歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

服務管理——ssh

服務管理——ssh   一 ssh相關知識 什麼是SSH? SSH 為 Secure Shell 的縮寫,由 IETF 的網絡工作小組(NetworkWorking Group)所制定;SSH 為建立在應用層和傳輸層基礎上的安全協議。SSH 是目前較可靠,專為遠程登錄會話和其他網絡服務提供安全性的協議。利用 SSH協議可以有效防止遠程管理過程中的信息洩露問題。SSH最初是Unix系統上的一個程序,後來又迅速擴展到其他操作平台。SSH在正確使用時可彌補網絡中的漏洞。SSH客戶端適用於多種平台。幾乎所有Unix平台—包括HP-UX、Linux、AIX、Solaris、Digital UNIX、Irix,以及其他平台—都可運行SSH。   [plain]  #帶有d:守護   #查詢安裝包   [root@client01 opt]# rpm -qa|grep openssh   openssh-clients-5.3p1-52.el6.x86_64   openssh-5.3p1-52.el6.x86_64   openssh-server-5.3p1-52.el6.x86_64          [root@client01opt]# rpm -ql openssh-server   /etc/pam.d/ssh-keycat   /etc/pam.d/sshd   /etc/rc.d/init.d/sshd   /etc/ssh/sshd_config   /etc/sysconfig/sshd   /usr/libexec/openssh/sftp-server   /usr/libexec/openssh/ssh-keycat   /usr/sbin/.sshd.hmac   /usr/sbin/sshd   /usr/share/doc/openssh-server-5.3p1   /usr/share/doc/openssh-server-5.3p1/HOWTO.ssh-keycat   /usr/share/man/man5/moduli.5.gz   /usr/share/man/man5/sshd_config.5.gz   /usr/share/man/man8/sftp-server.8.gz   /usr/share/man/man8/sshd.8.gz   /var/empty/sshd            #telnet:明文傳輸,不安全。不建議使用   [root@client01 opt]# cd /etc/ssh/   [root@client01 ssh]# ll   total 156   -rw-------. 1 root root 125811 Apr  5  2011moduli   -rw-r--r--. 1 root root   2047 Apr 5  2011 ssh_config   -rw-------. 1 root root   3872 Apr 5  2011 sshd_config   -rw-------. 1 root root    668 Jul 23 00:58 ssh_host_dsa_key   -rw-r--r--. 1 root root    590 Jul 23 00:58 ssh_host_dsa_key.pub   -rw-------. 1 root root    963 Jul 23 00:58 ssh_host_key   -rw-r--r--. 1 root root    627 Jul 23 00:58 ssh_host_key.pub   -rw-------. 1 root root   1675 Jul 23 00:58 ssh_host_rsa_key   -rw-r--r--. 1 root root    382 Jul 23 00:58 ssh_host_rsa_key.pub   #ssh_config:ssh命令的配置文件   #sshd_config:重點學習       [root@client01 ssh]# rm -rf~/.ssh/known_hosts       [root@larrywen /]# ssh 192.168.1.12   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @   WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   IT IS POSSIBLE THAT SOMEONE IS DOINGSOMETHING NASTY!   Someone could be eavesdropping on you rightnow (man-in-the-middle attack)!   It is also possible that the RSA host keyhas just been changed.   The fingerprint for the RSA key sent by theremote host is   3e:bd:1e:76:c4:c7:b4:98:dc:95:fc:61:d7:a8:45:71.   Please contact your system administrator.   Add correct host key in/root/.ssh/known_hosts to get rid of this message.   Offending key in /root/.ssh/known_hosts:7   RSA host key for 192.168.1.12 has changedand you have requested strict checking.   Host key verification failed.       #出現上述問題,刪除該文件   [root@client01 ssh]# rm -rf~/.ssh/known_hosts   #如果還是不行,本機也刪除   [root@larrywen .ssh]# rm -rf known_hosts   [root@client01 ssh]# ll   total 156   -rw-------. 1 root root 125811 Apr  5  2011moduli   -rw-r--r--. 1 root root   2047 Apr 5  2011 ssh_config   -rw-------. 1 root root   3872 Apr 5  2011 sshd_config   -rw-------. 1 root root    668 Jul 23 00:58 ssh_host_dsa_key   -rw-r--r--. 1 root root    590 Jul 23 00:58 ssh_host_dsa_key.pub   -rw-------. 1 root root    963 Jul 23 00:58 ssh_host_key   -rw-r--r--. 1 root root    627 Jul 23 00:58 ssh_host_key.pub   -rw-------. 1 root root   1675 Jul 23 00:58 ssh_host_rsa_key   -rw-r--r—. 1 root root    382 Jul 23 00:58 ssh_host_rsa_key.pub       #我們刪除ssh_host_*文件,然後重啟服務,發現文件自動生成了   [root@client01 ssh]# rm -f ssh_host_*   [root@client01 ssh]# ll   total 132   -rw-------. 1 root root 125811 Apr  5  2011moduli   -rw-r--r--. 