Linux SSH 安全加固 + 秘钥登录 + 日志排错 + 时间同步 + 文件传输全套实战

张

张建站

2026/5/18 22:13:05

10分钟阅读

Linux SSH 安全加固 + 秘钥登录 + 日志排错 + 时间同步 + 文件传输全套实战

以susan身份秘钥登录server、以root身份秘钥登录server#1、生成密钥[susanclient ~16:42:13]$ ssh-keygen Generating public/private rsa key pair.#2、回车代表密钥为空Enterfileinwhichto save the key(/home/susan/.ssh/id_rsa): Enter passphrase(emptyforno passphrase): Enter same passphrase again: Your identification has been savedin/home/susan/.ssh/id_rsa. Your public key has been savedin/home/susan/.ssh/id_rsa.pub. The key fingerprint is: SHA256:C3GrQWajPR9qH94qjyuV0T9p1IfAiKvg/M3zIfEDA susanclient.susan.cloud The keys randomart image is: ---[RSA 2048]---- | E | | o | | * o | | * .o. | | . S. o | | oBoo . | | .Bo.. o . | | ..o*... o | | o*B..o | ----[SHA256]----- [susanclient ~ 16:47:58]$ ls .ssh/ config id_rsa id_rsa.pub known_hosts [susanclient ~ 16:48:33]$ ssh-copy-id susanserver /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: /home/susan/.ssh/id_rsa.pub /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys susanservers password: Number of key(s)added:1Now try logging into the machine, with:ssh susanserverand check tomakesure that only the key(s)you wanted were added.#3、ssh登录验证[susanclient ~16:49:13]$sshsusanserverhostnameserver.susan.cloud#4、ssh以root用户登录服务端验证[susanclient ~16:49:36]$sshrootserverhostnamerootservers password: server.susan.cloud #5、ssh以root用户登录服务端 [susanclient ~ 16:55:36]$ ssh rootserver rootservers password: Last login: Wed May1316:19:582026from client.laoma.cloud[rootserver ~16:55:53]# exit登出 Connection to server closed.禁止root登录、禁止密码登录、仅允许特定用户例如laowang登录#1、禁止root登录修改sshd配置文件[rootserver ~17:04:27]# vim /etc/ssh/sshd_config#添加一行PermitRootLogin no#用ssh在client上验证[susanclient ~17:00:38]$sshrootserver rootservers password: Permission denied, please try again. rootservers password: Permission denied, please try again. rootservers password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). [susanclient ~ 17:08:13]$ #2限制密码登录 [rootserver ~ 17:07:41]# vim /etc/ssh/sshd_config PasswordAuthentication no #重启服务 [rootserver ~ 17:11:10]# systemctl reload sshd #用ssh在client上登录验证 [susanclient ~ 17:08:13]$ ssh susanserver hostname server.susan.cloud #因为没有限制密钥登录密钥优先所以现在限制密钥登录 [susanclient ~ 17:12:54]$ ssh -o PreferredAuthenticationspassword susanserver Permission denied (publickey,gssapi-keyex,gssapi-with-mic). #3、仅允许特定用户登录 #在client端上把公钥发给server端 [susanclient ~ 17:15:31]$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdGv2vwr/FVPcF2XIVVM3VoEgcNzjqKZxjOhZfK0m7xclUfYpwLLLWlqaF4FrFoINqJ43fR8b1hSuepGbDpdsX6pkN9lg6hg7rOHX6Jz9wb5bvp0X1ZPn8cbBduur/jtGLusJyBLinzjIQyP98ohNVe25DXiRbopm9iq5R24yzj7doJHvILKDmo5nY0fXiM6dEv8mEirH3RR6uBhgnu0d0TPYNiratqWdwFuDtu1wIIe7Vn6TVj1OeWj4Cqr3ah99ZaEQLdg8vWe1gloR3Il4hwqXe3kq1fvm12uRRQeJRWbnSD0c38QEYdEkjlJlFOCtVLsKxE2r8eyhLbH susanclient.susan.cloud [rootserver ~ 17:23:59]# vim .ssh/authorized_keys sh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdGv2vwr/FVPcF2XIVVM3VoEgcNzjqKZxjOhZfK0m7xclUfYpwLLLWlqaF4FrFoINqJ43fR8b1hSuepGbDpdsX6pkN9lg6hg7rOHX6Jz9wb5bvp0X1ZPn8cbBduur/jtGLusJyBLinzjIQyP98ohNVe25DXiRbopm9iq5R24yzj7doJHvILKDmo5nY0fXiM6dEv8mEirH3RR6uBhgnu0d0TPYNiratqWdwFuDtu1wIIe7Vn6TVj1OeWj4Cqr3ah99ZaEQLdg8vWe1gloR3Il4hwqXe3kq1fvm12uRRQeJRWbnSD0c38QEYdEkjlJlFOCtVLsKxE2r8eyhLbH susanclient.susan.cloud [rootserver ~ 17:25:08]# cp .ssh/authorized_keys /home/laowang/.ssh/ [rootserver ~ 17:25:31]# chown -R laowang:laowang /home/laowang/.ssh/ #配置文件 [rootserver ~ 17:27:28]# vim /etc/ssh/sshd_config #在最后写一行 AllowUsers susan #重启服务 [rootserver ~ 17:29:46]# systemctl reload sshd #用ssh在client端分别登录laowang和susan用户 [susanclient ~ 17:24:04]$ ssh laowangserver hostname laowangservers password: Permission denied, please try again. laowangservers password: Permission denied, please try again. laowangservers password: Permission denied(publickey,gssapi-keyex,gssapi-with-mic,password).