commented(linux服务之OpenSSH服务)
资讯
2023-11-02
486
1. commented,linux服务之OpenSSH服务?
openSSH这一术语指系统中使用的Secure shell软件的软件实施。用于在远程系统上安全运行shell。如果您在可提供ssh服务的远程Linux系统中拥有用户帐户,则ssh是通常用来远程登录到该系统的命令。ssh命令也可用于在远程系统中运行命令。
常见的远程登录工具有:
telnetsshdropbeartelnet //远程登录协议,23/TCP//一般用于测试端口或者接口是否开启
认证明文
数据传输明文
ssh //Secure SHell,应用层协议,22/TCP
通信过程及认证过程是加密的,主机认证
用户认证过程加密
数据传输过程加密
dropbear //嵌入式系统专用的SSH服务器端和客户端工具,一般应用于手机上
1.2 SSH 版本
openssh有两个版本,分别为v1和v2,其特点如下:
v1:基于CRC-32做MAC,无法防范中间人攻击
v2:双方主机协议选择安全的MAC方式。基于DH算法做密钥交换,基于RSA或DSA算法实现身份认证
关于密钥交换
协商生成密码的过程叫做密钥交换(Internet Key Exchange,IKE)使用的是DH协议(Diffie-Hellman):
A(主机) --> B(主机)
p,g(大素数,生成数),在网络中传输的,公开的
A:自己取一个随机数x
B:自己取一个随机数y
A:g^x%p --> B
B:g^y%p --> A
A:(g^y%p)^x=g^yx%p
B:(g^x%p)^y=g^xy%p
这最后得出的g^xy%p就是最终的密钥
1.3 SSH 认证方式
openssh有两种认证方式,分别是:
基于口令认证(即密码认证)基于密钥认证(非对称加密。有一对密钥,公钥(P)和私钥(S))1.4 openSSH 的工作模式
openSSH是基于C/S架构工作的
服务器端 //sshd,配置文件在/etc/ssh/sshd_config
[root@CTL .ssh]# vim /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
.
.
.
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
客户端
//ssh,配置文件在/etc/ssh/ssh_config
ssh-keygen //密钥生成器
ssh-copy-id //将公钥传输至远程服务器
scp //跨主机安全复制工具
$OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
.
.
.
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
SendEnv XMODIFIERS
1.5 Secure Shell 示例
//以当前用户身份创建远程交互式shell,然后在结束时使用exit命令返回到之前的shell
[root@CTL .ssh]# ssh 192.168.112.131
The authenticity of host '192.168.112.131 (192.168.112.131)' can't be established.
//生成了一个算法是SHA256得公钥
ECDSA key fingerprint is SHA256:dyCibeKTgTQDtKrGgYAKVnGsLcR/Necufp4Jvnx0cTc.
ECDSA key fingerprint is MD5:bb:a6:d4:16:be:40:d1:d9:ef:6b:89:c9:22:bb:bd:b0.
//问你是否信任所连接得主机,不信任则不连接
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.112.131' (ECDSA) to the list of known hosts.
