上课笔记-0403-7854zx

window 终端工具使用秘钥登录Linux生成密钥对私钥和公钥将公钥复制给Linux服务器测试1.生成密钥对私钥和公钥xshell 为例 工具-用户秘钥管理者-生成打开界面基本上是下一步即可。找到私钥-属性-公钥标签复制公钥。[7854zxc001 ~]$ ssh-keygen-trsa-P-f~/.ssh/id_rsa Generating public/private rsa key pair. Your identification has been savedin/home/7854zx/.ssh/id_rsa. Your public key has been savedin/home/7854zx/.ssh/id_rsa.pub. The key fingerprint is: 6c:af:d7:f0:c9:d5:9e:cf:03:0e:c9:33:6d:1f:08:42 7854zxc001 The keys randomart image is: --[RSA2048]----|||E||.||...||S o ..||...*...||.*oo.o||....||..|----------------- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgqC4mVv4H/NpZz4233TA4puZGUkUiJEnolcd27b9iGjtocd3tAOr9PrCYvqKlcsSKTCJj9R5QBEKWxJD1whQKxYah9z7OQeTmdwWdhP4mppYKJcdycxmc8qXAP//EwdGqiqovGhHioNN3/GGHl4VCnnG2Bb/Kc7CNrYFHkDM38kGg9vs7b5fizQCQS7EmZoxEdswpt5k70cuvWNdq15z2tWZjD36vQ/HzyRkJmEF2JPbbBHVS0RKuiyhUfAIy9KTLZ4r/LnvcaMg1/bFTWva7xCKW8ZiVMbAnwFXRqJ/t36aCXXqiNynVljD24Gxwvrqh2Mse8o4LA/GH 7854zxc0012.写入对方文件~/.ssh/authorized_keys[7854zxc001 ~]$vim.ssh/authorized_keys[7854zxc001 ~]$ ll .ssh/authorized_keys -rw-r--r--.1root root15674月310:23 .ssh/authorized_keys[7854zxc001 ~]$chmod600.ssh/authorized_keys3.登录时候选择验证方式公钥并指定对应公钥。刚刚实现 windows 使用 laoma 用户秘钥登录 centos7思考如何实现 windows 使用 root 用户秘钥登录 centos7[7854zxc001 ~]# cat /home/7854zx/.ssh/authorized_keys /root/.ssh/authorized_keysssh配置ssh 工具配置文件~/.ssh/config用户级别给用户自己定制优先级更高/etc/ssh/ssh_config系统全局级别默认设置针对系统中所有用户生效sshd 服务配置文件/etc/ssh/sshd_config针对sshd服务生效。控制root用户登录因为所有Linux系统管理员都是root防止暴力破解。PermitRootLogin no 禁止登录PermitRootLogin prohibit-password 禁止使用密码登录[rootc001 ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.20260403[rootc001 ~]# vim /etc/ssh/sshd_config1. /Root定位。如果第一个搜索到的内容不是需要的使用nnext查找下一个。2. yy 复制对应行p 粘贴到下一行。保留原有行3. 自行删除第一#4. w 跳转到yes位置cw 替换一个单词输入no按esc5. ZZ 保存退出。6. 重新加载服务[rootcentos7 ~10:34:57]# systemctl reload sshd7. 验证## 禁止密码登录。PasswordAuthentication no# 验证DenyUsers, AllowUsers, DenyGroups,AllowGroups 例如AllowUsers laomaman 帮助man帮助man帮助 命令--help查询命令 如果查询配置文件如何写man配置文件名例如man sshd_config 搜索 Root/Rootman帮助软件包升级软件包升级# 查询软件包版本[rootCentOS ~]# rpm -q openssh-serveropenssh-server-7.4p1-22.el7_9.x86_64# 查询可用版本[rootCentOS ~]# yum list openssh-server --showduplicates已加载插件fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com 已安装的软件包 openssh-server.x86_647.4p1-22.el7_9 anaconda 可安装的软件包 openssh-server.x86 _647.4p1-21.el7 base openssh-server.x86_647.4p1-22.el7_9 updates openssh-server.x86_647.4p1-23.el7_9 updates# 升级到最新版本[rootCentOS ~]# yum update -y openssh-server# 测试 参数 /etc/ssh/sshd_config 中参数 PermitRootLogin prohibit-password软件包升级CentOS 7 初始化配置1 命令提示符2 关闭 selinux3 关闭防火墙4 配置本地仓库5 安装基础软件包6 配置密钥登录自己# 1 配置命令提示符和历史命令格式cat/etc/bashrcEOF PS1[\[\e[91m\]\u\[\e[93m\]\[\e[92;1m\]\h\[\e[0m\] \[\e[94m\]\W\[\e[0m\] \[\e[35m\]\t\[\e[0m\]]\[\e[93m\]\$\[\e[0m\] HISTTIMEFORMAT%F %T EOF# 2 关闭 selinuxsed-i/^SELINUX/cSELINUXdisabled/etc/selinux/config# 3 关闭防火墙systemctl disable firewalld--now# 4 配置仓库curl-s-o/etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repocurl-s-o/etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo# 5 安装基础软件包yuminstall-ybash-completionvimopen-vm-tools lrzszunziprsyncsshpass# 6 配置密钥登录自己echoStrictHostKeyChecking no/etc/ssh/ssh_configechoUseDNS no/etc/ssh/sshd_config[-d.ssh]||mkdir-p700.ssh ssh-keygen-trsa-N-f.ssh/id_rsa sshpass-predhat ssh-copy-id localhost# 7 关机打快照init0日志查看日志1. systemd-journal