SSH协议:安全外壳协议。为Secure Shell 缩写。SSH为建立在应用层和传输层基础上的安全协议。

 
1、检查SSH服务端安装情况
  1. [root@rhel6_84 ~]# rpm -qpi /mnt/Packages/openssh-server-5.3p1-94.el6.x86_64.rpm #rpm -qpi packetname 查看安装包的内容
  2. ~]# rpm -qa |grep openssh #检查ssh安装情况。如果没有使用rpm安装一遍。
  3. openssh-5.3p1-94.el6.x86_64
  4. openssh-clients-5.3p1-94.el6.x86_64
  5. openssh-askpass-5.3p1-94.el6.x86_64
  6. openssh-server-5.3p1-94.el6.x86_64
 
2、启动SSHD服务
  1. [root@rhel-6 ~]# service sshd start
  2. [root@rhel-6 ~]# /etc/init.d/sshd start #绝对路径方式启动
  3. [root@rhel-6 ~]# chkconfig sshd on #设置sshd服务开机自启 on自启 off关闭自启
    [root@rhel-6 ~]# chkconfig --list sshd #检查开机自启情况
    sshd 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
 
3、客户端保存的密钥
  1. [~]# cat .ssh/known_hosts #查看本机保存的服务端的密钥。
  2. 192.168.3.81 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCzit8dq4s0xZCk1Gme5GJfYaWZzYHW37KHMfpaU7Fc2/npmJpHpufXGiYR+h9bAR6DBJvDzp5Mr/nmoaOxLb9WH4dsD9ZyLVTLzp3gaFpk9Fc7B8VRznIgveRYmIue146DoU3+Hjt7DWA19Cg4vxGZih/RekhmUgwEbKmxoC1KW6Qm6Aqd+F5oNIdign8KtFaIMzE4cNcL6YEb1wdYTk3fdUWhUip0Fir3sej9zjrGdCCA3HPxuPbsPE+3yaQ975yfelKRHI/DUpsKegQHK88RtfElLnDOVgle/yne8vsvDgnB1JYKZTGu8XuHG+vGwQAR+E2AelQcQDVFZ0+eJ+T
 
4、SSHD服务配置文件
  1. [root@rhel6_84 ~]# cp /etc/ssh/sshd_config{,.back} #修改前备份此配置文件
  2. [root@rhel6_84 ~]# ls /etc/ssh/
    moduli ssh_config sshd_config sshd_config.back ssh_host_dsa_key
  3. [root@rhel6_84 ~]# cat -n /etc/ssh/sshd_config
  4. #Port 22 #端口,默认是22,最好修改为其它
  5. [root@rhel6_84 ~]# netstat -anptu |grep ssh #修改好后,查看ssh服务是否正常监听新端口(222)
    tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2597/sshd
    tcp 0 0 0.0.0.0: 0.0.0.0:* LISTEN 2765/sshd
    tcp 0 52 192.168.3.84:22 192.168.3.130:57537 ESTABLISHED 2597/sshd
    tcp 0 0 ::1:6010 :::* LISTEN 2597/sshd
    tcp 0 0 :::222 :::* LISTEN 2765/sshd
 