root@192.168.112.131's password:
Last login: Mon Apr 1 14:24:13 2019 from 192.168.112.14
//此时从用户名得知已经登陆到另一台主机
[root@GUI ~]#
//以其他用户身份(remoteuser)在选定主机(remotehost)上连接到远程`shell`
[root@CTL .ssh]# ssh root@192.168.112.131
root@192.168.112.131's password:
Last login: Mon Apr 1 14:24:54 2019 from 192.168.112.14
[root@GUI ~]#
//以远程用户身份(remoteuser)在远程主机(remotehost)上通过将输出返回到本地显示器的方式来执行单一命令
//首先登陆一台主机查看自己IP
[root@GUI .ssh]# ip a s ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:8e:77:9b brd ff:ff:ff:ff:ff:ffinet 192.168.112.131/24 brd 192.168.112.255 scope global dynamic ens33valid_lft 1191sec preferred_lft 1191secinet6 fe80::bc68:f1a3:4a1f:87fb/64 scope link
valid_lft forever preferred_lft forever
//在用另一台主机通过ssh来远程执行命令
[root@CTL .ssh]# ssh root@192.168.112.131 '/usr/sbin/ip a s ens33'
root@192.168.112.131's password:
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:8e:77:9b brd ff:ff:ff:ff:ff:ffinet 192.168.112.131/24 brd 192.168.112.255 scope global dynamic ens33valid_lft 1783sec preferred_lft 1783secinet6 fe80::bc68:f1a3:4a1f:87fb/64 scope link
valid_lft forever preferred_lft forever
[root@CTL .ssh]#
//w命令可以显示当前登录到计算机的用户列表。这对于显示哪些用户使用ssh从哪些远程位置进行了登录以及执行了何种操作等内容特别有用
[root@CTL .ssh]# ssh 192.168.112.131
root@192.168.112.131's password:
Last login: Mon Apr 1 14:30:57 2019 from 192.168.112.14
//在切换到GUI主机使用w命令查看 可以看到192.168.112.14用户在登陆中
[root@GUI .ssh]# w14:40:59 up 4:37, 2 users, load average: 0.00, 0.02, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.112.1 10:03 3.00s 0.17s 0.01s w
root pts/1 192.168.112.14 14:40 2.00s 0.03s 0.03s -bash
1.5 SSH 主机密钥
ssh通过公钥加密的方式保持通信安全。当某一ssh客户端连接到ssh服务器时,在该客户端登录之前,服务器会向其发送公钥副本。这可用于为通信渠道设置安全加密,并可验证客户端的服务器。
当用户第一次使用ssh连接到特定服务器时,ssh命令可在用户的/.ssh/known_hosts文件中存储该服务器的公钥。在此之后每当用户进行连接时,客户端都会通过对比/.ssh/known_hosts文件中的服务器条目和服务器发送的公钥,确保从服务器获得相同的公钥。如果公钥不匹配,客户端会假定网络通信已遭劫持或服务器已被入侵,并且中断连接。
这意味着,如果服务器的公钥发生更改(由于硬盘出现故障导致公钥丢失,或者出于某些正当理由替换公钥),用户则需要更新其~/.ssh/known_hosts文件并删除旧的条目才能够进行登录。
//主机ID存储在本地客户端系统上的 ~/.ssh/known_hosts 中(家目录中的隐藏目录.ssh)
[root@CTL ~]# cat /root/.ssh/known_hosts
192.168.112.131 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJvfkdzYN1ayz0bbvSc5be4/rddT4r2q/DfLo6VtruJgNNsexqi5GzSJ7AGB1kECRSw4/eg1Z11x05bGjRJfL+8=
//主机密钥存储在SSH服务器上的 /etc/ssh/ssh_host_key* 中(也就是不手动生成密钥的情况下会自动使用这里的密钥)
[root@CTL ~]# ls /etc/ssh/*key*
/etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
2. 配置基于 SSH 密钥的身份验证用户可通过使用公钥身份验证进行ssh登录身份验证。ssh允许用户使用私钥-公钥方案进行身份验证。这意味着将生成私钥和公钥这两个密钥。私钥文件用作身份验证凭据,像密码一样,必须妥善保管。公钥复制到用户希望登录的系统,用于验证私钥。公钥并不需要保密。拥有公钥的ssh服务器可以发布仅持有您私钥的系统才可解答的问题。因此,可以根据所持有的密钥进行验证。如此一来,就不必在每次访问系统时键入密码,但安全性仍能得到保证。
使用ssh-keygen命令生成密码。将会生成私钥/.ssh/id_rsa和公钥/.ssh/id_rsa.pub。
//使用ssh-keygen生成密钥时首先会询问你密钥文件存放的位置,默认是在/root/.ssh/id_rsa和id_rsa.pub
[root@CTL ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
//接着会询问你是否为你的私钥配置密码
Enter passphrase (empty for no passphrase):
//最后会提示你密钥创建成功,私钥存放在id_rsa,公钥放在id_rsa.pub
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:XFV5J+RPAuuHQZBipB8yUyQ22/QAOWT+z2Tsi+cJcpw root@CTL
The key's randomart image is:
//RSA算法密钥一般为2048位
+---[RSA 2048]----+
| .B=* .o+oo. |
| +oOoo.o +o o|
| Boo.o o ooo|
| B + . o + |
| S + o . .|
| . B . |
| . E + |
| o o.o |
| .o+ |
+----[SHA256]-----+
注意:
生成密钥时,系统将提供指定密码的选项,在访问私钥时必须提供该密码。如果私钥被偷,除颁发者之外的其他任何人很难使用该私钥,因为已使用密码对其进行保护。这样,在攻击者破解并使用私钥前,会有足够的时间生成新的密钥对并删除所有涉及旧密钥的内容。
2. 英语幽默笑话故事?