systemd子系统2. rsyslog 服务对应故障1rsyslog 将日志记录到对应的文件中|/var/log/messages|大多数系统日志排除认证、邮件、定时任务、调试日志||/var/log/secure|安全/认证相关日志如ssh登录、用户验证||/var/log/maillog|邮件服务相关日志如sendmail/postfix||/var/log/cron|定时任务执行日志crontab/anacron||/var/log/boot.log|系统启动过程中的非syslog控制台消息|[rootCentOS ~15:31:38]# tail -f /var/log/secure新增加一个ssh连接日志更新内容如下 Apr315:30:28 CentOS sshd[1513]: Accepted passwordfortz from10.1.8.1 port9724ssh2 Apr315:30:28 CentOS sshd[1513]: pam_unix(sshd:session): session openedforuser tz by(uid0)断开连接日志更新内容如下 Apr315:31:31 CentOS sshd[1513]: pam_unix(sshd:session): session closedforuser tz 模拟sshd故障并排故。 模拟[rootCentOS ~15:32:07]# cp /etc/ssh/sshd_config{,.0403}[rootCentOS ~15:32:26]# echo hello world /etc/ssh/sshd_config[rootCentOS ~15:32:32]# systemctl restart sshdJobforsshd.service failed because the control process exited with error code. Seesystemctl status sshd.serviceandjournalctl -xefordetails.# 根据提示 查看状态[rootCentOS ~15:32:38]# systemctl status sshd.service● sshd.service - OpenSSH server daemon Loaded: loaded(/usr/lib/systemd/system/sshd.service;enabled;vendor preset: enabled)Active: activating(auto-restart)(Result: exit-code)since 五2026-04-0315:32:38 CST;13s ago Docs: man:sshd(8)man:sshd_config(5)Process:5696ExecStart/usr/sbin/sshd-D$OPTIONS(codeexited,status255)Main PID:5696(codeexited,status255)4月 0315:32:38 CentOS.tz.cloud systemd[1]: sshd.service: main process exited...a4月 0315:32:38 CentOS.tz.cloud systemd[1]: Failed to start OpenSSH server da....4月 0315:32:38 CentOS.tz.cloud systemd[1]: Unit sshd.service entered failed....4月 0315:32:38 CentOS.tz.cloud systemd[1]: sshd.service failed. Hint: Some lines were ellipsized, use-lto showinfull.# 状态日志没有对应提示信息# 继续查看message日志[rootCentOS ~15:32:51]# tail /var/log/messagesApr315:32:09 CentOS systemd: Started Session3of user tz. Apr315:32:38 CentOS systemd: Stopping OpenSSH server daemon... Apr315:32:38 CentOS systemd: Stopped OpenSSH server daemon. Apr315:32:38 CentOS systemd: Starting OpenSSH server daemon... Apr315:32:38 CentOS sshd: /etc/ssh/sshd_config: line141: Bad configuration option: hello Apr315:32:38 CentOS sshd: /etc/ssh/sshd_config: terminating,1bad configuration options Apr315:32:38 CentOS systemd: sshd.service: main process exited,codeexited,status255/n/a Apr315:32:38 CentOS systemd: Failed to start OpenSSH server daemon. Apr315:32:38 CentOS systemd: Unit sshd.service entered failed state. Apr315:32:38 CentOS systemd: sshd.service failed.# 发现 141 行有问题。# 根据提示修复。[rootCentOS ~15:33:16]# vim /etc/ssh/sshd_config# 注释最后一行#hello world[rootCentOSssh15:35:43]# systemctl restart sshd[rootCentOSssh15:35:54]# systemctl is-active sshdactive[rootCentOSssh15:37:53]# echo /etc/ssh/sshd_config-{1,2}/etc/ssh/sshd_config-1 /etc/ssh/sshd_config-2[rootCentOSssh15:37:59]# echo /etc/ssh/sshd_config-{,2}/etc/ssh/sshd_config- /etc/ssh/sshd_config-2[rootCentOSssh15:38:31]# echo /etc/ssh/sshd_config{,.0403}/etc/ssh/sshd_config /etc/ssh/sshd_config.0403故障2[rootCentOSssh16:05:19]# systemctl restart sshdJobforsshd.service failed because the control process exited with error code. Seesystemctl status sshd.serviceandjournalctl -xefordetails.