5、新端口ssh连接
  1. root@192.168.3.84 #加上-p参数 指定222端口 连接新服务器
 
6、SSHD配置文件详解
  1. # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $
  2. # This is the sshd server system-wide configuration file. See
  3. # sshd_config(5) for more information.
  4. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin #ssh所执行的bash目录
  5. # The strategy used for options in the default sshd_config shipped with
  6. # OpenSSH is to specify options with their default value where
  7. # possible, but leave them commented. Uncommented options change a
  8. # default value.
  9. Port222 #ssh服务端口号
  10. #AddressFamily any
  11. #ListenAddress 0.0.0.0
  12. #ListenAddress ::
  13. # Disable legacy (protocol version 1) support in the server for new
  14. # installations. In future the default will change to require explicit
  15. # activation of protocol 1
  17. # HostKey for protocol version 1
  18. #HostKey /etc/ssh/ssh_host_key
  19. # HostKeys for protocol version 2
  20. #HostKey /etc/ssh/ssh_host_rsa_key
  21. #HostKey /etc/ssh/ssh_host_dsa_key
  22. # default value.
  24. #AddressFamily any
  25. #ListenAddress 0.0.0.0
  26. #ListenAddress :: #指定只监听的IP地址,设置只允许此IP登陆
  27. # Disable legacy (protocol version 1) support in the server for new
  28. # installations. In future the default will change to require explicit
  29. # activation of protocol 1
  31. # HostKey for protocol version 1
  32. #HostKey /etc/ssh/ssh_host_key
  33. # HostKeys for protocol version 2
  34. #HostKey /etc/ssh/ssh_host_rsa_key
  35. #HostKey /etc/ssh/ssh_host_dsa_key
  36. # Lifetime and size of ephemeral version 1 server key
  37. #KeyRegenerationInterval 1h
  38. #ServerKeyBits 1024 #定义密钥长度,默认长度1024
  39. # Logging
  40. # obsoletes QuietMode and FascistLogging
  41. #SyslogFacility AUTH
  42. SyslogFacility AUTHPRIV
  43. #LogLevel INFO
  44. # Authentication:
  45. #LoginGraceTime 2m #连接断开前等待时间
  46. #PermitRootLogin yes #禁止root用户登陆
  47. #StrictModes yes
  48. #MaxAuthTries 6
  49. #MaxSessions 10
  50. #RSAAuthentication yes
  51. #PubkeyAuthentication yes
  52. #AuthorizedKeysFile .ssh/authorized_keys
  53. #AuthorizedKeysCommand none
  54. #AuthorizedKeysCommandRunAs nobody
  55. # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
  56. #RhostsRSAAuthentication no
  57. # similar for protocol version 2
  58. #HostbasedAuthentication no
  59. # Change to yes if you don't trust ~/.ssh/known_hosts for
  60. # RhostsRSAAuthentication and HostbasedAuthentication
  61. #IgnoreUserKnownHosts no
  62. # Don't read the user's ~/.rhosts and ~/.shosts files
  63. #IgnoreRhosts yes
  64. # To disable tunneled clear text passwords, change to no here!
  65. #PasswordAuthentication yes
  66. #PermitEmptyPasswords no
  67. PasswordAuthentication yes #是否允许使用账号和密码登陆,改为no将不允许使用账号和密码登陆,可使用私钥登陆。
  68. # Change to no to disable s/key passwords
  69. #ChallengeResponseAuthentication yes
  70. ChallengeResponseAuthentication no
  71. # Kerberos options
  72. #KerberosAuthentication no
  73. #KerberosOrLocalPasswd yes
  74. #KerberosTicketCleanup yes
  75. #KerberosGetAFSToken no
  76. #KerberosUseKuserok yes
  77. # GSSAPI options
  78. #GSSAPIAuthentication no
  79. GSSAPIAuthentication yes
  80. #GSSAPICleanupCredentials yes
  81. GSSAPICleanupCredentials yes
  82. #GSSAPIStrictAcceptorCheck yes
  83. #GSSAPIKeyExchange no
  84. # Set this to 'yes' to enable PAM authentication, account processing,
  85. # and session processing. If this is enabled, PAM authentication will
  86. # be allowed through the ChallengeResponseAuthentication and
  87. # PasswordAuthentication. Depending on your PAM configuration,
  88. # PAM authentication via ChallengeResponseAuthentication may bypass
  89. # the setting of "PermitRootLogin without-password".
  90. # If you just want the PAM account and session checks to run without
  91. # PAM authentication, then enable this but set PasswordAuthentication
  92. # and ChallengeResponseAuthentication to 'no'.
  93. #UsePAM no
  94. UsePAM yes
  95. # Accept locale-related environment variables
  96. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  97. AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
  98. AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  99. AcceptEnv XMODIFIERS
  100. #AllowAgentForwarding yes
  101. #AllowTcpForwarding yes
  102. #GatewayPorts no
  103. #X11Forwarding no
  104. X11Forwarding yes
  105. #X11DisplayOffset 10
  106. #X11UseLocalhost yes
  107. #PrintMotd yes #是否打印 /etc/motd 连接时显示的信息
  108. #PrintLastLog yes #是否显示上次登陆信息
  109. #TCPKeepAlive yes
  110. #UseLogin no
  111. #UsePrivilegeSeparation yes #是否允许低权限用户产生新连接进程,no表示如何用户都是用root权限运行ssh
  112. #PermitUserEnvironment no
  113. #Compression delayed
  114. #ClientAliveInterval 0
  115. #ClientAliveCountMax 3
  116. #ShowPatchLevel no
  117. #UseDNS yes #是否启用DNS验证,外网需要启用
  118. #PidFile /var/run/sshd.pid #存放服务进程ID
  119. #MaxStartups 10:30:100
  120. #PermitTunnel no
  121. #ChrootDirectory none
  122. # no default banner path
  123. #Banner none
  124. # override default of no subsystems
  125. Subsystem sftp /usr/libexec/openssh/sftp-server
  126. # Example of overriding settings on a per-user basis
  127. #Match User anoncvs
  128. # X11Forwarding no
  129. # AllowTcpForwarding no
  130. # ForceCommand cvs server
 
 

SSHD服务搭建的更多相关文章

  1. cygwin安装sshd服务并实现无密码登录

    http://blog.csdn.net/cybercode/article/details/7080743 这篇文章主要是为我在win7(64位)下搭建hadoop环境所准备的.首先参照在cygwi ...

