SSH协议:安全外壳协议。为Secure Shell 缩写。SSH为建立在应用层和传输层基础上的安全协议。

 
1、检查SSH服务端安装情况
  1. [root@rhel6_84 ~]# rpm -qpi /mnt/Packages/openssh-server-5.3p1-94.el6.x86_64.rpm #rpm -qpi packetname 查看安装包的内容
  2. ~]# rpm -qa |grep openssh #检查ssh安装情况。如果没有使用rpm安装一遍。
  3. openssh-5.3p1-94.el6.x86_64
  4. openssh-clients-5.3p1-94.el6.x86_64
  5. openssh-askpass-5.3p1-94.el6.x86_64
  6. openssh-server-5.3p1-94.el6.x86_64
 
2、启动SSHD服务
  1. [root@rhel-6 ~]# service sshd start
  2. [root@rhel-6 ~]# /etc/init.d/sshd start #绝对路径方式启动
  3. [root@rhel-6 ~]# chkconfig sshd on #设置sshd服务开机自启 on自启 off关闭自启
    [root@rhel-6 ~]# chkconfig --list sshd #检查开机自启情况
    sshd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
 
3、客户端保存的密钥
  1. [~]# cat .ssh/known_hosts #查看本机保存的服务端的密钥。
  2. 192.168.3.81 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCzit8dq4s0xZCk1Gme5GJfYaWZzYHW37KHMfpaU7Fc2/npmJpHpufXGiYR+h9bAR6DBJvDzp5Mr/nmoaOxLb9WH4dsD9ZyLVTLzp3gaFpk9Fc7B8VRznIgveRYmIue146DoU3+Hjt7DWA19Cg4vxGZih/RekhmUgwEbKmxoC1KW6Qm6Aqd+F5oNIdign8KtFaIMzE4cNcL6YEb1wdYTk3fdUWhUip0Fir3sej9zjrGdCCA3HPxuPbsPE+3yaQ975yfelKRHI/DUpsKegQHK88RtfElLnDOVgle/yne8vsvDgnB1JYKZTGu8XuHG+vGwQAR+E2AelQcQDVFZ0+eJ+T
 
4、SSHD服务配置文件
  1. [root@rhel6_84 ~]# cp /etc/ssh/sshd_config{,.back} #修改前备份此配置文件
  2. [root@rhel6_84 ~]# ls /etc/ssh/
    moduli ssh_config sshd_config sshd_config.back ssh_host_dsa_key
  3. [root@rhel6_84 ~]# cat -n /etc/ssh/sshd_config
  4. #Port 22 #端口,默认是22,最好修改为其它
  5. [root@rhel6_84 ~]# netstat -anptu |grep ssh #修改好后,查看ssh服务是否正常监听新端口(222)
    tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2597/sshd
    tcp 0 0 0.0.0.0: 0.0.0.0:* LISTEN 2765/sshd
    tcp 0 52 192.168.3.84:22 192.168.3.130:57537 ESTABLISHED 2597/sshd
    tcp 0 0 ::1:6010 :::* LISTEN 2597/sshd
    tcp 0 0 :::222 :::* LISTEN 2765/sshd
 