[rootCentOSssh16:06:04]# journalctl -e -u sshd......4月 0315:35:27 CentOS.tz.cloud systemd[1]: Failed to start OpenSSH server daemon.4月 0315:35:27 CentOS.tz.cloud systemd[1]: Unit sshd.service entered failed state4月 0315:35:27 CentOS.tz.cloud systemd[1]: sshd.service failed.4月 0315:35:54 CentOS.tz.cloud systemd[1]: Stopped OpenSSH server daemon.4月 0315:35:54 CentOS.tz.cloud systemd[1]: Starting OpenSSH server daemon...4月 0315:35:54 CentOS.tz.cloud sshd[13253]: Server listening on0.0.0.0 port22.4月 0315:35:54 CentOS.tz.cloud sshd[13253]: Server listening on :: port22.4月 0315:35:54 CentOS.tz.cloud systemd[1]: Started OpenSSH server daemon.4月 0316:03:28 CentOS.tz.cloud systemd[1]: Stopping OpenSSH server daemon...4月 0316:03:28 CentOS.tz.cloud systemd[1]: Stopped OpenSSH server daemon.4月 0316:03:28 CentOS.tz.cloud systemd[1]: Starting OpenSSH server daemon...4月 0316:03:28 CentOS.tz.cloud sshd[76623]: Server listening on0.0.0.0 port22.4月 0316:03:28 CentOS.tz.cloud sshd[76623]: Server listening on :: port22.4月 0316:03:28 CentOS.tz.cloud systemd[1]: Started OpenSSH server daemon.4月 0316:06:04 CentOS.tz.cloud systemd[1]: Stopping OpenSSH server daemon...4月 0316:06:04 CentOS.tz.cloud systemd[1]: Stopped OpenSSH server daemon.4月 0316:06:04 CentOS.tz.cloud systemd[1]: Starting OpenSSH server daemon...4月 0316:06:04 CentOS.tz.cloud sshd[82629]: /etc/ssh/sshd_config: No suchfileor4月 0316:06:04 CentOS.tz.cloud systemd[1]: sshd.service: main process exited, cod4月 0316:06:04 CentOS.tz.cloud systemd[1]: Failed to start OpenSSH server daemon.4月 0316:06:04 CentOS.tz.cloud systemd[1]: Unit sshd.service entered failed state4月 0316:06:04 CentOS.tz.cloud systemd[1]: sshd.service failed.# 发现 /etc/ssh/sshd_config: No such file or directory# 查询文件哪个软件包提供[[rootCentOSssh16:19:19]# yum provides /etc/ssh/sshd_config已加载插件fastestmirror Loading mirror speeds from cached hostfile openssh-server-7.4p1-22.el7_9.x86_64:AnopensourceSSH server daemon 源 anaconda 匹配来源 文件名 /etc/ssh/sshd_config# yum-utils提供yumdownloader用于下载软件包[rootCentOS ~16:29:10]# yum install -y yum-utils[rootCentOS ~23:54:13]# yumdownloader openssh-server已加载插件fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com openssh-server-7.4p1-23.el7_9.x86_64.rpm|459kB 00:00:00[rootCentOS ~23:54:22]# ls openssh*openssh-server-7.4p1-23.el7_9.x86_64.rpm# rpm是一个特殊格式的文件里面文件通过 cpio 压缩。# 查看软件包中文件 to[rootCentOS ~23:54:38]# rpm2cpio openssh-server-7.4p1-23.el7_9.x86_64.rpm | cpio -t./etc/pam.d/sshd ./etc/ssh/sshd_config ./etc/sysconfig/sshd ./usr/lib/systemd/system/sshd-keygen.service ./usr/lib/systemd/system/sshd.service ./usr/lib/systemd/system/sshd.socket ./usr/lib/systemd/system/sshd.service ./usr/lib64/fipscheck/sshd.hmac ./usr/libexec/openssh/sftp-server ./usr/sbin/sshd ./usr/sbin/sshd-keygen ./usr/share/man/man5/moduli.5.gz ./usr/share/man/man5/sshd_config.5.gz ./usr/share/man/man8/sftp-server.8.gz ./usr/share/man/man8/sshd.8.gz ./var/empty/sshd1946块# 直接提取对应文件[rootCentOS ~23:55:00]# rpm2cpio openssh-server-7.4p1-23.el7_9.x86_64.rpm | cpio -id ./etc/ssh/sshd_config1946块# 验证[rootCentOS ~23:55:17]# yum install -y tree[rootCentOS ~23:55:36]# tree etcetc └──ssh└── sshd_config1directory,1file[rootCentOS ~23:55:57]# mv /etc/ssh/sshd_config .[rootCentOS ~23:56:10]# systemctl restart sshd# 补充 命令行快捷键 ctrlr 搜索历史命令回车执行。4p1-23.el7_9.x86_64.rpm|cpio-id./etc/ssh/sshd_config1946块# 验证[rootCentOS ~23:55:17]# yum install -y tree[rootCentOS ~23:55:36]# tree etcetc └──ssh└── sshd_config1directory,1file[rootCentOS ~23:55:57]# mv /etc/ssh/sshd_config .[rootCentOS ~23:56:10]# systemctl restart sshd# 补充 命令行快捷键 ctrlr 搜索历史命令回车执行。