一般来说,从阿里云、centos官方下载的centos镜像都会预先打包好很多工具。像ssh登录这种服务已经做好,不需要用户去关注。但是也有一些小公司打包的镜像是相对纯净的发行包。
如果是已经可以用账户和密码登录,则无需查看本文内容亦可。
ssh(安全外壳协议)是一种加密通讯协议,主要用于安全登录服务。运行模式是c/s结构。
sshd是服务器,运行在linux服务器上面(一般安装后都是开机启动)。xshell这种pc客户端是封装了ssh的客户端协议。
在centos安装sshd服务:
0、Ip设置
root@node1:~# cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
enp0s3:
dhcp4: no
dhcp6: no
addresses: [192.168.1.150/24]
gateway4: 192.168.1.1
nameservers:
addresses: [114.114.114.114, 8.8.8.8]
version: 2
root@node1:~#
1、查看SSH是否安装
输入命令:rpm -qa | grep ssh
注:若没安装SSH则可输入:yum install openssh-server安装
[centos@skycloud-1 ~]$ rpm -qa | grep ssh
openssh-server-7.4p1-16.el7.x86_64
libssh2-1.4.3-12.el7_6.3.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
[centos@skycloud-1 ~]$
2、启动SSH服务
输入命令:systemctl restart sshd 重启SSH服务。
命令:systemctl start sshd 启动服务 | 命令:systemctl stop sshd 停止服务
重启后可输入:netstat -antp | grep sshd 查看是否启动22端口(可略)。
[centos@skycloud-1 ~]$ sudo systemctl restart sshd
[centos@skycloud-1 ~]$ sudo netstat -antp | grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 20090/sshd
tcp 0 0 184.105.242.157:22 43.249.31.35:49858 ESTABLISHED 10021/sshd: centos
tcp 0 140 184.105.242.157:22 116.7.11.155:51234 ESTABLISHED 10054/sshd: centos
tcp6 0 0 :::22 :::* LISTEN 20090/sshd
[centos@skycloud-1 ~]$
3、设置sshd开机启动
[centos@skycloud-1 ~]$ sudo systemctl enable sshd
[centos@skycloud-1 ~]$
比较严格的生产环境中,一般都是使用私钥来登录centos节点。
例如在一个centos客户端节点,通过ssh和私钥来登录目标节点:
[root@bogon tmp]# chmod 400 myid.pem
[root@bogon tmp]# ssh -i myid.pem centos@49.10.22.39
The authenticity of host '49.10.22.39(49.10.22.39)' can't be established.
ECDSA key fingerprint is SHA256:bsqhV1RxWy+TPwSqTRdgxeyIorK1qEqazkPH3/V8kTE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '49.10.22.39' (ECDSA) to the list of known hosts.
Last login: Thu Feb 27 05:06:22 2020 from 43.249.31.35
[centos@skycloud-1 ~]$ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 49.10.22.39 netmask 255.255.255.224 broadcast 184.105.242.159
inet6 fe80::f816:3eff:fe9b:4f9f prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:9b:4f:9f txqueuelen 1000 (Ethernet)
RX packets 2029 bytes 200127 (195.4 KiB)
RX errors 0 dropped 6 overruns 0 frame 0
TX packets 431 bytes 54139 (52.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 6 bytes 416 (416.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 416 (416.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[centos@skycloud-1 ~]$
对于一般的企业来说,实用账户密码来登录。
4、设置可以密码登录centos
vim /etc/ssh/sshd_config 保证下面两个配置是如下设置:
#允许使用密码登录
PasswordAuthentication yes
#允许root认证登录
PermitRootLogin yes
2、重启sshd
3、设置免密登录(将客户端节点的公钥,拷贝到目标节点并被目标节点注册)
ssh-kengen
ssh-copy-id -i .ssh/id_rsa.pub root@49.10.22.39
