第九单元总结

#############第九单元##############

1.ssh的key认证

#######生成key###########

[test@foundation0 ~]$ ssh-keygen ###生成公钥和私钥的工具

Generating public/private rsa key pair.

Enter file in which to save the key (/home/test/.ssh/id_rsa):『enter』 ###指定加密字符保存文件，使用默认

Created directory '/home/test/.ssh'.

Enter passphrase (empty for no passphrase): ###密码，必须大于4位

Enter same passphrase again:

Your identification has been saved in /home/test/.ssh/id_rsa.

Your public key has been saved in /home/test/.ssh/id_rsa.pub.

The key fingerprint is: ###确认密码

a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com

The key's randomart p_w_picpath is:

+--[ RSA 2048]----+

| .*+ |

| +. o . |

| .. . E . |

| o + + * |

| S + * + |

| . * . o |

| . . |

| |

| |

+-----------------+

[test@foundation0 .ssh]$ pwd

/home/test/.ssh ###生成密钥存放位置

[test@foundation0 .ssh]$ ls

id_rsa id_rsa.pub ####id_rsa位私钥，id_rsa.pub位公钥

#####################使用key加密目标主机的目标用户############

[test@foundation0 ~]$ ssh-copy-id -i /home/test/.ssh/id_rsa.pub westos@172.25.254.100

The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Are you sure you want to continue connecting (yes/no)? yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

westos@172.25.254.100's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'westos@172.25.254.100'"

and check to make sure that only the key(s) you wanted were added.

ssh-copy-id ####上传key的工具

-i ####指定使用的公钥

/home/test/.ssh/id_rsa.pub #####使用公钥的名称

westos ####被管理的目标用户

172.25.254.100 ####被管理用户所在主机的ip

authorized_keys###此文件在目标用户加目录的.ssh中，这个文件就是目标用户被加密的标识，文件内容位公钥内容。

2.sshd服务的简单配置

vim /etc/ssh/sshd_config ###sshd服务的配置文件

48 PermitRootLogin yes|no ###是否允许root用户通过sshd的认证

78 PasswordAuthentication yes|no ###开启或关闭用户密码认证

AllowUsers student westos ###用户白名单，只允许在名单中出现的用户使用sshd服务

systemctl restart sshd ###从新加载配置

3.系统服务的控制

1）systemd

系统初始化程序，系统开始的第一个进程，pid为1

2）systemctl 命令

systemctl list-units ##列出当前系统服务的状态

systemctl list-unit-files ##列出服务的开机状态

systemctl status sshd ##查看指定服务的状态

systemctl stop sshd ##关闭指定服务

systemctl start sshd ##开启指定服务

systemctl enable sshd ##设定指定服务开机开启

systemctl disable sshd ##设定指定服务开机关闭

systemctl reload sshd ##是制定服务从新加载配置

systemctl list-dependencies sshd ##查看指定服务的依赖关系

systemctl mask sshd ##冻结指定服务

sustemctl unmask sshd ##启用服务

3）服务状态

systemctl status 服务名称

loaded ##系统服务已经初始化完成，加载过配置

active（running） ##服务正在被系统利用

active（exited） ##服务已经加载配置，等待被系统利用

active（waiting） ##服务等待被系统处理

inactive ##服务关闭

enabled ##服务开机启动

disabled ##服务开机不自启

static ##服务开机启动项不可被管理

failed ##系统配置错误

4.openssh-server