unit 9

第九单元

1.什么是openssh

它是一个提供远程访问控制的软件

2.如何实现远程访问

ssh 远程主机用户@远程主机ip地址

ssh [email protected]

-X        开启图形连接

如        ssh [email protected] -X

cheese  1的显示屏就开启了

The authenticity of host ‘172.25.254.1 (172.25.254.1)‘ can‘t be established.

ECDSA key fingerprint is 55:dd:43:ce:bf:94:dd:91:49:e7:97:29:63:3d:02:02.

Are you sure you want to continue connecting (yes/no)? yes ##建立安全传输key

[email protected]‘s password: ##密码输入没有回显

Last failed login: Sun Oct 11 16:56:29 CST 2015 from 172.25.254.206 on ssh:notty

There was 1 failed login attempt since the last successful login.

Last login: Sun Oct 11 16:55:46 2015 from 172.25.254.206

[[email protected] ~]# ###登陆成功

ctrl +d |logout ###退出

[[email protected] ~]# logout

Connection to 172.25.254.1 closed.

[[email protected] ~]# vim /etc/motd ###设定登陆显示字符

#######生成key###########

ssh的key认证

[[email protected] ~]$ ssh-keygen 生成公钥和私钥的工具

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):『enter』 指定加密字符保存文件,直接回车

Created directory ‘/root/.ssh‘.

Enter passphrase (empty for no passphrase): ###输入密码,必须大于4位

Enter same passphrase again:                      ###再次输入密码

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is: ###确认密码

a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 [email protected]

The key‘s randomart image is:

+--[ RSA 2048]----+

|      .*+        |

|      +. o .     |

|     .. . E .    |

|       o + + *   |

|        S + * +  |

|       . * . o   |

|        . .      |

|                 |

|                 |

+-----------------+

/root/.ssh          ##生成密钥存放位置

[[email protected] Desktop]$cd /root/.ssh/

[[email protected] .ssh]$ ls

id_rsa        id_rsa.pub       ####id_rsa位私钥,id_rsa.pub位公钥

相当于钥匙        相当于锁

ifconfig eth0 看自己id

#####################使用key加密目标主机的目标用户############

[[email protected] ~]$  ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]

The authenticity of host ‘172.25.254.100 (172.25.254.100)‘ can‘t be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Are you sure you want to continue connecting (yes/no)? yes       ##输入yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

[email protected]‘s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘[email protected]‘"

and check to make sure that only the key(s) you wanted were added.

ssh-copy-id    上传key的工具

-i    指定使用的公钥

/root/.ssh/id_rsa.pub  公钥的名称

root          被管理的目标用户

172.25.254.16          被管理用户所在主机的ip

authorized_keys 此文件在目标用户加目录的.ssh中,这个文件就是目标用户被加密的标识,文件内容位公钥内容。

[[email protected] .ssh]$ssh-copy-id -i id_rsa.pub [email protected]   ###上锁

[[email protected] .ssh]$scp id_rsa [email protected]:/root/.ssh   ###把自己密码给11 11在进1不需要输入密码

服务器   客户端

1             11

1. ssh-keygen

2. cd /root/.ssh/

3. ls

4. ssh-copy-id -i id_rsa.pub [email protected]自己

5. scp id_rsa [email protected](要给的):/root/.ssh/

2.sshd服务的简单配置

vim /etc/ssh/sshd_config sshd服务的配置文件

48 PermitRootLogin yes|no 是否允许root用户通过sshd的认证

78 PasswordAuthentication yes|no 开启或关闭用户密码认证

Allowusers student westos 用户白名单,只允许在名单中出现的用户使用sshd服务

systemctl restart sshd 重新加载配置

重新安装ssh服务   yum reinstall openssh-server -y

若有错误则         yum install openssh-server -y

<<<第九单元练习>>>

1.在desktop主机中建立用户westos,并设定其密码为westoslinux

[[email protected] Desktop]#useradd westos

[[email protected] Desktop]#passwd westos

Changing pasword for user westos

New password:westoslinux      密码

Retype new password:westoslinux       再次输入密码

passwd:all authentication tokens updated successfully       成功

2.配置desktop中的sshd服务要求如下:

*)设定sshd服务只允许westos用户可以被访问使用

*)创建westos用户的key认证方式

*)设定westos用户只允许使用key认证方式,屏蔽其系统密码认证方式

[[email protected] Desktop]#vim /etc/ssh/sshd_config

加一行   Allowusers  westos

wq 退出保存

[[email protected] Desktop]#systemctl restart sshd

[[email protected] Desktop]#ssh-keygen

[[email protected] Desktop]#cd /root/.ssh/

[[email protected] .ssh]#ls

authorized_keys  id_rsa   id_rsa.pub

[[email protected] Desktop]#ssh-copy-id -i id_rsa.pub [email protected]

[[email protected] Desktop]#vim /etc/ssh/sshd_config

78  PasswordAuthentication no

wq 退出保存

[[email protected] Desktop]#systemctl restart sshd

时间: 2024-10-16 13:17:48

unit 9的相关文章

mysqld服务启动失败, Failed to restart mysqld.service: Unit not found.

