ssh 常见配置
环境信息
- Centos 7
ssh 免密登陆
在需要免密码登陆的场景下,可以配置 ssh 密钥登陆。配置步骤如下
- 在本地服务器上面执行命令生成密钥对 以上命令生成了公私密钥对,分别存储在了
ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/testuser/.ssh/id_rsa.
Your public key has been saved in /home/testuser/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Lzvl8GbOQETBVcTf8lf0Qk9KUQAESs9h8wARud+iQrk [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| .BBB*=.o+.|
| oo= =. o o|
| o.o .+ *.|
| .. = =|
| .S. . +.|
| o...+ . o|
| . .o*.. .|
| E o== |
| ..=o |
+----[SHA256]-----+/home/testuser/.ssh/id_rsa.pub
和/home/testuser/.ssh/id_rsa
中。 - 在本地服务器上面执行命令将其公钥添加到目标主机的
/home/testuser/.ssh/authorized_keys
。或者手动拷贝公钥追加到目标主机的.ssh/authorized_keys
ssh-copy-id -p 30000 [email protected]
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/testuser/.ssh/id_rsa.pub"
The authenticity of host '[172.31.30.115]:30000 ([172.31.30.115]:30000)' can't be established.
ECDSA key fingerprint is SHA256:vKD5th2QpWYv/hmt+180BsENDHWNcJdKiEBOH06h/K8.
ECDSA key fingerprint is MD5:bf:8c:b9:e6:31:92:1f:a9:b6:7b:8f:50:d7:10:9e:fd.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new [email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '30000' '[email protected]'"
and check to make sure that only the key(s) you wanted were added. - 在本地服务器上面验证可以免密登陆到目标服务器。
如果要配置双向免密,将以上步骤反过来操作一遍即可
常见配置
登录服务器,经常遇见以下提示信息,说明有主机一直在尝试暴力破解用户名密码
There were 696 failed login attempts since the last successful login. |
查看登录失败的用户名和 ip 地址
grep "Failed password for invalid user " /var/log/secure | awk '{print $11,$13}' | sort | uniq -c | sort -k1 -n |