重庆分公司,新征程启航
为企业提供网站建设、域名注册、服务器等服务
这篇文章主要为大家详细介绍了linux的远程访问及控制,文中示例代码介绍的非常详细,零基础也能参考此文章,感兴趣的小伙伴们可以参考一下。
成都创新互联-专业网站定制、快速模板网站建设、高性价比莱西网站开发、企业建站全套包干低至880元,成熟完善的模板库,直接使用。一站式莱西网站制作公司更省心,省钱,快速模板网站建设找我们,业务覆盖莱西地区。费用合理售后完善,十余年实体公司更值得信赖。
linux运维管理的时候,一般都是通过远程方式管理,当需要从一个工作站管理数以百计的服务器主机时,远程维护的方式将更占优势。
OpenSSH
#Port 22 //端口号
#AddressFamily any
#ListenAddress 0.0.0.0 //ipv4监听地址
#ListenAddress :: //ipv6监听地址
#LoginGraceTime 2m //会话时间
#PermitRootLogin yes //是否进制root登录
#StrictModes yes //是否验证访问权限
#MaxAuthTries 6 //验证次数6次
#MaxSessions 10 //访问的最大链接数
#PubkeyAuthentication yes //是否验证公钥
[root@tast01 ~]# vim /etc/ssh/sshd_config //进入编辑服务器配置文件信息
Port 22 //开启端口
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
:wq //保存退出
[root@tast01 ~]# systemctl restart sshd //重启SSH服务
[root@tast02 ~]# ssh root@192.168.144.133 //使用SSH服务登录tast01服务器
The authenticity of host '192.168.144.133 (192.168.144.133)' can't be established.
ECDSA key fingerprint is SHA256:B8IsZOFG7FbtVkIK+dMILmo0iA4OEIeVGY0GnnCbXhk.
ECDSA key fingerprint is MD5:c2:d8:09:17:de:6e:ec:07:06:1b:ac:b6:1e:bd:62:09.
Are you sure you want to continue connecting (yes/no)? yes //询问是否建立会话
Warning: Permanently added '192.168.144.133' (ECDSA) to the list of known hosts.
root@192.168.144.133's password: //输入密码
Last login: Mon Sep 9 13:59:09 2019
[root@tast01 ~]# //成功登录tast01
[root@tast01 ~]# exit //退出
登出
Connection to 192.168.144.133 closed.
[root@tast02 ~]# //回到tast02端口
[root@tast01 ~]# vim /etc/ssh/sshd_config //进入编辑主配置文件
#LoginGraceTime 2m
PermitRootLogin no //开启是否启用禁用root登录,更改yes为no,禁止root用户登录
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
:wq //保存退出
[root@tast01 ~]# systemctl restart sshd //重启服务
[root@tast01 ~]# useradd siti //创建siti普通用户
[root@tast01 ~]# passwd siti //设置用户密码
更改用户 siti 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@tast01 ~]# id siti //查看新建用户siti信息
uid=1001(siti) gid=1001(siti) 组=1001(siti)
[root@tast01 ~]# id sun //查看用户sun信息
uid=1000(sun) gid=1000(sun) 组=1000(sun),10(wheel)
[root@tast02 ~]# ssh root@192.168.144.133 //使用SSH服务登录tast01服务器root用户
root@192.168.144.133's password: //输入密码登录
Permission denied, please try again. //拒绝登录root
root@192.168.144.133's password:
Permission denied, please try again.
root@192.168.144.133's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). //尝试输入密码三次后弹出,拒绝登录
[root@tast02 ~]# ssh siti@192.168.144.133 //使用SSH服务登录siti用户
siti@192.168.144.133's password:
[siti@tast01 ~]$ //成功登录tast01服务器siti用户
[siti@tast01 ~]$ su - root //再siti用户下使用su切换root用户
]密码: //输入密码
上一次登录:一 9月 9 15:16:00 CST 2019从 192.168.144.135pts/1 上
最后一次失败的登录:一 9月 9 15:33:03 CST 2019从 192.168.144.135ssh:notty 上
最有一次成功登录后有 3 次失败的登录尝试。
[root@tast01 ~]# //成功登录root用户。
[root@tast01 ~]# exit //退出
登出
[siti@tast01 ~]$ exit //退出
登出
Connection to 192.168.144.133 closed.