以下是一些幽默的英文笑话:
When walking in a certain fast fashion clothing store, I felt a certain lack of comfort. As I made my way through the racks, I saw a pair of pants that were made of 100% cashmere. I felt a twinge of envy, but then I remembered that even celebrities who sported these pants always claimed they were either doing so on vacation or saving them for their red carpets appearance, so I chuckled and finished dressing quickly. As I made my way out, I saw the same cashmere pants on a mannequin in the next rack. I felt even luckier and quickly pulled out a credit card to buy both.
One day, a group of us were walking down the street when we saw a sign that read "Free Wi-Fi". We were all excited and quickly got into the nearest building, only to find that the "Wi-Fi" was just an ad for an $80 wifi password. We were all too shy to go back and ask for another password, so we stood there, with our mouths wide open, for what seemed like an eternity.
I once visited Japan and was chatting with a local on the street. We were both walking and he suddenly let out a loud fart. I was so embarrassed that I quickly apologized and offered to buy him a new one. He replied, "No problem, I just took a dump in my pants and my new pants are all full of it."
One evening, while walking down the street with my dog, I saw a group of young girls standing next to a big wall that said "I love China". One of them was even giving the Chinese characters on the wall a kiss! I couldn't help but feel that these girls were being too forward, but then I realized that maybe they were just testing the Chinese wall's temperature.
I once worked in an office where the secretary had a habit of making inappropriate comments during meetings. One day, during a particularly awkward silence, she commented on how awkward it was for everyone to listen to her talk. I knew she was joking, but I also knew that some people might take it seriously, so I stood up and said, "Hey, I think we can all agree that we're here to work together, not to listen to her awkwardl
3. author是什么意思?
对作者发表评论,意见 comment to sb 向…发表意见: 如: She commented to me that she liked it. 她对我表示喜欢它。
4. suse11安装oracle11g卡在60?
Go to /etc/services file.2. Delete all the "Commented" lines.3. Start the Universal Installaer again.
打开/etc/services,用vi把注释行都删掉,然后重新安装就可以了,亲测
5. linux怎么安装dhcp服务器?
以下是在Linux中安装DHCP服务器的步骤:
创建文件夹:首先,在Linux系统中创建一个文件夹,用于存放dhcp服务的配置文件。例如,使用命令mkdir /etc/dhcp创建一个名为dhcp的文件夹。
移动文件:将/etc/yum.repo.d文件夹中的所有文件移动到新创建的dhcp文件夹中。命令为mv /etc/yum.repo.d/*.repo /etc/dhcp。
创建配置文件:创建一个新的配置文件,以安装DHCP软件。例如,使用命令vim /etc/dhcp/dhcpd.conf创建一个名为dhcpd.conf的配置文件。
在配置文件中写入内容:在创建的配置文件中,输入以下内容:
sql
复制代码
# dhcpd.conf - DHCP server configuration file
#
# This is a basicDHCPd configurationfile. It assumes that you have only one
# subnet, and that you want to assign dynamic addresses within that subnet.
#
# For informational purposes, comments are indicated with # marks. Lines beginning
# with # can be ignored when reading this file.
#
# Note: If you would like to use the 'next-server' keyword, please see the dhcpd.conf
# manpage for more information about how to configure that keyword's syntax and
# usage requirements.
# The ddns-update-style ad-hoc parameter tells the DHCP server to update DNS records
# in a 'ddns-update-style ad-hoc' fashion, which is a non-standard mode that is useful
# only when the DHCP server and DNS server are on the same box, and when the DHCP server
# has no other knowledge of the network topology. If you don't understand this, just
# leave this option commented out, and your DNS records will be updated correctly.
ddns-update-style ad-hoc;
# The ddns-updates parameter tells the DHCP server whether or not to update DNS records.
# If you don't want DNS records to be updated, leave this option commented out. Otherwise,
# you can either set this option to "no" if you don't want the DHCP server to update DNS
# records, or you can set this option to "yes" if you do want the DHCP server to update DNS
# records.
ddns-updates;
# The ddns-update-period parameter tells the DHCP server how often to update DNS records, in seconds.
ddns-update-period 7200;
# The ddns-domainname parameter tells the DHCP server which domain name to use when updating DNS records.
ddns-domainname "localdomain";
# The ddns-rev-domainnam
6. 明朝那些事英文介绍?
1344年到1644年这三百年间关于明朝的一些事情,以史料为基础,以年代和具体人物为主线,并加入了小说的笔法,对明朝十七帝和其他王公权贵和小人物的命运进行全景展示,尤其对官场政治、战争、帝王心术着墨最多,并加入对当时政治经济制度、人伦道德的演义.
Based on the history of Ming dynasty from year 1344 to 1644,introduced the novel style with the mainline of age and the specific characters.The novel intensively shows the destiny of 17 emperors ,the nobilities and the key characters,especially on the politics ,the battles and emperors' intentions,commented on the economic systems and the bioethics.
7. student是第三人称单数吗?
是第三人称单数
One student commented that she preferred literature to social science.
一位学生解释说,较之于社会科学她更喜欢文学。
《柯林斯英汉双解大词典》
2.
9kb
One student likes to do puzzles.
一个学生喜欢猜谜语。
3.
9kb
At first, only one student hides.
起初,只有一名学生藏起来了
本站涵盖的内容、图片、视频等数据系网络收集,部分未能与原作者取得联系。若涉及版权问题,请联系我们删除!联系邮箱:ynstorm@foxmail.com 谢谢支持!
1. commented,linux服务之OpenSSH服务?
openSSH这一术语指系统中使用的Secure shell软件的软件实施。用于在远程系统上安全运行shell。如果您在可提供ssh服务的远程Linux系统中拥有用户帐户,则ssh是通常用来远程登录到该系统的命令。ssh命令也可用于在远程系统中运行命令。
常见的远程登录工具有:
telnetsshdropbeartelnet //远程登录协议,23/TCP//一般用于测试端口或者接口是否开启
认证明文
数据传输明文
ssh //Secure SHell,应用层协议,22/TCP
通信过程及认证过程是加密的,主机认证
用户认证过程加密
数据传输过程加密
dropbear //嵌入式系统专用的SSH服务器端和客户端工具,一般应用于手机上
1.2 SSH 版本
openssh有两个版本,分别为v1和v2,其特点如下:
v1:基于CRC-32做MAC,无法防范中间人攻击
v2:双方主机协议选择安全的MAC方式。基于DH算法做密钥交换,基于RSA或DSA算法实现身份认证
关于密钥交换
协商生成密码的过程叫做密钥交换(Internet Key Exchange,IKE)使用的是DH协议(Diffie-Hellman):
A(主机) --> B(主机)
p,g(大素数,生成数),在网络中传输的,公开的
A:自己取一个随机数x
B:自己取一个随机数y
A:g^x%p --> B
B:g^y%p --> A
A:(g^y%p)^x=g^yx%p
B:(g^x%p)^y=g^xy%p
这最后得出的g^xy%p就是最终的密钥
1.3 SSH 认证方式
openssh有两种认证方式,分别是:
基于口令认证(即密码认证)基于密钥认证(非对称加密。有一对密钥,公钥(P)和私钥(S))1.4 openSSH 的工作模式
openSSH是基于C/S架构工作的
服务器端 //sshd,配置文件在/etc/ssh/sshd_config
[root@CTL .ssh]# vim /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
.
.
.