-bash-4.2# service mysqld restart Redirecting to /bin/systemctl restart mysqld.serviceFailed to restart mysqld.service: Unit not found. 并不存在 mysqld 的服务, -bash-4.2# -bash-4.2# chkconfig -list -list: unknown option -bash-4.2# chkconfig --list Note: Thi

10.23 linux任务计划cron10.24chkconfig工具10.25 systemd管理服务10.26 unit介绍 10.27 target介绍

- 10.23 linux任务计划cron - 10.24 chkconfig工具 - 10.25 systemd管理服务 - 10.26 unit介绍 - 10.27 target介绍 - 扩展 1. anacron http://blog.csdn.net/strikers1982/article/details/4787226  2. xinetd服(默认机器没有安装这个服务,需要yum install xinetd安装) http://blog.sina.com.cn/s/blog_46

CentOS 7 防火墙 出现Failed to start iptables.service: Unit iptables.service failed to load

错误信息如下: [root]# service iptables start Redirecting to /bin/systemctl start iptables.service Failed to start iptables.service: Unit iptables.service failed to load: No such file or directory.解决方法如下: 一直用CentOS 6 习惯了,一下没适应过来.防火墙配置后执行service iptables sav

GRU(Gated Recurrent Unit) 更新过程推导及简单代码实现

GRU(Gated Recurrent Unit) 更新过程推导及简单代码实现 RNN GRU matlab codes RNN网络考虑到了具有时间数列的样本数据,但是RNN仍存在着一些问题,比如随着时间的推移,RNN单元就失去了对很久之前信息的保存和处理的能力,而且存在着gradient vanishing问题. 所以有些特殊类型的RNN网络相继被提出,比如LSTM(long short term memory)和GRU(gated recurrent unit)(Chao,et al. 20

2 unit 4

###unit.4管理系统存储### ###1.分区划分 fdisk /dev/vdb Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Device does not contain a recognized partition table Buil

2 unit 5

###unit.5 LVM### ###1.LVM建立 1.划分物理分区并把分区id修改为8e [[email protected] ~]# fdisk /dev/vdb Welcome to fdisk (util-linux 2.23.2). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Device does not

(4.5.4)Android测试TestCase单元(Unit test)测试和instrumentationCase单元测试

Android单元和instrumentation单元测试 Developing Android unit and instrumentation tests Android的单元测试是基于JUnit的.可分为: 1.本地单元测试 - 可以在JVM上运行测试(速度快,优先考虑). 2.Instrumented单元测试 - 需要Android系统 Android的Gradle插件支持在JVM上执行Andr??oid单元测试.它使用特殊版本的android.jar(也称为 Android mocka

ABP领域层——工作单元(Unit Of work)

ABP领域层——工作单元(Unit Of work) 点这里进入ABP系列文章总目录 基于DDD的现代ASP.NET开发框架--ABP系列之12.ABP领域层——工作单元(Unit Of work) ABP是“ASP.NET Boilerplate Project (ASP.NET样板项目)”的简称. ABP的官方网站:http://www.aspnetboilerplate.com ABP在Github上的开源项目:https://github.com/aspnetboilerplate 通用

Karma install steps for unit test of Angular JS app

npm install -g karma npm install –g karma-cli Install the plugins (optional)           # Install plugins that your project needs:  npm install karma-jasmine karma-chrome-launcher --save-dev Run following command to do unit test:           C:\Users\Br

.NET MVC4 实训记录之四(Unit of work + Repository)

今日后开启进阶模式! 谈到MVC与EntityFramework,则不得不说一说事务与仓储(Unit of work + Repository). 仓储(Repository):领域对象集合.用于操作领域对象与数据库上下文(DbContext)的交互(在此不得不说一声,领域对象和数据库表对象还是有区别的.领域对象实际上是一组有业务关系的数据库对象的抽象.最简单的形式就是主表.关系表在同一个领域对象中进行定义.例如我们前几章看到的UserProfile,它即定义了用户信息,又定义了用户角色关系信息