[root@tast02 ~]# //回到tast02用户
[root@tast01 ~]# vim /etc/pam.d/su //进入编辑pam配置文件
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid //开启pam认证
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
~
~
~
:wq //保存退出
[root@tast02 ~]# ssh siti@192.168.144.133 //登录siti用户
siti@192.168.144.133's password: //输入密码
Last failed login: Mon Sep 9 16:09:32 CST 2019 from 192.168.144.135 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Mon Sep 9 15:47:20 2019 from 192.168.144.135
[siti@tast01 ~]$ su - root //登录siti用户,并切换root用户
密码: //输入密码
su: 拒绝权限 //权限拒绝,无法切换
[siti@tast01 ~]$
[siti@tast01 ~]$ su - sun //切换sun用户
密码: //输入密码
su: 拒绝权限 //权限拒绝,无法切换
[siti@tast01 ~]$
[root@tast01 ~]# vim /etc/ssh/sshd_config //进入服务器配置文件
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 6 //开启密码验证次数
#MaxSessions 10
:wq //保存退出
[root@tast02 ~]# ssh sun@192.168.144.133 //登录sun用户
sun@192.168.144.133's password: //输入错误密码
Permission denied, please try again. //1次输错,拒绝登录
sun@192.168.144.133's password: //输入错误密码
Permission denied, please try again. //2次输错,拒绝登录
sun@192.168.144.133's password: //输入错误密码
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). //3次输入错误直接登出
[root@tast02 ~]# ssh -o NumberofPasswordPrompts=8 sun@192.168.144.133 //使用命令提高密码输入次数
sun@192.168.144.133's password:
Permission denied, please try again.
sun@192.168.144.133's password:
Permission denied, please try again.
sun@192.168.144.133's password:
Permission denied, please try again.
sun@192.168.144.133's password:
Permission denied, please try again.
sun@192.168.144.133's password:
Permission denied, please try again.
sun@192.168.144.133's password:
Received disconnect from 192.168.144.133 port 22:2: Too many authentication failures
Authentication failed. //输入密码6次后弹出,设设置生效
[root@tast01 ~]# vim /etc/ssh/sshd_config //进入编辑ssh服务端配置文件
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 6
#MaxSessions 10
AllowUsers sun@192.168.144.135 stii //在此处添加条目,仅允许IP地址为192.168.144.135客户机登录sun用户
仅允许客户端登录stii用户
#PubkeyAuthentication yes
:wq //保存退出
[root@tast01 ~]# useradd stii //添加stii用户
[root@tast01 ~]# passwd stii //设置stii用户密码
更改用户 stii 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@tast01 ~]# systemctl restart sshd //重启ssh服务
[root@tast02 ~]# ssh sun@192.168.144.133 //在tast02客户端中登录服务器sun用户
sun@192.168.144.133's password: //输入密码
Last failed login: Mon Sep 9 17:24:32 CST 2019 from 192.168.144.135 on ssh:notty
There were 6 failed login attempts since the last successful login.
Last login: Mon Sep 9 17:21:47 2019 from 192.168.144.133
[sun@tast01 ~]$ //成功登录
[sun@tast01 ~]$ exit //退出用户
登出
Connection to 192.168.144.133 closed.
[root@tast02 ~]# ssh siti@192.168.144.133 //使用ssh登录服务器siti用户
siti@192.168.144.133's password: //输入密码
Permission denied, please try again. //拒绝登录
[root@tast02 ~]# ssh stii@192.168.144.133 //登录stii用户
stii@192.168.144.133's password: //输入密码
[stii@tast01 ~]$ //成功登录
[root@tast03 ~]# ssh sun@192.168.144.133 //tast03客户机使用ssh服务登录服务器sun用户
The authenticity of host '192.168.144.133 (192.168.144.133)' can't be established.
ECDSA key fingerprint is SHA256:B8IsZOFG7FbtVkIK+dMILmo0iA4OEIeVGY0GnnCbXhk.
ECDSA key fingerprint is MD5:c2:d8:09:17:de:6e:ec:07:06:1b:ac:b6:1e:bd:62:09.