[susanclient ~17:31:16]$sshsusanserverhostnameserver.susan.cloud完成 rsyslog日志排故最佳实践#故障1、sshd配置文件丢失[rootserver ~17:34:38]# mv /etc/ssh/sshd_config .[rootserver ~17:35:13]# ll总用量8-rw-------.1root root14615月1321:58 anaconda-ks.cfg -rw-------1root root39755月1417:27 sshd_config#重启服务[susanserver ~17:36:20]$ systemctl restart sshdAUTHENTICATING FOR org.freedesktop.systemd1.manage-unitsAuthentication is required to manage system services or units. Authenticating as: susan Password:AUTHENTICATION COMPLETEJobforsshd.service failed because the control process exited with error code. Seesystemctl status sshd.serviceandjournalctl -xefordetails.#初始日志[rootserver ~17:37:05]# tail -f /var/log/messagesMay1417:12:54 server systemd-logind: New session7of user susan. May1417:12:54 server systemd-logind: Removed session7. May1417:23:02 server systemd: Removed slice User Slice of root. May1417:30:42 server systemd: Reloading OpenSSH server daemon. May1417:30:42 server systemd: Reloaded OpenSSH server daemon. May1417:31:43 server systemd: Started Session8of user susan. May1417:31:43 server systemd-logind: New session8of user susan. May1417:31:43 server systemd-logind: Removed session8. May1417:34:13 server systemd: Started Session9of user susan. May1417:34:13 server systemd-logind: New session9of user susan.#重启后日志 No such file or directoryMay1417:37:59 server systemd: Stopping OpenSSH server daemon... May1417:37:59 server systemd: Stopped OpenSSH server daemon. May1417:37:59 server systemd: Starting OpenSSH server daemon... May1417:37:59 server sshd: /etc/ssh/sshd_config: No suchfileor directory May1417:37:59 server systemd: sshd.service: main process exited,codeexited,status1/FAILURE May1417:37:59 server systemd: Failed to start OpenSSH server daemon. May1417:37:59 server systemd: Unit sshd.service entered failed state. May1417:37:59 server systemd: sshd.service failed.#恢复文件[rootserver ~17:41:40]# mv sshd_config /etc/ssh/[rootserver ~17:42:47]# systemctl restart sshd[rootserver ~17:43:04]# tail -f /var/log/messagesMay1417:42:13 server systemd: Unit sshd.service entered failed state. May1417:42:13 server systemd: sshd.service failed. May1417:42:55 server systemd: sshd.service holdofftimeover, scheduling restart. May1417:42:55 server systemd: Stopped OpenSSH server daemon. May1417:42:55 server systemd: Starting OpenSSH server daemon... May1417:42:55 server systemd: Started OpenSSH server daemon. May1417:43:04 server systemd: Stopping OpenSSH server daemon... May1417:43:04 server systemd: Stopped OpenSSH server daemon. May1417:43:04 server systemd: Starting OpenSSH server daemon... May1417:43:04 server systemd: Started OpenSSH server daemon.