{"rsdb":{"rid":"352999","subhead":"","postdate":"0","aid":"250459","fid":"103","uid":"1","topic":"1","content":"
\n

1.\u4ec0\u4e48\u662fSSH?<\/h1> \n 
ssh\u662f\u4e00\u4e2a\u5e94\u7528\u5c42\u5b89\u5168\u534f\u8bae<\/code><\/pre> \n 
2.SSH\u4e3b\u8981\u7684\u529f\u80fd\u662f?<\/h1> \n 
\u5b9e\u73b0\u8fdc\u7a0b\u767b\u5f55,  \u6570\u636e\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u8fdb\u884c\u52a0\u5bc6.   \u9489\u9489(\u6fa1\u5802\u6a21\u5f0f)\n\u8fdc\u7a0b\u767b\u5f55:\n    SSH\n    Telnet<\/code><\/pre> \n 
3.SSH\u4e0eTelnet\u4e4b\u95f4\u6709\u4ec0\u4e48\u533a\u522b?<\/h1> \n 
SSH     \u52a0\u5bc6  22      root\u76f4\u63a5\u767b\u5f55\nTelnet  \u660e\u6587  23      \u4e0d\u652f\u6301root\u76f4\u63a5\u767b\u5f55<\/code><\/pre> \n 
4.\u6293\u5305\u5206\u6790SSH\u4e0eTelnet\u7684\u533a\u522b?<\/h1> \n 
Wireshark\n[root@backup ~]# yum install telnet-server -y\n[root@backup ~]# systemctl start telnet.socket\n\n[oldboy@backup ~]$ echo oollddbbooyy  |sed -r 's#(.)(.)#\\1#g'\noldboy\n\nPS:  \n    \u670d\u52a1\u5668\u90fd\u662f\u4f7f\u7528\u7684SSH\u534f\u8bae\u5b9e\u73b0\u7684\u8fdc\u7a0b\u767b\u5f55\n    \u5bf9\u4e8e\u8def\u7531\u5668  \u4ea4\u6362\u673a  \u90fd\u662f\u8d70\u7684telnet\u534f\u8bae  (  WEB\u754c\u9762\u8c03\u8bd5  )<\/code><\/pre> \n 
5.SSH\u76f8\u5173\u5ba2\u6237\u7aef\u6307\u4ee4ssh\u3001scp\u3001sftp?<\/h1> \n 
1.ssh      ( Windows Xshell Crt )   ( Mac   ssh\u547d\u4ee4  Crt )\n[root@web01 ~]# ssh root@172.16.1.41\nroot@172.16.1.41's password: \n\n2.scp:   rsync\u589e\u91cf    scp \u5168\u91cf(\u6bcf\u6b21\u90fd\u662f\u8986\u76d6)  ssh\u534f\u8bae\n\u62f7\u8d1d\u76ee\u5f55 \u9700\u8981  -r\u53c2\u6570\n\u63a8\u9001\n[root@web01 ~]# scp .\/web-file root@172.16.1.41:\/tmp\n\n\u83b7\u53d6\n[root@web01 ~]# scp  root@172.16.1.41:\/tmp\/web-file  .\/test\n\n\u9650\u901f ( kb  1024 * 8 = \u5b9e\u9645\u7684\u4f20\u8f93\u901f\u7387 )\n[root@web01 ~]# scp -l 8192 .