Are you sure you want to continue connecting (yes/no)? yes //询问是否建立会话,输入yes确定建立会话
Warning: Permanently added '192.168.144.133' (ECDSA) to the list of known hosts.
sun@192.168.144.133's password: //输入密码
Permission denied, please try again. //拒绝登录
[root@tast03 ~]# ssh siti@192.168.144.133 //tast03客户机使用ssh服务登录服务器siti用户
siti@192.168.144.133's password: //输入密码
Permission denied, please try again. //拒绝登录
[root@tast03 ~]# ssh stii@192.168.144.133 //tast03客户机使用ssh服务登录服务器stii用户
stii@192.168.144.133's password: //输入密码
Last login: Mon Sep 9 21:55:49 2019 from 192.168.144.135
[stii@tast01 ~]$ //成功登录
[root@tast01 ~]# vim /etc/ssh/sshd_config //编辑ssh服务器配置文件
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 6
#MaxSessions 10
DenyUsers sun@192.168.144.135 stii //删除仅允许条目,添加拒绝条目
#PubkeyAuthentication yes
:wq //保存退出
[root@tast01 ~]# systemctl restart sshd //重启ssh服务
[root@tast02 ~]# ssh sun@192.168.144.133 //在tast02客户端中登录服务器sun用户
sun@192.168.144.133's password: //输入密码
Permission denied, please try again. //拒绝登录
[root@tast02 ~]# ssh stii@192.168.144.133 //在tast02客户端中登录服务器stii用户
stii@192.168.144.133's password: //输入密码
Permission denied, please try again. //拒绝登录
[root@tast02 ~]# ssh siti@192.168.144.133 //在tast02客户端中登录服务器siti用户
siti@192.168.144.133's password: //输入密码
Last failed login: Mon Sep 9 22:02:00 CST 2019 from 192.168.144.132 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Mon Sep 9 21:53:53 2019 from 192.168.144.135
[siti@tast01 ~]$ //成功登录
[root@tast03 ~]# ssh stii@192.168.144.133 //tast03客户机使用ssh服务登录服务器stii用户
stii@192.168.144.133's password: //输入密码
Permission denied, please try again. //拒绝登录
[root@tast03 ~]# ssh sun@192.168.144.133 //tast03客户机使用ssh服务登录服务器sun用户
sun@192.168.144.133's password: //输入密码
Last failed login: Mon Sep 9 22:30:55 CST 2019 from 192.168.144.135 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Mon Sep 9 22:24:51 2019 from 192.168.144.133
[sun@tast01 ~]$ //成功登录
[root@tast03 ~]# ssh siti@192.168.144.133 //tast03客户机使用ssh服务登录服务器siti用户
siti@192.168.144.133's password: //输入密码
Last login: Mon Sep 9 22:32:16 2019 from 192.168.144.135
[siti@tast01 ~]$ //成功登录
[root@tast01 ~]# vim /etc/ssh/sshd_config //编辑ssh配置文件
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 6
#MaxSessions 10
DenyUsers sun@192.168.144.135 stii
PubkeyAuthentication yes //开启密钥对验证功能
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys //密钥存放位置
:wq //保存退出
[root@tast02 ~]# useradd siaa //在tast02客户机中创建用户
[root@tast02 ~]# passwd siaa //设置用户目录
更改用户 siaa 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@tast02 ~]# su - siaa //切换至用户siaa
[siaa@tast02 ~]$ ssh-keygen -t ecdsa //制作ecdsa类型密钥
Generating public/private ecdsa key pair.
Enter file in which to save the key (/home/siaa/.ssh/id_ecdsa): //密钥存放位置,保持不变,直接回车
Created directory '/home/siaa/.ssh'.
Enter passphrase (empty for no passphrase): //输入要设置的密码
Enter same passphrase again: //再次输入密码
Your identification has been saved in /home/siaa/.ssh/id_ecdsa.
Your public key has been saved in /home/siaa/.ssh/id_ecdsa.pub.
