å ¶å®ç½ä¸çææ¡£å¾å¤ãåæåç§ã估计æ¯èªå·±æç½äºï¼å«äººçèµ·æ¥æ¯è¾è´¹å²ãè¿éææ´çä¸ä¸ï¼ä»¥å¤èªå·±æ¥é ï¼
é ç½®è¿ç¨å为两大é¨åï¼SecureCRTé¨ååLinuxæå¡å¨é¨åã
SecureCRTé¨åé ç½®
1ãé¦å çæå ¬é¥ã
æå¼SecureCRTï¼æççæ¬ä¸º7.0ï¼ä¼°è®¡å ¶ä»çæ¬åºæ¬ç¸åï¼ç¨åºï¼ç¹å»èåæ çâå·¥å ·â-ãâåå»ºå ¬é¥âãæç §æ¥éª¤æ§è¡ãå ¶ä¸ä¸æ¥æ¯è¾éè¦å°±æ¯éæ©å ¬é¥çæ ¼å¼ã建议éæ©âOpenSSHâ,å¦åå¨æå¡å¨ç«¯ä½¿ç¨æ¶éè¦è½¬æ¢ä¸ºOpenSSHåå¼ãä½å¿ å¤æ¬¡ä¸ä¸¾å¢ãæ以è¿éå¿ é¡»éæ©âOpenSSHâãå¦æééäºãéæ°çæä¸æ¬¡å°±å¯ä»¥äºã
ç¶åéæ©å ¬é¥ç§é¥åæ¾çå°æ¹ãé»è®¤Identityæ¯ç§é¥ï¼Identity.pubæ¯å ¬é¥ã
2ãæIdentity.pubæ件ä¸ä¼ å°ä½ è¦ç»éçLinuxæå¡å¨ä¸ãæ¹æ³æå¾å¤ï¼æ¯å¦sshï¼å ä¸è¦é ç½®ä¸ºå ¬é¥ç»éï¼ï¼ftpçãå ·ä½æä½èªå·±æå®ãä¸ä¼ æ¶éæ©ASCIIæ¹å¼ã
3ãå¨SecureCRTå建æå¡å¨è¿æ¥ãå议使ç¨sshãå¨âé´æâæ¹æ³ä¸ï¼åæ¶å¾éâå¯ç âãéæ©âå ¬é¥âï¼ç¶åç¹å»å³è¾¹çå±æ§æé®ï¼å¨å¯¹è¯æ¡ä¸ã
使ç¨å ¨å±å ¬é¥è®¾ç½®ï¼è¡¨ç¤ºææè¿æ¥é½ä½¿ç¨è¯¥å ¬é¥è¿æ¥æå¡å¨ã
使ç¨ä¼è¯å ¬é¥è®¾ç½®ï¼å¯ä»¥åå«ä¸ºæ¯ä¸ªè¿æ¥æå®ä¸åçå ¬é¥ã
ä¸é¢çè·¯å¾å°±æ¯ææç§é¥çå ·ä½è·¯å¾ã注æäºï¼è¿éè¦ææç§é¥çè·¯å¾ã
ä¿åè¿æ¥å°±å¯ä»¥äºã
Linuxæå¡å¨ç«¯é ç½®
1ãsshd_confé ç½®
主è¦ä¿®æ¹å¦ä¸å 个å 容ï¼
PermitRootLogin no # é»è®¤ä¸ºæ³¨éï¼å é 置为ç¦æ¢rootç¨æ·ç»éï¼å 许rootç»é太å±é©äºã好å 次差ç¹ç¯é误ãåè®°åè®°ï¼
RSAAuthentication yes #é»è®¤ä¸ºæ³¨éï¼ å¯ç¨ RSA 认è¯
AuthorizedKeysFile .ssh/authorized_keys # éªè¯å ¬é¥çåæ¾è·¯å¾
PubkeyAuthentication yes # é»è®¤ä¸ºæ³¨éï¼å¯ç¨å ¬é¥è®¤è¯
PasswordAuthentication no # ç¦æ¢å¯ç 认è¯ï¼é»è®¤æ¯æå¼çã
ä¿æåï¼éæ°å¯å¨sshæå¡ãå¨ä¸åçlinuxæå¡å¨ä¸ï¼éå¯çæ¹æ³ä¸åã
RedHat,CentOS: service sshd restart //redhat 7 çæ¹æ³å·²ç»æ¹äºã
openbsd,freebsd: /etc/rc.d/sshd restart
2ãéç¹é¨åï¼é ç½®å ¬é¥åæ¾åªçé®é¢ã
è¦æ第ä¸é¨åä¸ä¼ ä¸æ¥çå ¬é¥æ¾å°ç¨æ·homeç®å½ç.ssh/ ç®å½ä¸ãè¿é说æä¸ä¸ãå¦æä½ æ³ä½¿ç¨testè´¦å·ç»éï¼å°±è¦æå ¬é¥æ¾å°testè´¦æ·ç.sshç®å½ä¸ãä½ å¯ä»¥ç´æ¥æIdentity.pubæ¹ä¸ºauthorized_keys. å½ç¶ä¹å¯è¿æ¯ç¨å ¶ä»æ¹æ³ã
æ¯å¦ï¼cat Identity.pub >> authorized_keys
å¦å¤è¯´æä¸ä¸ã.sshç®å½æéæ¯700ï¼authorized_keysæ件æé为644.