\/1.txt 172.16.1.41:\/tmp\nroot@172.16.1.41's password: \n1.txt                           14%   74MB   1.0MB\/s   07:09 \n\n3.sftp \u6587\u4ef6\u4f20\u8f93\u534f\u8bae?\n    \u4e3a\u4ec0\u4e48\u4e0d\u9002\u7528\u547d\u540d\u7684\u65b9\u5f0f?  \u4e3a\u4ec0\u4e48\u4f7f\u7528xftp?\n        1.\u7b80\u5355,\u5e26\u56fe\u5f62,\u652f\u6301\u65ad\u70b9\u7eed\u4f20,\u652f\u6301\u6682\u505c<\/code><\/pre> \n 
6.SSH\u8fdc\u7a0b\u767b\u5f55\u65b9\u5f0f\u3001\u7528\u6237\u5bc6\u7801\u3001\u79d8\u94a5\u65b9\u5f0f?<\/h1> \n 
1.\u57fa\u4e8e\u7528\u6237\u548c\u5bc6\u7801\u7684\u65b9\u5f0f\n    1.\u5bc6\u7801\u592a\u590d\u6742\u5bb9\u6613\u5fd8  lastpass\n    2.\u5bc6\u7801\u592a\u7b80\u5355\u4e0d\u5b89\u5168\n\n2.\u57fa\u4e8e\u5bc6\u94a5\u7684\u65b9\u5f0f\u5b9e\u73b0     (\u6307\u7eb9)\n    1.\u964d\u4f4e\u5bc6\u7801\u6cc4\u9732\u98ce\u9669\n    2.\u63d0\u5347\u7528\u6237\u7684\u4fbf\u6377\u6027\n    \n3.\u5b9e\u73b0\u514d\u5bc6\u7801\u767b\u5f55\u65b9\u5f0f\n    1.\u521b\u5efa\u4e00\u5bf9\u5bc6\u94a5   \u516c\u94a5+\u79c1\u94a5 ==\u914d\u5957\n    [root@manager ~]# ssh-keygen -C manager@qq.com\n    .....\u4e00\u8def\u56de\u8f66.....\n\n    2.\u5c06\u7ba1\u7406\u673a\u7684\u516c\u94a5\u63a8\u9001\u81f3web\u670d\u52a1\u5668\u4e0a   ( \u9700\u8981\u8f93\u5165\u5bf9\u7aef\u670d\u52a1\u5668\u7684\u5bc6\u7801  )\n    [root@manager ~]# ssh-copy-id -i ~\/.ssh\/id_rsa.pub root@172.16.1.7\n    \n    3.\u4f7f\u7528 ssh \u547d\u4ee4 \u8fde\u63a5 \u5bf9\u5e94\u7684\u670d\u52a1\u5668   ( \u68c0\u67e5\u662f\u5426\u514d\u5bc6\u7801  )\n    [root@manager ~]# ssh 'root@172.16.1.7'\n\n        4.\u6709\u95ee\u9898\u67e5\u770b\n    tail -f \/var\/log\/secure\n    https:\/\/www.jianshu.com\/p\/fb0df700305d<\/code><\/pre> \n 
Windows<\/h3> \n 

 
 <\/p> \n 
systemctl restart sshd<\/h4> \n 
<\/p> \n 
\u76f4\u63a5\u70b9\u51fb\u56de\u8f66<\/h4> \n 
7.SSH\u573a\u666f\u5b9e\u8df5\uff0c\u501f\u52a9SSH\u514d\u79d8\u5b9e\u73b0\u8df3\u677f\u673a\u529f\u80fd?<\/h1> \n 
? \u770b\u56fe
 ?