The key fingerprint is:
SHA256:5mTvLU19q7uUUXECnEmNldB3S4gUiNZdvm1zupFUf0Y siaa@tast02
The key's randomart image is:
+---[ECDSA 256]---+
| o +=B@+o.|
| o o o*.+o=|
| . ..oE|
| ++.| //生成ecdsa密钥
| S +.+=|
| = . ..=+=|
| . .o o+..|
| ...o + |
| ...+= |
+----[SHA256]-----+
[siaa@tast02 ~]$ ls -a //查看用户家目录隐藏文件
. .. .bash_logout .bash_profile .bashrc .cache .config .mozilla .ssh
[siaa@tast02 ~]$ cd .ssh //进入生成的.ssh目录
[siaa@tast02 .ssh]$ ls //查看目录内容
id_ecdsa id_ecdsa.pub //生成的私钥与公钥文件
[siaa@tast02 .ssh]$ ssh-copy-id -i id_ecdsa.pub siti@192.168.144.133 //指定生成的公钥文件推送到服务器siti用户
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_ecdsa.pub"
The authenticity of host '192.168.144.133 (192.168.144.133)' can't be established.
ECDSA key fingerprint is SHA256:B8IsZOFG7FbtVkIK+dMILmo0iA4OEIeVGY0GnnCbXhk.
ECDSA key fingerprint is MD5:c2:d8:09:17:de:6e:ec:07:06:1b:ac:b6:1e:bd:62:09.
Are you sure you want to continue connecting (yes/no)? yes //询问是推送,输入yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
siti@192.168.144.133's password: //输入服务器siti用户密码
Number of key(s) added: 1 //成功添加文件
Now try logging into the machine, with: "ssh 'siti@192.168.144.133'"
and check to make sure that only the key(s) you wanted were added.
[siaa@tast02 .ssh]$ ls //查看目录信息
id_ecdsa id_ecdsa.pub known_hosts //创建文件Known_hosts
[siaa@tast02 .ssh]$ vim known_hosts //查看文件信息
192.168.144.133 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC6sBj5BEqQkEIXTdcRDCzDlQRfhaoaY7OvyWzxcNxt+n6ZjbA1PSYK2SeTW3MAhUZOry7T6gNDFL7YyfMfXOGo= //成功将ecdsa生成的密钥推送给服务器
[root@tast01 ~]# cd /home/siti //进入siti家目录
[root@tast01 siti]# ls -a //查看隐藏文件
. .bash_history .bash_profile .cache .mozilla
.. .bash_logout .bashrc .config .ssh
[root@tast01 siti]# cd .ssh //进入添加的.ssh目录
[root@tast01 .ssh]# ls //查看信息
authorized_keys
[root@tast01 .ssh]# cat authorized_keys //查看信息内容
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBD6B4elJHibp7lYDfogSfd7krTUPyKzvLHZNk75GTm1oibrA0aMirgtwxxfUEOi+9+ZGU2V0C3+zH6vQpjvvPoo= siaa@tast02 //siaa@tast02的ecdsa加密文件
[siaa@tast02 .ssh]$ whoami //使用命令查看当前登录用户
siaa //确定当前登录用户为siaa
[siaa@tast02 .ssh]$ ssh siti@192.168.144.133 //使用ssh服务登录服务器siti用户
Enter passphrase for key '/home/siaa/.ssh/id_ecdsa': //输入设置的ecdsa密码
Last login: Mon Sep 9 22:37:19 2019 from 192.168.144.132
[siti@tast01 ~]$ //成功登录服务器siti用户
[siti@tast01 ~]$ exit //退出当前用户
登出
Connection to 192.168.144.133 closed.
[siaa@tast02 .ssh]$ ssh-agent bash //回到tast02中siaa用户,使用命令代理bash环境
[siaa@tast02 .ssh]$ ssh-add //使用命令添加验证密码
Enter passphrase for /home/siaa/.ssh/id_ecdsa: //输入验证密码
Identity added: /home/siaa/.ssh/id_ecdsa (/home/siaa/.ssh/id_ecdsa) //成功添加密码
[siaa@tast02 .ssh]$ ssh siti@192.168.144.133 //登录服务器siti用户
Last login: Mon Sep 9 23:31:28 2019 from 192.168.144.135
[siti@tast01 ~]$ //成功登录,免密码验证
[root@tast01 ~]# vim /etc/ssh/sshd_config
...//省略部分内容...