#故障2、sshd_config[rootserver ~17:45:50]# echo hellow world /etc/ssh/sshd_config[rootserver ~17:46:42]# tail -f /var/log/messagesMay1417:42:13 server systemd: Unit sshd.service entered failed state. May1417:42:13 server systemd: sshd.service failed. May1417:42:55 server systemd: sshd.service holdofftimeover, scheduling restart. May1417:42:55 server systemd: Stopped OpenSSH server daemon. May1417:42:55 server systemd: Starting OpenSSH server daemon... May1417:42:55 server systemd: Started OpenSSH server daemon. May1417:43:04 server systemd: Stopping OpenSSH server daemon... May1417:43:04 server systemd: Stopped OpenSSH server daemon. May1417:43:04 server systemd: Starting OpenSSH server daemon... May1417:43:04 server systemd: Started OpenSSH server daemon. :^H^C[rootserver ~17:53:15]# systemctl reload sshd[rootserver ~17:55:34]# tail -f /var/log/messagesMay1417:43:04 server systemd: Stopped OpenSSH server daemon. May1417:43:04 server systemd: Starting OpenSSH server daemon... May1417:43:04 server systemd: Started OpenSSH server daemon. May1417:55:34 server systemd: Reloading OpenSSH server daemon. May1417:55:34 server systemd: Reloaded OpenSSH server daemon. May1417:55:34 server sshd: /etc/ssh/sshd_config: line146: Bad configuration option: hellow May1417:55:34 server sshd: /etc/ssh/sshd_config: terminating,1bad configuration options May1417:55:34 server systemd: sshd.service: main process exited,codeexited,status255/n/a May1417:55:34 server systemd: Unit sshd.service entered failed state. May1417:55:34 server systemd: sshd.service failed.完成 client 自动与 server 对时#server端[rootserver ~19:12:44]# systemctl restart chronyd[rootserver ~19:12:57]# vim /etc/chrony.conf[rootserver ~19:14:09]# systemctl restart chronyd[rootserver ~19:14:16]# systemctl stop firewalldbindaddress10.1.8.10 allow10.8.1.0/24[rootserver ~18:13:59]# systemctl restart chronyd[rootserver ~18:14:12]# systemctl stop firewalld.service#client端[rootclient ~19:14:47]# vim /etc/chrony.conf[rootclient ~19:15:19]# systemctl restart chronyd[rootclient ~19:15:31]# chronyc sources -v210Number of sources1.-- Source mode^server,peer,#localclock. / .- Source state*current synced,combined ,-not combined,|/?unreachable,xtimemay beinerror,~timetoo variable.||.- xxxx[yyyy]/- zzzz||Reachability register(octal)-.|xxxxadjusted offset,||Log2(Polling interval)--.||yyyymeasured offset,||\||zzzzestimated error.||||\MS Name/IP address Stratum Poll Reach LastRx Last sample^* server.susan.cloud46174-3092ns[-210us]/- 122ms实现Windows和Linux之间的传输1、xftp工具直接拖拽或者双击即可2、lrzsz软件包[rootclient ~17:13:13]# yum install -y lrzsz上传直接拖拽到命令窗口即可SZ工具输入命令并保存位置[rootclient ~17:16:37]# sz /etc/savepalceLinux之间传输1、scp命令即secure copy安全复制scp基于ssh协议Linux必须开启ssh服务缺点不管目的位置是否有文件全量备份不会比对原系统上是否有相同文件#scp复制单个文件#date %Y%m%d获取当天日期即20260515[rootclient ~17:29:08]# scp rootserver:/root/etc-$(date %Y%m%d).tar .rootservers password: etc-20260515.tar 100% 29MB 110.2MB/s 00:00 [rootclient ~ 17:30:33]# ls etc-* etc-20260515.tar #scp复制多个文件 [rootclient ~ 17:34:45]# scp rootserver:/root/{etc-$(date %Y%m%d).tar,etc.tar} . rootservers password: etc-20260515.tar100% 29MB91.4MB/s 00:00 rootservers password: etc.tar 100% 29MB 117.6MB/s 00:00 #scp复制目录要递归-r [rootclient ~ 17:35:14]# scp rootserver:/etc/selinux/ . rootservers password: scp: /etc/selinux: not a regularfile[rootclient ~17:37:28]# scp -r rootserver:/etc/selinux/ .rootservers password: semanage.conf 100% 2321 1.8MB/s 00:00 config 100% 542 1.1MB/s 00:00 cil 100% 7792 17.1MB/s 00:00 hll 100% 17KB 21.3MB/s 00:00 lang_ext 100% 2 5.4KB/s 00:00 ...... #如若不写路径则默认在相对路径家目录下 [rootclient ~ 17:37:41]# scp etc.tar rootserver: rootservers password: etc.tar100% 29MB70.6MB/s 00:00[rootclient ~17:39:40]# ll总用量59084-rw-------.1root root14615月1321:58 anaconda-ks.cfg -rw-r--r--1root root302489605月1517:35 etc-20260515.tar -rw-r--r--1root root302489605月1517:35 etc.tar drwxr-xr-x2root root915月1517:04 Pictures drwxr-xr-x5root root815月1517:37 selinux

