my vncserver background process is ...

  4. BZOJ 3339 && BZOJ 3585 莫队+权值分块

    显然若一个数大于n就不可能是答案. #include <iostream> #include <cstring> #include <cstdio> #includ ...

  5. oracle xmltype导入并解析Excel数据 (三)解析Excel数据

    包声明 create or replace package PKG_EXCEL_UTILS is -- Author: zkongbai-- Create at: 2016-07-06-- Actio ...

  6. BackTrack5-r3系统软件更新

    所需文件包地址:http://pan.baidu.com/s/1i3ouc9v(64位更新包) 进入BT系统图形模式-打开BT终端输入:apt-get update 按回车//更新软件目录 软件更新将 ...

  7. PCH文件

    作用:xcode5 自带的一个文件,xcode以后这个文件需要自己手动创建(这个是xcode5 和xcode6最大的区别)提前编译文件,一般情况下.我们在pch文件中#import一些项目中常用的软件 ...

  8. c++ 顺序容器适配器

    第一次看到stack,以为它是一个和vector同等地位的容器,其实不是 官方解释:stacks are a type of container adaptor, specifically desig ...

  9. 字符串反转C#的实现

    字符串反转是面试过程中出现频率较高的算法题,今天一个牛同事让我用C#帮他实现这个算法,前提当然是不能使用类库. 例如: how are you 的反转结果为 you are how. 算法1: 是我当 ...

  10. re模块详解

    #!/usr/bin/env python #-*- coding:UTF-8 -*- ##################################################### # ...