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes //开启登录root用户权限
#StrictModes yes
MaxAuthTries 6
#MaxSessions 10
PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
:wq //保存退出
[root@tast01 ~]# systemctl restart sshd //重启SSH服务
[root@tast02 ~]# ssh root@192.168.144.133 //使用ssh服务登录服务器root用户
root@192.168.144.133's password: //输入用户密码
Last login: Wed Sep 11 22:56:28 2019 from 192.168.144.135
[root@tast01 ~]# //成功登录
[root@tast01 ~]# exit //退出
登出
Connection to 192.168.144.133 closed.
[root@tast02 ~]# cd /opt/ //进入opt目录
[root@tast02 opt]# ls //查看
rh
[root@tast02 opt]# echo "this is ssh-client" > ssh_client.txt //创建.txt文件
[root@tast02 opt]# mkdir -p tast/si11 //递归创建tast目录并在tast目录下创建si11目录
[root@tast02 opt]# ls //查看
rh ssh_client.txt tast //成功创建文件与目录
[root@tast02 opt]# scp ssh_client.txt root@192.168.144.133:/home/ //将创建的.txt文件推送到服务器root用户home目录下
root@192.168.144.133's password: //输入密码
ssh_client.txt 100% 19 6.0KB/s 00:00 //成功推送
[root@tast01 ~]# ls /home/ //查看home目录下文件
ssh_client.txt sun //成功添加文件
[root@tast01 ~]# cat /home/ssh_client.txt //查看文件内容
this is ssh-client //显示文件内容
[root@tast02 opt]# scp -r tast/ root@192.168.144.133:/home/ //推送文件夹
root@192.168.144.133's password: //输入密码
[root@tast02 opt]# //推送成功
[root@tast01 ~]# ls /home/ //查看home目录
ssh_client.txt sun tast //显示推送的文件夹
[root@tast01 ~]# ls /home/tast/ //查看文件夹内容
si11 //显示创建的si11目录
[root@tast02 opt]# ls //查看信息
rh ssh_client.txt tast //显示内容
[root@tast02 opt]# rm -rf ssh_client.txt //删除txt文件
[root@tast02 opt]# rm -rf tast/ //删除文件夹
[root@tast02 opt]# ls //查看
rh //成功删除
[root@tast02 opt]# sftp root@192.168.144.133 //使用sftp命令登录tast01服务器root用户
root@192.168.144.133's password: //输入密码
Connected to 192.168.144.133.
sftp> ls //成功登录并查看目录信息
anaconda-ks.cfg initial-setup-ks.cfg 下载 公共
图片 文档 桌面 模板 //此时在root用户家目录下
视频 音乐
sftp> cd /home/ //进入home目录
sftp> ls //查看
ssh_client.txt sun tast //显示内容
sftp> get ssh_client.txt //使用get命令下载txt文件
Fetching /home/ssh_client.txt to ssh_client.txt
/home/ssh_client.txt 100% 19 19.3KB/s 00:00
sftp> bye //退出
[root@tast02 opt]# ls //查看目录下是否有内容
rh ssh_client.txt //成功下载
[root@tast02 opt]# mv ssh_client.txt ssh_server.txt //更改文件名称
[root@tast02 opt]# ls //查看
rh ssh_server.txt //已更改
[root@tast02 opt]# sftp root@192.168.144.133 //使用sftp命令登录tast01root用户
root@192.168.144.133's password: //输入密码
Connected to 192.168.144.133.
sftp> cd /home/ //进入home目录
sftp> ls //查看内容
ssh_client.txt sun tast
sftp> put ssh_server.txt //将文件上传至tast01服务器home目录中
Uploading ssh_server.txt to /home/ssh_server.txt
ssh_server.txt 100% 19 15.6KB/s 00:00
sftp> bye //退出
[root@tast02 opt]#
[root@tast01 ~]# ls /home/ //查看home目录内容
ssh_client.txt ssh_server.txt sun tast //成功上传文件
关于linux的远程访问及控制就分享到这里了,希望以上内容可以对大家有一定的帮助,可以学到更多知识。如果喜欢这篇文章,不如把它分享出去让更多的人看到。