CD 改變目錄
LS 列出文件
MKDIR
RMDIR
PWD
CHGRP
CHOWN
CHMOD
LN OLDNAEM NEWNAME
RM PATH
RENAME OLDNAME NEWNAEM
EXIT 推出
LCD PATH 改變當前目錄到本機目錄
LLS
LMKDIR
LPWD L=LOCALHOST
PUT LOCALHOST_PATH HOST_PATH
PUT 本機目錄或者文件
GET 遠程主機目錄文件 本機目錄
GET 遠程主機目錄或者文件
GET *
GET *.RPM
# $OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22 SSH 默認的堅挺端口
#Protocol 2,1 選擇SSH的版本
#ListenAddress 0.0.0.0 監聽的IP地址
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key SSH VERSION 1 使用的密鑰
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key SSH VERSION 2 使用的RSA私鑰
#HostKey /etc/ssh/ssh_host_dsa_key SSH VAESION 2 使用的 DSA私鑰
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600 版本一的密鑰從新生成時間間隔
#ServerKeyBits 768 SERVER_KEY 的長度
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH SSH登陸系統 記錄信息 記錄的位置 默認是/VAR/LOG/SECUER
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#UserLogin no 在SSH 下不接受LOGIN 程序登陸
#LoginGraceTime 120
#PermitRootLogin yes 是否讓ROOT用戶登陸
#StrictModes yes 用戶的HOST_KEY 改面的時候不讓登陸
#RSAAuthentication yes 是否使用純的RAS認證 針對VERSION 1
#PubkeyAuthentication yes 是否使用PUBLIC_KEY 針對VERSION 2
#AuthorizedKeysFile .ssh/authorized_keys 使用不需要密碼登陸的的帳號時帳號的存放文件所在的文件名
# rhosts authentication should not be used
#RhostsAuthentication no 本機系統不使用 RHOSTS 使用RHOSTS 不安全
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes 是否取消上面的認證方式 當然選是
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no 不使用針對 VERSION 1 使用RHOSTS 文件在/ETC/HOSTS.EQUIV 配合RAS進行認證 不建議使用
# similar for protocol version 2
#HostbasedAuthentication no 針對VERSION 2 也是上面的功能
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no 是否忽略主目錄的 ~/.ssh/known_hosts文件記錄
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes 是否需要密碼驗證
#PermitEmptyPasswords no 是否允許空密碼登陸
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes 挑戰任何密碼驗證
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#AFSTokenPassing no
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes 是否顯示上次登陸信息
#PrintLastLog yes 顯示上次登陸信息
#KeepAlive yes 發送連接信息
#UseLogin no
#UsePrivilegeSeparation yes 用戶權限設置
#PermitUserEnvironment no
#Compression yes
#MaxStartups 10 連接的畫面的設置 從連接就是登陸畫面
# no default banner path
#Banner /some/path
#VerifyReverseMapping no
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
DenyUsers * 設置受阻的用戶 代表全部用戶
DenyUsers test
DenyGroups test
SSH 自動登陸設置
1設置CLIENT端建立PUBLIC_KEY 和 PRIVATE_KEY
[TEST@TEST TEST] SSH-KEYGEN –T RSA //-T 說明使用RSA 加密算法
生成密鑰的文件夾 $HOME/.SSH/ID_RSA
上傳PUBLIC_KEY 到SERVER
SFTP TEST@TEST
LCD /HOME/.SSH
PUT ID_RSA.PUB
EXIT
登陸到SERVER
執行命令
[TEST@TEST SSH] CAT ……/ID_RSA.PUB >> AUTHORIZED_KEYS
相關的安全設置
/ETC/SSH/SSHD_CONFIG
/ETC/HOSTS.ALLOW
/ETC/HOSTS.DENY
IPTABLES
編輯/ETC/HOSTS.DENY
SSHD : ALL :SPAWN (/BIN/ECHO SECURITY NOTICE FROM HOST `/BIN/HOSTNAME` ;\
/BIN/ECHO ; /USR/SBIN/SAFE_FINGER @%H )|\
/BIN/MAIL –S “%d -%H SECURITY” ROOT@LOCALHOST &\
:TWIST (/BIN/ECHO –E “\N\nWARNING connection not allowed. You attempt has been logged. \n\n\n 警告信息