ssh服务
SSH 为 Secure Shell 的缩写,由 IETF 的网络小组(Network Working Group)所制定;SSH 为建立在应用层基础上的安全协议。SSH 是目前较可靠,专为远程登录会话和其他网络服务提供安全性的协议。利用 SSH 协议可以有效防止远程管理过程中的信息泄露问题。SSH最初是UNIX系统上的一个程序,后来又迅速扩展到其他操作平台。SSH在正确使用时可弥补网络中的漏洞。SSH客户端适用于多种平台。几乎所有UNIX平台—包括HP-UX、Linux、AIX、Solaris、Digital UNIX、Irix,以及其他平台,都可运行SSH。
1.配置文件
vim /etc/ssh/sshd_config
配置文件常用参数解析
ssh服务端配置.png
2.shh软件
ssh软件.png
2.1.命令使用方式
[root@m01 ~]# ssh 172.16.1.41 hostname
backup
telnet 服务(远程连接工具)及抓包 查看
注意事项:
- 只可以普通用户的身份登陆
- 抓包的内容没有加密
1.安装
yum install -y telnet-server
2.启动服务
systemctl restart telnet.socket
3.连接
telnet oldboy@10.0.0.61 23
http 超文本传输协议
shttp 加密
案例:多个网段多端口
- 端口号:
Port 52213
- 模拟外网:
ssh -p 52113 10.0.0.61
scp -P 52113 10.0.0.61
sftp -P 52113 10.0.0.61
- 模拟内网:
ssh -p 22 10.0.0.61
scp -P 22 10.0.0.61
sftp -P 22 10.0.0.61
- 配置文件配置方式 将“ListenAddress”再复制一行
[root@m01 ~]# grep -in ^listenaddress /etc/ssh/sshd_config
20:ListenAddress 10.0.0.61:52113
21:ListenAddress 172.16.1.61:22
[root@m01 ~]# systemctl reload sshd
[root@m01 ~]# ss -lntup |grep sshd
tcp LISTEN 0 128 10.0.0.61:52113 *:* users:(("sshd",pid=7129,fd=4))
tcp LISTEN 0 128 172.16.1.61:22 *:* users:(("sshd",pid=7129,fd=3))
ListenAddress m01@(主机名)10.0.0.61:(IP地址)52113(端口)
- 测试
[root@m01 ~]# ssh -p52113 10.0.0.61 hostname
root@10.0.0.61's password:
m01
[root@m01 ~]# ssh -p22 172.16.1.61 hostname
root@172.16.1.61's password:
m01
配置密匙
1.安装
yum install -y sshpass pssh
此软件来自error源
2.创建秘钥对
[root@m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:VW1UamyTZ0YDIHQxi00U7DrtJAX/BN0k5cbuhNRRA58 root@m01
The key's randomart image is:
+---[DSA 1024]----+
| .ooO**BB=|
| .*+ooO==|
| .=o.oBE+|
| . +.++= |
| S + o. o |
| + o .o |
| = . |
| . |
| |
+----[SHA256]-----+
3.检查秘钥
[root@m01 ~]# ll ~/.ssh/
total 12
-rw------- 1 root root 668 May 27 12:13 id_dsa
-rw-r--r-- 1 root root 598 May 27 12:13 id_dsa.pub
-rw-r--r-- 1 root root 695 May 27 11:22 known_hosts
4.发送公钥
[root@m01 ~]# ssh-copy-id -i ~/.ssh/id_dsa.pub 172.16.1.41
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.41's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '172.16.1.41'"
and check to make sure that only the key(s) you wanted were added.
5.进行测试
[root@m01 ~]# ssh 172.16.1.41 hostname
backup
pssh批量并行执行命令
1.创建一个存放目标信息的文件
[root@m01 ~]# vim hosts.txt
[root@m01 ~]# cat hosts.txt
root@172.16.1.41:22
root@172.16.1.7:22
2.进行测试
[root@m01 ~]# pssh -Ph hosts.txt hostname
172.16.1.41: backup
[1] 12:42:51 [SUCCESS] root@172.16.1.41:22
172.16.1.7: web01
[2] 12:42:51 [SUCCESS] root@172.16.1.7:22
3.传输文件
[root@m01 ~]# prsync -A -azh hosts.txt /etc/hostname /tmp/
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password:
[1] 12:52:11 [SUCCESS] root@172.16.1.41:22
[2] 12:52:11 [SUCCESS] root@172.16.1.7:22
4.同时执行命令
[root@m01 ~]# pssh -A -Ph hosts.txt cat /tmp/hostname
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password:
172.16.1.41: m01
[1] 12:52:32 [SUCCESS] root@172.16.1.41:22
172.16.1.7: m01
[2] 12:52:32 [SUCCESS] root@172.16.1.7:22