 ?#8.SSH\u8fdc\u7a0b\u8fde\u63a5\u529f\u80fd\u5b89\u5168\u4f18\u5316? fail2ban\u53c8\u662f\u5565?(\u7814\u7a76)
 ?1.\u66f4\u6539\u8fdc\u7a0b\u8fde\u63a5\u767b\u9646\u7684\u7aef\u53e3 port 6666 ? 2.\u7981\u6b62ROOT\u7ba1\u7406\u5458\u76f4\u63a5\u767b\u5f55 PermitRootLogin no ? \u76f4\u63a5 xshell -->root --> server (\u7981\u6b62\u7528\u6237\u540d\u5bc6\u7801 \u7981\u6b62\u5bc6\u94a5) ? \u95f4\u63a5 xshell -->oldxu --> server ---> su - root ? 3.\u5bc6\u7801\u8ba4\u8bc1\u65b9\u5f0f\u6539\u4e3a\u5bc6\u94a5\u8ba4\u8bc1 PasswordAuthentication no ? 4.\u91cd\u8981\u670d\u52a1\u4e0d\u4f7f\u7528\u516c\u7f51IP\u5730\u5740 !!!!!!!!!!!!!!!!! ? 5.\u4f7f\u7528\u9632\u706b\u5899\u9650\u5236\u6765\u6e90IP\u5730\u5740 \u8f6f\u4ef6\u9632\u706b\u5899 | \u786c\u4ef6\u9632\u706b\u5899 10.0.0.1(\u5176\u4ed6\u4eba) ---> 10.0.0.61 \u5f02\u5e38 10.0.0.100(\u516c\u53f8) ---> 10.0.0.61 \u6b63\u5e38<\/code>
 6.\u4fee\u6539\u540e\u7684\u914d\u7f6e [\u6d4b\u8bd5\u5b8c\u540e\u8bb0\u5f97\u8fd8\u539f]<\/p> \n 
    [root@manager ~]# vim \/etc\/ssh\/sshd_config\n    Port 6666                       # \u53d8\u66f4SSH\u670d\u52a1\u8fdc\u7a0b\u8fde\u63a5\u7aef\u53e3\n    PermitRootLogin         no      # \u7981\u6b62root\u7528\u6237\u76f4\u63a5\u8fdc\u7a0b\u767b\u5f55\n    PasswordAuthentication  no      # \u7981\u6b62\u4f7f\u7528\u5bc6\u7801\u76f4\u63a5\u8fdc\u7a0b\u767b\u5f55\n    UseDNS                  no      # \u7981\u6b62ssh\u8fdb\u884cdns\u53cd\u5411\u89e3\u6790\uff0c\u5f71\u54cdssh\u8fde\u63a5\u6548\u7387\u53c2\u6570\n    GSSAPIAuthentication    no      # \u7981\u6b62GSS\u8ba4\u8bc1\uff0c\u51cf\u5c11\u8fde\u63a5\u65f6\u4ea7\u751f\u7684\u5ef6\u8fdf\n\n    \u57df\u540d\u89e3\u6790IP \n    IP\u89e3\u6790\u57df\u540d<\/code><\/pre> \n 
?<\/p> \n 
9.fail2ban\u53c8\u662f\u5565?(\u7814\u7a76)<\/h1> \n 
ail2ban\u53ef\u4ee5\u76d1\u63a7\u7cfb\u7edf\u65e5\u5fd7\uff0c\u5e76\u4e14\u6839\u636e\u4e00\u5b9a\u89c4\u5219\u5339\u914d\u5f02\u5e38IP\u540e\u4f7f\u7528Firewalld\u5c06\u5176\u5c4f\u853d\uff0c\u5c24\u5176\u662f\u9488\u5bf9\u4e00\u4e9b\u7206\u7834\/\u626b\u63cf\u7b49\u975e\u5e38\u6709\u6548\u3002<\/h4> \n 
?<\/p> \n 
1.\u5f00\u542fFirewalld\u9632\u706b\u5899<\/h4> \n 
         [root@bgx ~]# systemctl start firewalld\n         [root@bgx ~]# systemctl enable firewalld\n         [root@bgx ~]# firewall-cmd --state\n         running<\/code><\/pre> \n 
2.\u4fee\u6539firewalld\u89c4\u5219\uff0c\u542f\u7528Firewalld\u540e\u4f1a\u7981\u6b62\u4e00\u4e9b\u670d\u52a1\u7684\u4f20\u8f93\uff0c\u4f46\u9ed8\u8ba4\u4f1a\u653e\u884c\u5e38\u7528\u768422\u7aef\u53e3, \u5982\u679c\u60f3\u6dfb\u52a0\u66f4\u591a\uff0c\u4ee5\u4e0b\u662f\u653e\u884cSSH\u7aef\u53e3\uff0822\uff09\u793a\u4f8b\uff0c\u4f9b\u53c2\u8003\uff1a<\/h4> \n 
