CentOS 5下 构建 SSH服务器

[root@centos5 ~]# vi /etc/ssh/sshd_config (对/etc/ssh/sshd_config文件的相关内容做如下修改)

Protocol 2 (仅SSH2)
PermitRootLogin no (不允许root用户使用SSH登陆)
ServerKeyBits 1024 (将serverkey的强度改为1024)
PasswordAuthentication no (不允许使用密码方式登陆)
PermitEmptyPasswords no   (禁止空密码进行登陆)

[root@centos5 ~]# cat /etc/hosts.deny
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd:   ALL (拒绝所有的sshd请求)

[root@centos5 ~]# cat /etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
sshd:   192.168.0.1 (允许主机192.168.0.1/24的sshd请求)

[root@centos5 ~]# /etc/rc.d/init.d/sshd restart (重启ssh服务)
Stopping sshd:                                             [ OK ]
Starting sshd:                                             [ OK ]

[root@centos5 ~]# su - user1 (切换到普通用户并使用命令生成密钥对)
[user1@centos5 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa): (目录默认为用户的家目录)
Created directory '/home/user1/.ssh'.
Enter passphrase (empty for no passphrase): (用于保护密钥的密码)
Enter same passphrase again: (两次的密码需要一样,且大于4个字符)
Your identification has been saved in /home/user1/.ssh/id_rsa. (私钥的存放位置)
Your public key has been saved in /home/user1/.ssh/id_rsa.pub. (公钥的存放位置)
The key fingerprint is:
9e:47:c2:b3:d5:b9:b0:9a:52:04:5d:81:56:98:b2:98

[user1@centos5 ~]$ cd .ssh/ (将私钥文件导入到~/.ssh/authorized_keys文件中)
[user1@centos5 .ssh]$ ll
total 16
-rw------- 1 user1 user1 1743 Feb 1 00:47 id_rsa
-rw-r--r-- 1 user1 user1 395 Feb 1 00:47 id_rsa.pub
[user1@centos5 .ssh]$ cat ./id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvgRkP+IiIF9Jh0VJh+hiZ/tyG3GNdsxDoLUcHlpnDVmnR5QmC0NMZ1i5XTCwVH3TLQjmTMOWBgBJa+R1/MSiV+xeTICc3jJuDq4mZ1YeDsKp+6gVpjKxxWDVr7Qu3Sy5ZwuukYcPD5D8D55oYVfx9Wq4qyOl564/7/TURwimEK8Djek/LJwRsgcTTBHmLKLZlKBBedjru2nGq8XjIJvuLHPfOt4DdstRnPTzBSpqIPjTa8UJ2eyIqrOYLWTmPosLp107mBNB1KkjqXTg8rfC61E8NOJXuOK+M0UYmtYa1q2r167XYrarAa3TphtqEB0zddjZdMQ8PVTysm+Quu7Ytw==
[user1@centos5 .ssh]$ cat ./id_rsa.pub >> ~/.ssh/authorized_keys

[user1@centos5 .ssh]$chmod 400 authorized_keys(将authorized_keys文件的权限设置为400)

将私钥文件复制到windows系统中,可以使用移动存储设备,也可以使用 winscp软件.使用winscp软件的时候要先允许使用密码方式登陆 (否则将出现下面的错误提示)

[root@centos5 ~]# cat /etc/ssh/sshd_config |grep Password
PasswordAuthentication yes (允许使用密码方式登陆)
PermitEmptyPasswords no
# PasswordAuthentication, PermitEmptyPasswords, and
[root@centos5 ~]# service sshd restart
Stopping sshd:                                             [ OK ]
Starting sshd:                                             [ OK ]

将私钥id_rsa复制到windows系统中

[root@centos5 ~]# su - user1 (为安全起见,删除user1的密钥对)
[user1@centos5 ~]$ ll .ssh
total 24
-r--------- 1 user1 user1 395 Feb 1 00:50 authorized_keys
-rw------- 1 user1 user1 1743 Feb 1 00:47 id_rsa
-rw-r--r-- 1 user1 user1 395 Feb 1 00:47 id_rsa.pub
[user1@centos5 ~]$ rm -f .ssh/id_*

禁止使用密码方式登陆系统并重启SSH服务

[root@centos5 ~]# cat /etc/ssh/sshd_config |grep Password
PasswordAuthentication no
PermitEmptyPasswords no
# PasswordAuthentication, PermitEmptyPasswords, and
[root@centos5 ~]# service sshd restart
Stopping sshd:                                             [ OK ]
Starting sshd:                                             [ OK ]

使用putty密钥生成器将复制下来的私钥生成putty可以使用的密钥

login as: user1

Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key": (输入用于保护私钥的密码)
[user1@centos5 ~]$ (成功登陆)