DLSS Swapper终极指南：一键管理游戏图形增强文件，释放显卡全部性能

DLSS Swapper终极指南：一键管理游戏图形增强文件，释放显卡全部性能【免费下载链接】dlss-swapper 项目地址: https://gitcode.com/GitHub_Trending/dl/dlss-swapper DLSS Swapper是一款专为游戏玩家设计的智能图形增强文件管理工具，…...

2026/5/18 22:08:21 阅读更多 →

容器安全最佳实践：保护容器化应用的安全

容器安全最佳实践：保护容器化应用的安全一、容器安全概述 1.1 容器安全的定义容器安全是指保护容器化应用和容器运行环境的安全措施和实践。它包括镜像安全、运行时安全、网络安全和数据安全等方面，确保容器化环境的完整性和安全性。 1.2 容器安全的价…...

2026/5/18 22:08:16 阅读更多 →

图像压缩、人脸识别、金融风控：PCA在三个真实场景里的‘降维打击’实战（附完整代码）

图像压缩、人脸识别、金融风控：PCA在三个真实场景里的‘降维打击’实战（附完整代码） 当面对高维数据时，我们常常陷入两难：既要保留足够的信息，又要避免维度灾难带来的计算负担。主成分分析（PCA&…...

2026/5/18 22:07:26 阅读更多 →

app扫描wifi的时候需要打开GPS定位----否则扫不到

这是很奇怪的一个事情，wifi和定位有什么关系？但是就是要打开。...

2026/5/18 6:22:28 阅读更多 →

AMD Ryzen调试神器SMUDebugTool：免费开源工具让你的处理器性能飞起来！

AMD Ryzen调试神器SMUDebugTool：免费开源工具让你的处理器性能飞起来！ 【免费下载链接】SMUDebugTool A dedicated tool to help write/read various parameters of Ryzen-based systems, such as manual overclock, SMU, PCI, CPUID, MSR and Power Tab…...

2026/5/17 0:07:16 阅读更多 →

Midjourney抽象表现主义风格迁移全链路（从梵高笔触到AI熵增美学的底层逻辑解密）

更多请点击： https://intelliparadigm.com 第一章：Midjourney抽象表现主义风格迁移全链路（从梵高笔触到AI熵增美学的底层逻辑解密） 抽象表现主义并非仅关乎色彩与笔触的失控，而是神经感知系统在高维特征空间中对抗坍缩…...

2026/5/17 0:11:51 阅读更多 →

2026届毕业生推荐的AI科研方案实际效果

Ai论文网站排名（开题报告、文献综述、降aigc率、降重综合对比） TOP1. 千笔AI TOP2. aipasspaper TOP3. 清北论文 TOP4. 豆包 TOP5. kimi TOP6. deepseek 处在学术研究的起始阶段，开题报告的撰写常常令好多研究生以及青年学者觉得麻烦&…...

2026/5/18 10:49:06 阅读更多 →