ssh远程连接工具

ssh加密连接服务器 端口号22
telnet 未加密连接服务器 端口号 23 （root无法登录）

[c:\~]$ ssh  root@10.0.0.31 22
Connecting to 10.0.0.31:22...
Connection established.

[root@nfs01 ~]# yum install -y telnet.server
[root@nfs01 ~]# systemctl restart telnet.socket 
[c:\~]$ telnet oldboy@10.0.0.31 23
Connecting to 10.0.0.31:23...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.

• telnet 连接需要确定服务器已经开启服务

ssh 远程工具 ssh scp sftp

ssh 可以直接连接其他服务器并执行命令

• -p指定端口

[oldboy@nfs01 ~]$ ssh 10.0.0.41  hostname 
The authenticity of host '10.0.0.41 (10.0.0.41)' can't be established.
ECDSA key fingerprint is SHA256:/+gaWarfVsA+vda1BRYpVLU8jSaOVLhmSQJLflo/q+U.
ECDSA key fingerprint is MD5:95:f0:0f:f6:76:12:ec:a0:c8:77:dd:63:5b:3e:fa:78.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.41' (ECDSA) to the list of known hosts.
oldboy@10.0.0.41's password: 
backup
[oldboy@nfs01 ~]$ 

• 第一次连接需要确认yes 并输入密码

scp 远程复制
-P 指定端口号

[oldboy@nfs01 ~]$ scp  -P 22   /etc/hostname    root@10.0.0.31:/mnt 
The authenticity of host '10.0.0.31 (10.0.0.31)' can't be established.
ECDSA key fingerprint is SHA256:/+gaWarfVsA+vda1BRYpVLU8jSaOVLhmSQJLflo/q+U.
ECDSA key fingerprint is MD5:95:f0:0f:f6:76:12:ec:a0:c8:77:dd:63:5b:3e:fa:78.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.31' (ECDSA) to the list of known hosts.
root@10.0.0.31's password: 
Permission denied, please try again.
root@10.0.0.31's password: 
hostname                                                                                            100%    6     5.8KB/s   00:00    

[root@backup /]# cat /mnt/hostname 
nfs01

sftp 上传和下载 类似于 sz rz
xftp windows软件可以上传下载内容

ssh 服务端配置文件

/etc/ssh/sshd_config

 17 #Port 22         #端口号
 19 #ListenAddress 0.0.0.0
 20 #ListenAddress ::      #监听地址
 38 #PermitRootLogin yes   #是否禁止root用户远程登录
 64 #PermitEmptyPasswords no   是否允许空密码登录 一定要关闭
79 GSSAPIAuthentication no   \\解决ssh远程连接慢的问题
  115 UseDNS no  登录速度

重启网卡配置文件

systemctl reload sshd
尽量使用平滑重启 以免配置错误 立即退出

listenaddress 监听地址

限制用户只能通过内网访问

ListenAddress 172.16.1.41:22
[root@backup /]# ss -lntup |grep 22
tcp    LISTEN     0      128    172.16.1.41:22                    *:*                   users:(("sshd",pid=17939,fd=3))

监听地址改为内网ip地址 那么这个时间外网无法登录

[c:\~]$ ssh root@10.0.0.41 22


Connecting to 10.0.0.41:22...
Could not connect to '10.0.0.41' (port 22): Connection failed.

ssh认证方式

密钥认证
1.创建一对钥匙及锁头

ssh-keygen -t dsa
2.查看
[root@m01 ~]# ll .ssh
total 12
-rw------- 1 root root 668 May 28 09:55 id_dsa #私钥
-rw-r--r-- 1 root root 598 May 28 09:55 id_dsa.pub #公钥

3.把公钥发送到要连接的服务器

ssh-copy-id -i ~/.ssh/id_dsa.pub ip地址

4.远程执行命令

ssh ip地址 命令

配置好私钥 无需在输入密码交互 但第一次执行需要确认

pssh 同一条命令可以在多个服务器执行

-h 指定要管理的服务器列表
-p 执行内容显示到屏幕