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
客户端
//ssh,配置文件在/etc/ssh/ssh_config
ssh-keygen //密钥生成器
ssh-copy-id //将公钥传输至远程服务器
scp //跨主机安全复制工具
$OpenBSD: ssh_config,v 1.30 2016/02/20 23:06:23 sobrado Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
.
.
.
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
SendEnv XMODIFIERS
1.5 Secure Shell 示例
//以当前用户身份创建远程交互式shell,然后在结束时使用exit命令返回到之前的shell
[root@CTL .ssh]# ssh 192.168.112.131
The authenticity of host '192.168.112.131 (192.168.112.131)' can't be established.
//生成了一个算法是SHA256得公钥
ECDSA key fingerprint is SHA256:dyCibeKTgTQDtKrGgYAKVnGsLcR/Necufp4Jvnx0cTc.
ECDSA key fingerprint is MD5:bb:a6:d4:16:be:40:d1:d9:ef:6b:89:c9:22:bb:bd:b0.
//问你是否信任所连接得主机,不信任则不连接
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.112.131' (ECDSA) to the list of known hosts.
root@192.168.112.131's password:
Last login: Mon Apr 1 14:24:13 2019 from 192.168.112.14
//此时从用户名得知已经登陆到另一台主机
[root@GUI ~]#
//以其他用户身份(remoteuser)在选定主机(remotehost)上连接到远程`shell`
[root@CTL .ssh]# ssh root@192.168.112.131
root@192.168.112.131's password:
Last login: Mon Apr 1 14:24:54 2019 from 192.168.112.14
[root@GUI ~]#
//以远程用户身份(remoteuser)在远程主机(remotehost)上通过将输出返回到本地显示器的方式来执行单一命令
//首先登陆一台主机查看自己IP
[root@GUI .ssh]# ip a s ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:8e:77:9b brd ff:ff:ff:ff:ff:ffinet 192.168.112.131/24 brd 192.168.112.255 scope global dynamic ens33valid_lft 1191sec preferred_lft 1191secinet6 fe80::bc68:f1a3:4a1f:87fb/64 scope link
valid_lft forever preferred_lft forever
//在用另一台主机通过ssh来远程执行命令
[root@CTL .ssh]# ssh root@192.168.112.131 '/usr/sbin/ip a s ens33'
root@192.168.112.131's password:
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 00:0c:29:8e:77:9b brd ff:ff:ff:ff:ff:ffinet 192.168.112.131/24 brd 192.168.112.255 scope global dynamic ens33valid_lft 1783sec preferred_lft 1783secinet6 fe80::bc68:f1a3:4a1f:87fb/64 scope link
valid_lft forever preferred_lft forever
[root@CTL .ssh]#
//w命令可以显示当前登录到计算机的用户列表。这对于显示哪些用户使用ssh从哪些远程位置进行了登录以及执行了何种操作等内容特别有用
[root@CTL .ssh]# ssh 192.168.112.131
root@192.168.112.131's password:
Last login: Mon Apr 1 14:30:57 2019 from 192.168.112.14
//在切换到GUI主机使用w命令查看 可以看到192.168.112.14用户在登陆中
[root@GUI .ssh]# w14:40:59 up 4:37, 2 users, load average: 0.00, 0.02, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.112.1 10:03 3.00s 0.17s 0.01s w
root pts/1 192.168.112.14 14:40 2.00s 0.03s 0.03s -bash
1.5 SSH 主机密钥
ssh通过公钥加密的方式保持通信安全。当某一ssh客户端连接到ssh服务器时,在该客户端登录之前,服务器会向其发送公钥副本。这可用于为通信渠道设置安全加密,并可验证客户端的服务器。
当用户第一次使用ssh连接到特定服务器时,ssh命令可在用户的/.ssh/known_hosts文件中存储该服务器的公钥。在此之后每当用户进行连接时,客户端都会通过对比/.ssh/known_hosts文件中的服务器条目和服务器发送的公钥,确保从服务器获得相同的公钥。如果公钥不匹配,客户端会假定网络通信已遭劫持或服务器已被入侵,并且中断连接。
这意味着,如果服务器的公钥发生更改(由于硬盘出现故障导致公钥丢失,或者出于某些正当理由替换公钥),用户则需要更新其~/.ssh/known_hosts文件并删除旧的条目才能够进行登录。
//主机ID存储在本地客户端系统上的 ~/.ssh/known_hosts 中(家目录中的隐藏目录.ssh)
[root@CTL ~]# cat /root/.ssh/known_hosts
192.168.112.131 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJvfkdzYN1ayz0bbvSc5be4/rddT4r2q/DfLo6VtruJgNNsexqi5GzSJ7AGB1kECRSw4/eg1Z11x05bGjRJfL+8=