5、新端口ssh连接
  1. root@192.168.3.84 #加上-p参数 指定222端口 连接新服务器
 
6、SSHD配置文件详解
  1. # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
  2. # This is the sshd server system-wide configuration file. See
  3. # sshd_config(5) for more information.
  4. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin #ssh所执行的bash目录
  5. # The strategy used for options in the default sshd_config shipped with
  6. # OpenSSH is to specify options with their default value where
  7. # possible, but leave them commented. Uncommented options change a
  8. # default value.
  9. Port222 #ssh服务端口号
  10. #AddressFamily any
  11. #ListenAddress 0.0.0.0
  12. #ListenAddress ::
  13. # Disable legacy (protocol version 1) support in the server for new
  14. # installations. In future the default will change to require explicit
  15. # activation of protocol 1
  17. # HostKey for protocol version 1
  18. #HostKey /etc/ssh/ssh_host_key
  19. # HostKeys for protocol version 2
  20. #HostKey /etc/ssh/ssh_host_rsa_key
  21. #HostKey /etc/ssh/ssh_host_dsa_key
  22. # default value.
  24. #AddressFamily any
  25. #ListenAddress 0.0.0.0
  26. #ListenAddress :: #指定只监听的IP地址,设置只允许此IP登陆
  27. # Disable legacy (protocol version 1) support in the server for new
  28. # installations. In future the default will change to require explicit
  29. # activation of protocol 1
  31. # HostKey for protocol version 1
  32. #HostKey /etc/ssh/ssh_host_key
  33. # HostKeys for protocol version 2
  34. #HostKey /etc/ssh/ssh_host_rsa_key
  35. #HostKey /etc/ssh/ssh_host_dsa_key
  36. # Lifetime and size of ephemeral version 1 server key
  37. #KeyRegenerationInterval 1h
  38. #ServerKeyBits 1024 #定义密钥长度,默认长度1024
  39. # Logging
  40. # obsoletes QuietMode and FascistLogging
  41. #SyslogFacility AUTH
  42. SyslogFacility AUTHPRIV
  43. #LogLevel INFO
  44. # Authentication:
  45. #LoginGraceTime 2m #连接断开前等待时间
  46. #PermitRootLogin yes #禁止root用户登陆
  47. #StrictModes yes
  48. #MaxAuthTries 6
  49. #MaxSessions 10
  50. #RSAAuthentication yes
  51. #PubkeyAuthentication yes
  52. #AuthorizedKeysFile .ssh/authorized_keys
  53. #AuthorizedKeysCommand none
  54. #AuthorizedKeysCommandRunAs nobody
  55. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  56. #RhostsRSAAuthentication no
  57. # similar for protocol version 2
  58. #HostbasedAuthentication no
  59. # Change to yes if you don't trust ~/.ssh/known_hosts for
  60. # RhostsRSAAuthentication and HostbasedAuthentication
  61. #IgnoreUserKnownHosts no
  62. # Don't read the user's ~/.rhosts and ~/.shosts files
  63. #IgnoreRhosts yes
  64. # To disable tunneled clear text passwords, change to no here!
  65. #PasswordAuthentication yes
  66. #PermitEmptyPasswords no
  67. PasswordAuthentication yes #是否允许使用账号和密码登陆,改为no将不允许使用账号和密码登陆,可使用私钥登陆。
  68. # Change to no to disable s/key passwords
  69. #ChallengeResponseAuthentication yes
  70. ChallengeResponseAuthentication no
  71. # Kerberos options
  72. #KerberosAuthentication no
  73. #KerberosOrLocalPasswd yes
  74. #KerberosTicketCleanup yes
  75. #KerberosGetAFSToken no
  76. #KerberosUseKuserok yes
  77. # GSSAPI options
  78. #GSSAPIAuthentication no
  79. GSSAPIAuthentication yes
  80. #GSSAPICleanupCredentials yes
  81. GSSAPICleanupCredentials yes
  82. #GSSAPIStrictAcceptorCheck yes
  83. #GSSAPIKeyExchange no
  84. # Set this to 'yes' to enable PAM authentication, account processing,
  85. # and session processing. If this is enabled, PAM authentication will
  86. # be allowed through the ChallengeResponseAuthentication and
  87. # PasswordAuthentication. Depending on your PAM configuration,
  88. # PAM authentication via ChallengeResponseAuthentication may bypass
  89. # the setting of "PermitRootLogin without-password".
  90. # If you just want the PAM account and session checks to run without
  91. # PAM authentication, then enable this but set PasswordAuthentication
  92. # and ChallengeResponseAuthentication to 'no'.
  93. #UsePAM no
  94. UsePAM yes
  95. # Accept locale-related environment variables
  96. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  97. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  98. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  99. AcceptEnv XMODIFIERS
  100. #AllowAgentForwarding yes
  101. #AllowTcpForwarding yes
  102. #GatewayPorts no
  103. #X11Forwarding no
  104. X11Forwarding yes
  105. #X11DisplayOffset 10
  106. #X11UseLocalhost yes
  107. #PrintMotd yes #是否打印 /etc/motd 连接时显示的信息
  108. #PrintLastLog yes #是否显示上次登陆信息
  109. #TCPKeepAlive yes
  110. #UseLogin no
  111. #UsePrivilegeSeparation yes #是否允许低权限用户产生新连接进程,no表示如何用户都是用root权限运行ssh
  112. #PermitUserEnvironment no
  113. #Compression delayed
  114. #ClientAliveInterval 0
  115. #ClientAliveCountMax 3
  116. #ShowPatchLevel no
  117. #UseDNS yes #是否启用DNS验证,外网需要启用
  118. #PidFile /var/run/sshd.pid #存放服务进程ID
  119. #MaxStartups 10:30:100
  120. #PermitTunnel no
  121. #ChrootDirectory none
  122. # no default banner path
  123. #Banner none
  124. # override default of no subsystems
  125. Subsystem sftp /usr/libexec/openssh/sftp-server
  126. # Example of overriding settings on a per-user basis
  127. #Match User anoncvs
  128. # X11Forwarding no
  129. # AllowTcpForwarding no
  130. # ForceCommand cvs server
 
 

SSHD服务搭建的更多相关文章

  1. cygwin安装sshd服务并实现无密码登录

    http://blog.csdn.net/cybercode/article/details/7080743 这篇文章主要是为我在win7(64位)下搭建hadoop环境所准备的.首先参照在cygwi ...