éç¹è¡¥å ï¼å¦æè¿æå ¶ä»äººä¹æ³ç¨èªå·±çå ¬é¥ç»éæå¡å¨ï¼è¯¥å¦ä½æä½å¢ï¼ æ£å¸¸æä½åºè¯¥ä¸ºè¯¥ç¨æ·å¨æå¡å¨ä¸å建ä¸ä¸ªè´¦å·ï¼éæ°æ§è¡æ¬æ¬¡ï¼Linuxæå¡å¨ç«¯é ç½®ï¼ç¬¬2ç¹ï¼æä½ãå½ç¶ï¼ä½ ä¹å¯ä»¥å·æï¼æä»çå ¬é¥ä¹æ¾å°testè´¦å·çauthorized_keysæ件ä¸ãä½ä¸¤ä¸ªå ¬é¥çå 容ä¹é´ä½¿ç¨æ¢è¡ç¬¦éå¼ãè¿æ ·çæ¹æ³è¿æ¯ä¸å¯åçã
æåï¼ä½¿ç¨SecureCRTç»élinuxæå¡å¨ã
è¿éè¦æ³¨æï¼å³ä½¿ä½ 使ç¨å ¬é¥ç»éæå¡å¨ï¼å½ä½ è¿æ¥çæ¶åï¼è¿æ¯è¦ä½ è¾å ¥ç¨æ·åã为ä½å¢ï¼ä¸æ¯è¯´å ¬é¥éªè¯ä¹ï¼å ¶å®ï¼æå¡å¨è¦ç¥éç¨ä½ çç§é¥ååªä¸ªç¨æ·ç.sshç®å½ä¸çauthorized_keysæ件å 容è¿è¡è§£å¯ãä¸å¯è½ç¨ä½ çç§é¥åææçç¨æ·authorized_keysæ件è¿è¡å¹é æµè¯ã
ä½æ¯ä¹æä¾å¤ï¼å¦æä½ å¨linuxç³»ç»ä¸ä½¿ç¨å ¬é¥ç»éLinuxæå¡å¨ï¼å°±ä¸éè¦ææç¨æ·ãæ¹æ³å¦ä¸ï¼
# ssh 172.16.24.222
为ä½å¢ï¼è¿æ¶ç³»ç»é»è®¤ä»¥ä¸ºä½ ç»éçè¿ç¨è´¦å·å°±æ¯ä½ å½åç»éçè´¦å·ã
å¦æä½ è®¾ç½®äºå ¬é¥å£ä»¤ï¼è¿æ¥æ¶æ¯å¦è¾å ¥ã为äºå®å ¨ï¼è¿ä¸ªå£ä»¤æ¯å¿ é¡»è¦æçãå¨SecureCRTä¸ï¼å£ä»¤è¢«ç¿»è¯ä¸ºï¼éè¡çè¯ãåµåµã
è¡¥å ä¸ä¸ï¼å¨linuxç³»ç»ä¸ï¼å¦ä½åå»ºå ¬é¥åç§é¥å¢ï¼
æ¹æ³å¾ç®åï¼æ§è¡ssh-keygenå½ä»¤ï¼æç §æ示就å¯ä»¥å®æãå®æåï¼èªå¨ä¼å¨å½åç¨æ·çhomeç®å½ï¼å建.sshæ件夹ã
æå¡å¨ç«¯é ç½®åä¸é¢çæ¹æ³ç¸åã