1 root root   2047 Apr 5  2011 ssh_config   -rw-------. 1 root root   3872 Apr 5  2011 sshd_config   [root@client01 ssh]# /etc/init.d/sshdrestart   Stopping sshd:                                            [  OK  ]   Generating SSH1 RSA host key:                              [  OK  ]   Generating SSH2 RSA host key:                              [  OK  ]   Generating SSH2 DSA host key:                              [  OK  ]   Starting sshd:                                             [ OK  ]   [root@client01 ssh]# ll   total 156   -rw-------. 1 root root 125811 Apr  5  2011moduli   -rw-r--r--. 1 root root   2047 Apr 5  2011 ssh_config   -rw-------. 1 root root   3872 Apr 5  2011 sshd_config   -rw-------. 1 root root    672 Aug 6 10:38 ssh_host_dsa_key   -rw-r--r--. 1 root root    590 Aug 6 10:38 ssh_host_dsa_key.pub   -rw-------. 1 root root    963 Aug 6 10:38 ssh_host_key   -rw-r--r--. 1 root root    627 Aug 6 10:38 ssh_host_key.pub   -rw-------. 1 root root   1675 Aug 6 10:38 ssh_host_rsa_key   -rw-r--r--. 1 root root    382 Aug 6 10:38 ssh_host_rsa_key.pub       [root@client01 ssh]# man 5 sshd_config       #修改端口,然後重啟,重新登錄   [root@client01 ssh]# vim sshd_config   [root@client01 ssh]# grep "Port"sshd_config   #Port 22   Port 2222   #GatewayPorts no   [root@client01 ssh]# /etc/init.d/sshdrestart   Stopping sshd:                                            [  OK  ]   Starting sshd:                                            [  OK  ]   [root@client01 ~]# netstat -lanput | grepsshd   tcp       0      0 0.0.0.0:2222                0.0.0.0:*                   LISTEN      1814/sshd             tcp       0      0 :::2222                     :::*                        LISTEN      1814/sshd          #修改端口後按照以前的登錄方式會出錯   [root@larrywen /]# ssh 192.168.1.11   ssh: connect to host 192.168.1.11 port 22:Connection refused       #指定端口,參數可以放在前面或者後面   [root@larrywen /]# ssh 192.168.1.11 -p 2222   The authenticity of host'[192.168.1.11]:2222 ([192.168.1.11]:2222)' can't be established.   RSA key fingerprint is26:c7:6e:26:d8:9d:84:e4:25:46:d4:43:1f:d5:54:67.   Are you sure you want to continueconnecting (yes/no)? yes   Warning: Permanently added'[192.168.1.11]:2222' (RSA) to the list of known hosts.   [email protected]'s password:   Last login: Tue Aug  6 09:54:46 2013 from 192.168.1.1   [root@client01 ~]# exit   logout   Connection to 192.168.1.11 closed.   [root@larrywen /]# ssh -p 2222 192.168.1.11   [email protected]'s password:   Last login: Tue Aug  6 10:42:48 2013 from 192.168.1.1           #scp:借助SSH服務   [root@larrywen begin]# scp ule-begin.pdf 192.168.1.11:/root-P 2222   2222: No such file or directory   [root@larrywen begin]# scp -P 2222ule-begin.pdf 192.168.1.11:/root   [email protected]'s password:   ule-begin.pdf                                                                                      100%   14MB 13.6MB/s   00:00        二 ssh修改端口 [plain]  #修改端口:安全考慮            [root@client01 ~]# vim /etc/ssh/sshd_config   [root@client01 ~]# service sshd restart   Stopping sshd:                                            [  OK  ]   Starting sshd:                                             [  OK  ]   [root@client01 ~]# netstat -langput | grepsshd   tcp       0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1969/sshd             tcp       0      0 :::22                       :::*                        LISTEN     1969/sshd            [root@client01 ~]# ifconfig eth0:1192.168.1.111 netmask 255.255.255.0   [root@client01 ~]# ifconfig   eth0     Link encap:Ethernet  