  2. SFTP 服务搭建

    1. 介绍 sftp是Secure File Transfer Protocol的缩写,安全文件传送协议.可以为传输文件提供一种安全的加密方法.sftp 与 ftp 有着几乎一样的语法和功能.SFTP ...

  3. sshd服务器搭建管理和防止暴力破解

    1.1 Linux服务前期环境准备,搭建一个RHEL7环境 1.2 sshd服务安装-ssh命令使用方法 1.3 sshd服务配置和管理 1.4 防止SSHD服务暴力破解的几种方式 1.1 Linux ...

  4. 开源服务专题之------sshd服务安装管理及配置文件理解和安全调优

    本专题我将讨论一下开源服务,随着开源社区的日趋丰富,开源软件.开源服务,已经成为人类的一种公共资源,发展势头可谓一日千里,所以不可不知.SSHD服务,在我们的linux服务器上经常用到,很重要,涉及到 ...

  5. BackTrack 5 开启SSHD服务

    BackTrack 5 开启SSHD服务 1 service ssh start 但启动后,仍然无法从远程连接,会有提示: 1 Read from socket failed: Connection ...

  6. Fedora 启动sshd服务:

    .先确认是否已安装ssh服务: [root@localhost ~]# rpm -qa | grep openssh-server openssh-server-.3p1-.fc12.i686 (这行 ...

  7. kaili开启sshd服务

    使用xshell远程连接kali 2.0时要开启kaili上的sshd服务,具体方法如下: 命令: vim /etc/ssh/sshd_config # Package generated confi ...

  8. sshd服务---暴力破解应对策略

    sshd服务暴力破解步骤 sshd暴力破解方法 防止暴力破解调优 1. 变更默认端口 2. 变更root用户 3. 日志监控-->防止暴力破解(fail2ban应用) fail2ban详解 在初 ...

  9. ServiceStack.Hello——跨平台.net REST api服务搭建

    ServiceStack.Hello--跨平台.net REST api服务搭建 自己创建: https://github.com/ServiceStack/ServiceStack/wiki/Cre ...

随机推荐

  1. JavaScript数组模拟栈和队列

    *栈和队列:js中没有真正的栈和队列的类型              一切都是用数组对象模拟的 栈:只能从一端进出的数组,另一端封闭       FILO   何时使用:今后只要仅希望数组只能从一端进 ...

  2. 本地mysql数据库root密码丢失修改方法

      1,停止数据库 2,cd /etc/mysql 3,利用vim命令打开mysql配置文件my.cnf,在mysqld进程配置文件中添加skip-grant-tables,添加完成后,执行wd保存. ...

  3. 发布网站时报错:未能将文件xxx复制到xxx,问题处理

    发布时报错提示: 错误 1 未能将文件 UpLoad\images\73CDC40ECCA44550BA8201D2AC187A46.jpg 复制到 obj\Debug\Package\Package ...

  4. JAVAWEB学习总结 HTTPSERVLETRESPONSE对象(二)

    一.HttpServletResponse常见应用--生成验证码 1.1.生成随机图片用作验证码 生成图片主要用到了一个BufferedImage类 步骤: 1. 在内存中创建一张图片 2.得到图片 ...

  5. 【LeetCode】Gray Code

    Gray Code The gray code is a binary numeral system where two successive values differ in only one bi ...

  6. xml 读取递归算法

    xml 读取递归算法:

  7. wdcp的安装方法与常见问题

    wdcp(WDlinux Control Panel)是一套用PHP开发的Linux服务器管理系统,通过面板来操作可以彻底放弃用ssh 命令来操作的繁琐,让Linux服务器系统变得更容易使用,可以在线 ...

  8. c#读写文件

    1.添加命名空间 System.IO; System.Text; 2.文件的读取 (1).使用FileStream类进行文件的读取,并将它转换成char数组,然后输出. byte[] byData = ...

  9. .net 如何引用迅雷组件

    本文记录两个部分,本人自己引用迅雷组件的经历和引用迅雷组件相关原理 the first: 添加引用 -> COM -> ThunderAgent 1.0 Type Library(前提是已 ...

  10. 【JS】FOR循环通关只循环一次length提高性能

    问题来源于jqueryAPI 原文: Iteration An array has a length property that is useful for iteration: for ( var ...