\u653e\u884cSSHD\u670d\u52a1\u7aef\u53e3<\/h1> \n 
      [root@bgx ~]# firewall-cmd --permanent --add-service=ssh --add-service=http <\/code><\/pre> \n 
\u91cd\u8f7d\u914d\u7f6e<\/h1> \n 
      [root@bgx ~]# firewall-cmd --reload<\/code><\/pre> \n 
\u67e5\u770b\u5df2\u653e\u884c\u7aef\u53e3<\/h1> \n 
        [root@bgx ~]# firewall-cmd  --list-service<\/code><\/pre> \n 
3.\u5b89\u88c5fail2ban,\u9700\u8981\u6709epel<\/h4> \n 
     [root@bgx ~]# yum install fail2ban fail2ban-firewalld mailx -y<\/code><\/pre> \n 
4.\u914d\u7f6efail2ban\u89c4\u5219.local\u4f1a\u8986\u76d6.conf\u6587\u4ef6<\/h4> \n 
[root@bgx fail2ban]# cat \/etc\/fail2ban\/jail.local\n[DEFAULT]\nignoreip = 127.0.0.1\/8\nbantime  = 86400\nfindtime = 600\nmaxretry = 5\nbanaction = firewallcmd-ipset\naction = %(action_mwl)\n[sshd]\nenabled = true\nfilter  = sshd\nport    = 22\naction = %(action_mwl)s\nlogpath = \/var\/log\/secure<\/code><\/pre> \n 
5.\u542f\u52a8\u670d\u52a1\uff0c\u5e76\u68c0\u67e5\u72b6\u6001<\/h4> \n 
[root@bgx ~]# systemctl start fail2ban.service\n[root@bgx ~]# fail2ban-client status sshd\n<\/code><\/pre> \n 
6.\u6e05\u9664\u88ab\u5c01\u6389\u7684IP\u5730\u5740<\/h4> \n 
[root@bgx ~]# fail2ban-client set sshd unbanip 10.0.0.1<\/code><\/pre> \n 
10.SSH\u5982\u4f55\u7ed3\u5408Google Authenticator \u5b9e\u73b0\u53cc\u5411\u9a8c\u8bc1? (\u9002\u5408\u81ea\u5df1\u7528)<\/h1> \n 
\u57fa\u4e8e\u5bc6\u7801 + \u52a8\u6001\u53e3\u4ee4     \u652f\u6301\n\u57fa\u4e8e\u5bc6\u94a5 + \u52a8\u6001\u53e3\u4ee4     \u4e0d\u652f\u6301\nhttps:\/\/www.xuliangwei.com\/b","orderid":"0","title":"ssh(\u4e00)","smalltitle":"","mid":"0","fname":"Linux","special_id":"0","bak_id":"0","info":"0","hits":"66","pages":"2","comments":"0","posttime":"2019-09-14 00:52:49","list":"1568393569","username":"admin","author":"","copyfrom":"","copyfromurl":"","titlecolor":"","fonttype":"0","titleicon":"0","picurl":"https:\/\/www.cppentry.com\/upload_files\/","ispic":"0","yz":"1","yzer":"","yztime":"0","levels":"0","levelstime":"0","keywords":"ssh<\/A>","jumpurl":"","iframeurl":"","style":"","template":"a:3:{s:4:\"head\";s:0:\"\";s:4:\"foot\";s:0:\"\";s:8:\"bencandy\";s:0:\"\";}","target":"0","ip":"120.229.33.113","lastfid":"0","money":"0","buyuser":"","passwd":"","allowdown":"","allowview":"","editer":"","edittime":"0","begintime":"0","endtime":"0","description":"ssh","lastview":"1714126883","digg_num":"0","digg_time":"0","forbidcomment":"0","ifvote":"0","heart":"","htmlname":"","city_id":"0"},"page":"1"}