  2. SFTP 服务搭建

    1. 介绍 sftp是Secure File Transfer Protocol的缩写,安全文件传送协议.可以为传输文件提供一种安全的加密方法.sftp 与 ftp 有着几乎一样的语法和功能.SFTP ...

  3. sshd服务器搭建管理和防止暴力破解

    1.1 Linux服务前期环境准备,搭建一个RHEL7环境 1.2 sshd服务安装-ssh命令使用方法 1.3 sshd服务配置和管理 1.4 防止SSHD服务暴力破解的几种方式 1.1 Linux ...

  4. 开源服务专题之------sshd服务安装管理及配置文件理解和安全调优

    本专题我将讨论一下开源服务,随着开源社区的日趋丰富,开源软件.开源服务,已经成为人类的一种公共资源,发展势头可谓一日千里,所以不可不知.SSHD服务,在我们的linux服务器上经常用到,很重要,涉及到 ...

  5. BackTrack 5 开启SSHD服务

    BackTrack 5 开启SSHD服务 1 service ssh start 但启动后,仍然无法从远程连接,会有提示: 1 Read from socket failed: Connection ...

  6. Fedora 启动sshd服务:

    .先确认是否已安装ssh服务: [root@localhost ~]# rpm -qa | grep openssh-server openssh-server-.3p1-.fc12.i686 (这行 ...

  7. kaili开启sshd服务

    使用xshell远程连接kali 2.0时要开启kaili上的sshd服务,具体方法如下: 命令: vim /etc/ssh/sshd_config # Package generated confi ...

  8. sshd服务---暴力破解应对策略

    sshd服务暴力破解步骤 sshd暴力破解方法 防止暴力破解调优 1. 变更默认端口 2. 变更root用户 3. 日志监控-->防止暴力破解(fail2ban应用) fail2ban详解 在初 ...

  9. ServiceStack.Hello——跨平台.net REST api服务搭建

    ServiceStack.Hello--跨平台.net REST api服务搭建 自己创建: https://github.com/ServiceStack/ServiceStack/wiki/Cre ...

随机推荐

  1. 基于css3的轮播效果

    花了一上午来调整页面在ie10上的显示问题,sass编译生成的css文件在ie内核下一直不能正确加载,果然兼容性的问题还需要好好研究.转入正题,用css3实现轮播效果主要是基于css3的framewo ...

  2. Monte Carlo方法简介(转载)

    Monte Carlo方法简介(转载)       今天向大家介绍一下我现在主要做的这个东东. Monte Carlo方法又称为随机抽样技巧或统计实验方法,属于计算数学的一个分支,它是在上世纪四十年代 ...

  3. BZOJ 3176 Sort

    先一遍reverse+逆序对个数. 要开long long啊. #include<iostream> #include<cstdio> #include<cstring& ...

  4. Java面向对象基础知识汇总

    OOP:Orient Object Programe AOP:Aspect Orient Programe 封装:Encapsulation 继承:Inheritance 多态:Polymorphmi ...

  5. zepto插件 countdown 倒计时插件 从jquery 改成 zepto

    插件特色:支持zepto库  支持时间戳格式 支持年月日时分秒格式 countdown 由jquery依赖库改成zepto zepto的event机制与jquery不同,所以更换之后代码不能正常运行 ...

  6. Maven指令

    mvn clean compile  //clean告诉Maven清理输出目录target/,compile告诉Maven编译项目主代码. mvn clean test  //清理输出目录target ...

  7. Javascript、CSS和IMG之网页执行探索

    测试环境:windows/chrome 实例1:页面中仅有图片 <html xmlns="http://www.w3.org/1999/xhtml"> <head ...

  8. 模拟jQuery库

    用js模拟jQuery方法,体会封装思想 <!DOCTYPE html><html><head><meta charset="UTF-8" ...

  9. Matlab代码优化--向量化

    前段时间改写老师的一个计算纳米细颗粒物的C语言程序,不过运行的效率实在是太低了,工作站跑都很吃劲,晚上看了冈萨雷斯的数字图像处理意外发现了问题所在.在将C语言的程序改写成Matlab程序的时候我还是保 ...

  10. 国内如何使用gem?

    答案很简单,使用淘宝镜像! https://ruby.taobao.org/ 造福人类啊! 设置方法: $ gem sources --add https://ruby.taobao.org/ --r ...