|
服务器端的设置:
安装ssh:
sudo apt-get install ssh
以普通用户的身份建立公钥和私钥:
ssh-keygen -t rsa
然后要求你确认钥匙的文件名(用默认的就好了);输入口令;再次输入口令。
在~/.ssh/下会生成公钥id_rsa.pub和私钥id_rsa
更改公钥文件名:
cd ~/.ssh/
mv id_rsa.pub authorized_keys
设置文件属性:
chmod 400 authorized_keys
chmod 644 id_rsa
备份SSH服务的配置文件
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIGINAL
编辑配置文件
sudo gedit /etc/ssh/sshd_config
这是我的配置文件,重点部分我会用红色字体,注释用蓝色字体
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024 //将ServerKey强度改为1024比特
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no //禁止以root登录
StrictModes no //关闭严格登录
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /home/yourusername/.ssh/authorized_keys //这里是指定你公匙所在的位置,yourusername用你的用户名代替。
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding no //关闭图形模式(我采用的是字符界面登录,所以就关掉这个了)
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
配置完后重新启动ssh:
sudo /etc/init.d/ssh restart
客户端xp的设置:
首先下载软件putty
把解压到一目录下(如d:\putty)
把在ubuntu底下生成的私钥id_rsa拷贝到此目录,运行puttygen.exe
导入id_rsa,把它转换成putty认识的格式
双击putty.exe,设置putty:
Session-Logging-Hostname:填上你的linux的ip
Windows-Appearance-Front:改成新宋体
Windows -Translation - 在下拉菜单里选上UTF-8
Connection- Data - Auto login username:填上你登录ubuntu时用的用户名。
Connection- SSH-Auth-Private key file for authentication:选上你刚刚用puuttygen.exe转换出来的私钥文件,扩展名为ppk
然后回到Session 保存你的配置
接着就点击open就可以了
稍后系统会要求你填上私钥的密码,那个密码就是你在ubuntu生成钥匙时所设定的密码
文件的传输:
在windows底下运行cmd,进入命令模式,打命令:
set PATH = D:\Putty;%PATH% //这里填上你的putty所在的目录。
把linux上的文件拷贝到本地:
pscp -i ssh1.ppk heyuxiang@192.168.1.1:/data/share/id_rsa D:\id_rsa
把windows上的文件发到linux server:
pscp -i ssh1.ppk D:\try1.deb heyuxiang@192.168.1.1:/data
|
一共有 0 条评论