//主机密钥存储在SSH服务器上的 /etc/ssh/ssh_host_key* 中(也就是不手动生成密钥的情况下会自动使用这里的密钥)
[root@CTL ~]# ls /etc/ssh/*key*
/etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ecdsa_key.pub /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key.pub /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub
2. 配置基于 SSH 密钥的身份验证用户可通过使用公钥身份验证进行ssh登录身份验证。ssh允许用户使用私钥-公钥方案进行身份验证。这意味着将生成私钥和公钥这两个密钥。私钥文件用作身份验证凭据,像密码一样,必须妥善保管。公钥复制到用户希望登录的系统,用于验证私钥。公钥并不需要保密。拥有公钥的ssh服务器可以发布仅持有您私钥的系统才可解答的问题。因此,可以根据所持有的密钥进行验证。如此一来,就不必在每次访问系统时键入密码,但安全性仍能得到保证。
使用ssh-keygen命令生成密码。将会生成私钥/.ssh/id_rsa和公钥/.ssh/id_rsa.pub。
//使用ssh-keygen生成密钥时首先会询问你密钥文件存放的位置,默认是在/root/.ssh/id_rsa和id_rsa.pub
[root@CTL ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
//接着会询问你是否为你的私钥配置密码
Enter passphrase (empty for no passphrase):
//最后会提示你密钥创建成功,私钥存放在id_rsa,公钥放在id_rsa.pub
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:XFV5J+RPAuuHQZBipB8yUyQ22/QAOWT+z2Tsi+cJcpw root@CTL
The key's randomart image is:
//RSA算法密钥一般为2048位
+---[RSA 2048]----+
| .B=* .o+oo. |
| +oOoo.o +o o|
| Boo.o o ooo|
| B + . o + |
| S + o . .|
| . B . |
| . E + |
| o o.o |
| .o+ |
+----[SHA256]-----+
注意:
生成密钥时,系统将提供指定密码的选项,在访问私钥时必须提供该密码。如果私钥被偷,除颁发者之外的其他任何人很难使用该私钥,因为已使用密码对其进行保护。这样,在攻击者破解并使用私钥前,会有足够的时间生成新的密钥对并删除所有涉及旧密钥的内容。
2. 英语幽默笑话故事?
以下是一些幽默的英文笑话:
When walking in a certain fast fashion clothing store, I felt a certain lack of comfort. As I made my way through the racks, I saw a pair of pants that were made of 100% cashmere. I felt a twinge of envy, but then I remembered that even celebrities who sported these pants always claimed they were either doing so on vacation or saving them for their red carpets appearance, so I chuckled and finished dressing quickly. As I made my way out, I saw the same cashmere pants on a mannequin in the next rack. I felt even luckier and quickly pulled out a credit card to buy both.
One day, a group of us were walking down the street when we saw a sign that read "Free Wi-Fi". We were all excited and quickly got into the nearest building, only to find that the "Wi-Fi" was just an ad for an $80 wifi password. We were all too shy to go back and ask for another password, so we stood there, with our mouths wide open, for what seemed like an eternity.
I once visited Japan and was chatting with a local on the street. We were both walking and he suddenly let out a loud fart. I was so embarrassed that I quickly apologized and offered to buy him a new one. He replied, "No problem, I just took a dump in my pants and my new pants are all full of it."
One evening, while walking down the street with my dog, I saw a group of young girls standing next to a big wall that said "I love China". One of them was even giving the Chinese characters on the wall a kiss! I couldn't help but feel that these girls were being too forward, but then I realized that maybe they were just testing the Chinese wall's temperature.
