Linux远程访问及控制方式

vi /etc/ssh/sshd_config

......
Port 22    #监听端口为 22
ListenAddress 0.0.0.0    #监听地址为任意网段，也可以指定OpenSSH服务器的具体IP
LoginGraceTime 2m    #登录验证时间为 2 分钟
PermitRootLogin no    #禁止 root 用户登录
MaxAuthTries 6    #最大重试次数为 6

PermitEmptyPasswords no    #禁止空密码用户登录
UseDNS no    #禁用 DNS 反向解析，以提高服务器的响应速度

AllowUsers zhangsan lisi wangwu@61.23.24.25
#只允许zhangsan、lisi、wangwu用户登录，且其中wangwu用户仅能够从IP地址为61.23.24.25的主机远程登录

DenyUsers zhangsan
#禁止某些用户登录，用法于AllowUsers类似（注意不要同时使用）

ssh "选项" "用户名"@"ip\名称"

例： ssh -p 1022 zhangsan@20.0.0.13

# "-p"指定端口号

scp "用户名"@"ip/名称":"被复制的远程主机文件路径" "复制到的本机文件路径"

例：scp root@20.0.0.13:/etc/passwd /root/passwd10.txt

scp "被复制的本机文件路径" "用户名"@"ip\名称":"复制到的远程主机文件路径"

例：scp /root/passwd root@20.0.0.13:/etc/passwd10.txt

ssh-kegen -t rsa

#"-t"选项：指定加密算法类型

[root@wzx ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):    #指定私钥位置（回车默认）
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):    #设置私钥密码（回车默认）
Enter same passphrase again:    #确认输入（回车默认）
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:GqXMgBqBoMByselDeDiNraMgVv17fJrXb7FQ0NHGl5o root@wzx
The key's randomart image is:
+---[RSA 2048]----+
|B ..          .o+|
|=O.+.        . o=|
|O.O...  .     +..|
| O.  +.o     E . |
|*.o   =.S     .  |
|=. .   oo    . . |
|.     .. o .. . o|
|        . +. . o |
|         o.   o. |
+----[SHA256]-----+

ssh-copy-id root@20.0.0.12

"-i"选项：指定密钥文件

[root@wzx ssh]# ssh-copy-id root@20.0.0.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '20.0.0.12 (20.0.0.12)' can't be established.
ECDSA key fingerprint is SHA256:1R40yTT7DYnXgxAb8W4TabvlPcU9038lLVjDrQqnpnA.
ECDSA key fingerprint is MD5:03:ae:25:33:8f:08:48:80:85:d4:3a:73:f2:49:83:a4.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@20.0.0.12's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@20.0.0.12'"
and check to make sure that only the key(s) you wanted were added.

[root@wzx ssh]# ssh root@20.0.0.12
Last login: Mon Aug 19 23:47:41 2024 from 20.0.0.1

[root@wzx ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xfbf6ZBU+BSvX7kPn4Pyu//Ug5kvOiZI2m6Bndv77Qg root@wzx
The key's randomart image is:
+---[RSA 2048]----+
|               . |
|         .    . o|
|          +  . o.|
|         o .  +..|
|      o S   ...o.|
|     . =    ..=o=|
|      + =E   *++=|
|     . = o.+oo+=+|
|      o. .=+**==*|
+----[SHA256]-----+

[root@wzx ~]# cd .ssh
[root@wzx .ssh]# ls
id_rsa  id_rsa.pub
[root@wzx .ssh]# cat id_rsa.pub >> authorized_keys
[root@wzx .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub
[root@wzx .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6bCV0EHdsXSD83CG4iNl81D1vDLiuywSsbj+3ANQOK4qRWNPOHfOIBXGANZQsT+33CrJY4ZvFnvcIeWpS+/fYyFnTekHPzuOROzcZYfkBxm1SB7YM5pLnHr8YdyUCOaYUhLYBuBixm80l1QvVOPnNRkKgzcOsOQSpOihGXgAa2d7lbOnr8UOO/aJ/6FQ2xxcCEcP9sG3h/uvCi7BP430XQPmfVksRm/tR+8sPNJNzioXgIoh5Sc6Rqp2C1IC3Krx3um4FCyqJJZJ6I7uY74g+L/Nt7IT3qTr13zVVjEAktNV0zMvdxRTNnIzEWTrhwEDASzJs3ewDjv1FESGErHTH root@wzx

ot@wzx .ssh]# vim /etc/ssh/sshd_config 

......
PubkeyAuthentication yes    #启用公钥验证
......

[root@wzx .ssh]# systemctl restart sshd    #重启刷新配置