SSH

jovice

SSH(Secure SHell在网络上加密传输)
一.SSH提供两种级别的安全验证:
1.基于口令的安全验证
2.基于密匙的安全验证

需要软件包
openssh-
openssh-server-
openssh-askpass-gnome-
openssh-clients-
openssh-ackpass-
启动service sshd start 或 /etc/rc.d/initd/sshd start
ssh -l root 127.0.0.1
登陆完后会在~/.ssh/know_hosts中加入识别标记

OpenSSH系统范围配置文件 /etc/ssh/ssh_config
OpenSSH配置文件  /etc/ssh/sshd_config

禁止root登陆vim /etc/ssh/sshd_config
改PermitRootLogin no

二.启用公钥认证
(假设服务端用户jovice IP:192.168.1.100.   客户端为jokehua IP:192.168.1.103)
1.vim /etc/ssh/sshd_config 改PasswordAuthentication no
2.ssh-keygen -t rsa  #产生一对密匙:id_rsa(密匙) id_rsa.pub(公匙)
3.mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys (改公匙名)
4.cp -r /root/.ssh /home/jovice   
chowm jovice:jovice /home/jovice/.ssh
#服务端放authorized_keys(公匙)
#客户端放id_rsa(密匙)即可。需要将所属用户改成该用户
5.chmod 644 /home/jovice/.ssh/authorized_keys (只有用户对公匙有写权限，否则ssh不工作)
6.把密匙复制到客户端:
在服务端scp /root/.ssh/id_rsa
[email=jokehua@192.168.1.103:/home/jokehua]jokehua@192.168.1.103:/home/jokehua[/email]
或
在客户端操作scp -r
[email=root@192.168.1.100:/home/root/.ssh]root@192.168.1.100:/home/root/.ssh[/email]
/home/jokehua
(前提是PasswordAuthentication yes)
7.chmod 700 /home/jokehua  #id_rsa权限必须是-rw-------
8.在客户端jokehua下测试:ssh
jovice@192.168.1.100



本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u2/68813/showart_715725.html