I once worked in an office where the secretary had a habit of making inappropriate comments during meetings. One day, during a particularly awkward silence, she commented on how awkward it was for everyone to listen to her talk. I knew she was joking, but I also knew that some people might take it seriously, so I stood up and said, "Hey, I think we can all agree that we're here to work together, not to listen to her awkwardl
3. author是什么意思?
对作者发表评论,意见 comment to sb 向…发表意见: 如: She commented to me that she liked it. 她对我表示喜欢它。
4. suse11安装oracle11g卡在60?
Go to /etc/services file.2. Delete all the "Commented" lines.3. Start the Universal Installaer again.
打开/etc/services,用vi把注释行都删掉,然后重新安装就可以了,亲测
5. linux怎么安装dhcp服务器?
以下是在Linux中安装DHCP服务器的步骤:
创建文件夹:首先,在Linux系统中创建一个文件夹,用于存放dhcp服务的配置文件。例如,使用命令mkdir /etc/dhcp创建一个名为dhcp的文件夹。
移动文件:将/etc/yum.repo.d文件夹中的所有文件移动到新创建的dhcp文件夹中。命令为mv /etc/yum.repo.d/*.repo /etc/dhcp。
创建配置文件:创建一个新的配置文件,以安装DHCP软件。例如,使用命令vim /etc/dhcp/dhcpd.conf创建一个名为dhcpd.conf的配置文件。
在配置文件中写入内容:在创建的配置文件中,输入以下内容:
sql
复制代码
# dhcpd.conf - DHCP server configuration file
#
# This is a basicDHCPd configurationfile. It assumes that you have only one
# subnet, and that you want to assign dynamic addresses within that subnet.
#
# For informational purposes, comments are indicated with # marks. Lines beginning
# with # can be ignored when reading this file.
#
# Note: If you would like to use the 'next-server' keyword, please see the dhcpd.conf
# manpage for more information about how to configure that keyword's syntax and
# usage requirements.
# The ddns-update-style ad-hoc parameter tells the DHCP server to update DNS records
# in a 'ddns-update-style ad-hoc' fashion, which is a non-standard mode that is useful
# only when the DHCP server and DNS server are on the same box, and when the DHCP server
# has no other knowledge of the network topology. If you don't understand this, just
# leave this option commented out, and your DNS records will be updated correctly.
ddns-update-style ad-hoc;
# The ddns-updates parameter tells the DHCP server whether or not to update DNS records.
# If you don't want DNS records to be updated, leave this option commented out. Otherwise,
# you can either set this option to "no" if you don't want the DHCP server to update DNS
# records, or you can set this option to "yes" if you do want the DHCP server to update DNS
# records.
ddns-updates;
# The ddns-update-period parameter tells the DHCP server how often to update DNS records, in seconds.
ddns-update-period 7200;
# The ddns-domainname parameter tells the DHCP server which domain name to use when updating DNS records.
ddns-domainname "localdomain";
# The ddns-rev-domainnam
6. 明朝那些事英文介绍?
1344年到1644年这三百年间关于明朝的一些事情,以史料为基础,以年代和具体人物为主线,并加入了小说的笔法,对明朝十七帝和其他王公权贵和小人物的命运进行全景展示,尤其对官场政治、战争、帝王心术着墨最多,并加入对当时政治经济制度、人伦道德的演义.
Based on the history of Ming dynasty from year 1344 to 1644,introduced the novel style with the mainline of age and the specific characters.The novel intensively shows the destiny of 17 emperors ,the nobilities and the key characters,especially on the politics ,the battles and emperors' intentions,commented on the economic systems and the bioethics.
7. student是第三人称单数吗?
是第三人称单数
One student commented that she preferred literature to social science.
一位学生解释说,较之于社会科学她更喜欢文学。
《柯林斯英汉双解大词典》
2.
9kb
One student likes to do puzzles.
一个学生喜欢猜谜语。
3.
9kb
At first, only one student hides.
起初,只有一名学生藏起来了
本站涵盖的内容、图片、视频等数据系网络收集,部分未能与原作者取得联系。若涉及版权问题,请联系我们删除!联系邮箱:ynstorm@foxmail.com 谢谢支持!