服务器端的设置:
安装ssh:
sudo apt-get install ssh
以普通用户的身份建立公钥和私钥:
ssh-keygen -t rsa
然后要求你确认钥匙的文件名(用默认的就好了);输入口令;再次输入口令。
在~/.ssh/下会生成公钥id_rsa.pub和私钥id_rsa
更改公钥文件名:
cd ~/.ssh/
mv id_rsa.pub authorized_keys
设置文件属性:
chmod 400 authorized_keys
chmod 644 id_rsa
备份SSH服务的配置文件:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIGINAL
编辑配置文件:
sudo gedit /etc/ssh/sshd_config
这是我的配置文件:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024 //将ServerKey强度改为1024比特
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin no //禁止以root登录
StrictModes no //关闭严格登录
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile /home/yourusername/.ssh/authorized_keys //这里是指定你公匙所在的位置,yourusername用你的用户名代替。
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding no //关闭图形模式(我采用的是字符界面登录,所以就关掉这个了)
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
配置完后重新启动ssh:
sudo /etc/init.d/ssh restart
客户端xp的设置:
首先下载软件putty。
把解压到一目录下(如d:/putty)。
把在ubuntu底下生成的私钥id_rsa拷贝到此目录,运行puttygen.exe。
导入id_rsa,把它转换成putty认识的格式。
双击putty.exe,设置putty:。
Session-Logging-Hostname:填上你的linux的ip。
Windows-Appearance-Front:改成新宋体。
Windows -Translation - 在下拉菜单里选上UTF-8。
Connection- Data - Auto login username:填上你登录ubuntu时用的用户名。
Connection- SSH-Auth-Private key file for authentication:选上你刚刚用puuttygen.exe转换出来的私钥文件,扩展名为ppk。
然后回到Session 保存你的配置接着就点击open就可以了。
稍后系统会要求你填上私钥的密码,那个密码就是你在ubuntu生成钥匙时所设定的密码。
文件的传输
在windows底下运行cmd,进入命令模式,打命令:
set PATH = D:/Putty;%PATH% //这里填上你的putty所在的目录。
把linux上的文件拷贝到本地:
pscp -i ssh1.ppk heyuxiang@192.168.1.1:/data/share/id_rsa D:/id_rsa
把windows上的文件发到linux server:
pscp -i ssh1.ppk D:/try1.deb heyuxiang@192.168.1.1:/data
原文链接:https://blog.csdn.net/hongzhao129/article/details/5221600