HWaddr00:0C:29:07:DD:3B             inet addr:192.168.1.11 Bcast:192.168.1.255  Mask:255.255.255.0            inet6 addr: fe80::20c:29ff:fe07:dd3b/64 Scope:Link            UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1            RX packets:13261 errors:0 dropped:0 overruns:0 frame:0            TX packets:2665 errors:0 dropped:0 overruns:0 carrier:0            collisions:0 txqueuelen:1000            RX bytes:15228499 (14.5 MiB)  TXbytes:402371 (392.9 KiB)       eth0:1   Link encap:Ethernet  HWaddr00:0C:29:07:DD:3B             inet addr:192.168.1.111 Bcast:192.168.1.255 Mask:255.255.255.0            UP BROADCAST RUNNING MULTICAST MTU:1500  Metric:1       lo       Link encap:Local Loopback             inet addr:127.0.0.1 Mask:255.0.0.0            inet6 addr: ::1/128 Scope:Host            UP LOOPBACK RUNNING MTU:16436  Metric:1            RX packets:0 errors:0 dropped:0 overruns:0 frame:0            TX packets:0 errors:0 dropped:0 overruns:0 carrier:0            collisions:0 txqueuelen:0            RX bytes:0 (0.0 b)  TX bytes:0(0.0 b)           [root@larrywen /]# ssh -p 2222192.168.1.111   ssh: connect to host 192.168.1.111 port2222: Connection refused   [root@larrywen /]# ssh 192.168.1.111   The authenticity of host '192.168.1.111(192.168.1.111)' can't be established.   RSA key fingerprint is26:c7:6e:26:d8:9d:84:e4:25:46:d4:43:1f:d5:54:67.   Are you sure you want to continueconnecting (yes/no)? yes   Warning: Permanently added '192.168.1.111'(RSA) to the list of known hosts.   [email protected]'s password:   Last login: Tue Aug  6 10:57:55 2013 from 192.168.1.1   [root@client01 ~]#       [root@client01 ssh]# grep "ListenAddress"sshd_config   #ListenAddress 0.0.0.0   #ListenAddress ::   ListenAddress 192.168.1.111       [root@client01 ~]# exit   logout   Connection to 192.168.1.111 closed.   [root@larrywen /]# ssh 192.168.1.111   [email protected]'s password:   Last login: Tue Aug  6 11:05:55 2013 from 192.168.1.1   [root@client01 ~]# netstat -langput | grepsshd   tcp       0      0 192.168.1.111:22            0.0.0.0:*                   LISTEN      2011/sshd               [root@larrywen /]# ssh 192.168.1.11   ssh: connect to host 192.168.1.11 port 22:Connection refused     三 ssh實現只允許內網登錄,不允許外網登錄   [plain]  #添加一張網卡,網段是172.16.1.0   #默認情況都可以訪問   [root@larrywen /]# ssh 172.16.1.11   The authenticity of host '172.16.1.11(172.16.1.11)' can't be established.   RSA key fingerprint isf5:82:df:5b:07:2a:4a:b2:91:75:86:76:12:49:54:24.   Are you sure you want to continueconnecting (yes/no)? yes   Warning: Permanently added '172.16.1.11'(RSA) to the list of known hosts.   [email protected]'s password:   Last login: Tue Aug  6 19:15:21 2013 from 192.168.1.1       #綁定IP地址,內網可以訪問,外網不綁定   [root@serv01 ~]# vim /etc/ssh/sshd_config   [root@serv01 ~]# grep "Address"/etc/ssh/sshd_config   #AddressFamily any   #ListenAddress 0.0.0.0   #ListenAddress ::   ListenAddress 192.168.1.11   #重啟服務   [root@serv01 ~]# /etc/init.d/sshd restart   Stopping sshd:                                             [  OK  ]   Starting sshd:                                            [  OK  ]   [root@serv01 ~]# exit   logout   Connection to 172.16.1.11 closed.   #連接172.16.1.11,不可以   [root@larrywen /]# ssh 172.16.1.11   ssh: connect to host 172.16.1.11 port 22:Connection refused       #連接192.168.1.11,可以正常登錄   [root@larrywen /]# ssh 192.168.1.11   [email protected]'s password:   Last login: Tue Aug  6 19:13:51 2013   [root@serv01 ~]# exit   logout   Connection to 192.168.1.11 closed.   [root@larrywen /]# ssh 192.168.1.11   [email protected]'s password:   Last login: Tue Aug  6 19:15:33 2013 from 172.16.1.1       #查看網絡狀態   [root@serv01 ~]# netstat -lanput | grepsshd   tcp       0      0 192.168.1.11:22             0.0.0.0:*                   LISTEN      1375/sshd     四 ssh登錄不需要密碼實現 [plain]  #不要密碼   [root@serv01 ~]# vim /etc/ssh/sshd_config   [root@serv01 ~]# grep"#PermitEmptyPasswords" /etc/ssh/sshd_config -n   65:#PermitEmptyPasswords no   [root@serv01 ~]# grep"PermitEmptyPasswords" /etc/ssh/sshd_config -n   65:#PermitEmptyPasswords no   67:PermitEmptyPasswords yes       #添加用戶   [root@serv01 ssh]# useradd hongyi   [root@serv01 ssh]# vim /etc/passwd   [root@serv01 ssh]# tail -n1 /etc/passwd   hongyi::500:500::/home/hongyi:/bin/bash   [root@serv01 ssh]# /etc/init.d/sshd restart   Stopping sshd:                                             [  OK  ]   Starting sshd:                                            [  OK  ]       [root@larrywen /]# ssh [email protected]   [hongyi@serv01 ~]$     五 ssh不允許root用戶登錄 [plain]  [root@serv01 ssh]# grep"PermitRootLogin" sshd_config -n   42:#PermitRootLogin yes   43:PermitRootLogin no   93:# the setting of "PermitRootLoginwithout-password".   [root@serv01 ssh]# man sshd_config   [root@serv01 ssh]# /etc/init.d/sshd restart   Stopping sshd:                                            [  OK  ]   Starting sshd:                                            [  OK  ]   [root@serv01 ssh]# vim /etc/passwd   [root@serv01 ssh]# tail -n1 /etc/passwd   hongyi:x:500:500::/home/hongyi:/bin/bash   [root@serv01 ssh]# passwd hongyi       [root@larrywen /]# ssh 192.168.1.11   [email protected]'s password:   Permission denied, please try again.   [root@larrywen /]# ssh [email protected]   [email protected]'s password:   Last login: Tue Aug  6 19:29:05 2013 from 192.168.1.1     六 ssh指定用戶或者組登錄 [plain]  #允許用戶 拒絕用戶   AllowUsers hongyi   AllowUsers hongyi up01   DenyUsers zhink   AllowGroups   DenyGroups       [root@serv01 ssh]# useradd zhink   [root@serv01 ssh]# passwd zhink       [root@serv01 ssh]# useradd up01   [root@serv01 ssh]# passwd up01       [root@serv01 ssh]# grep "Users"sshd_config -n   47:AllowUsers hongyi up01   48:DenyUsers zhink       [root@serv01 ssh]# service sshd restart   Stopping sshd:                                            [  OK  ]   Starting sshd:                                            [  OK  ]       [root@serv01 ssh]# man sshd_config   [root@larrywen /]# ssh [email protected]   [email protected]'s password:   Last login: Tue Aug  6 19:40:50 2013 from 192.168.1.1   [hongyi@serv01 ~]$ exit   logout   Connection to 192.168.1.11 closed.   [root@larrywen /]# ssh [email protected]   [email protected]'s password:   [up01@serv01 ~]$ exit   logout   Connection to 192.168.1.11 closed.   [root@larrywen /]# ssh [email protected]   [email protected]'s password:   Permission denied, please try again.   [email protected]'s password:     七 ssh等效性 [plain]  #不用密碼登錄別人的機器   #ssh等效性       #生成認證文件:公鑰 私鑰       [root@larrywen /]# ssh-keygen   Generating public/private rsa key pair.   Enter file in which to save the key(/root/.ssh/id_rsa):   Enter passphrase (empty for no passphrase):   Enter same passphrase again:   Your identification has been saved in/root/.ssh/id_rsa.   Your public key has been saved in/root/.ssh/id_rsa.pub.   The key fingerprint is:   86:49:93:08:44:01:03:85:5c:f8:2b:de:2b:08:c2:[email protected]   The key's randomart image is:   +--[ RSA 2048]----+   |**Oo             |   |.+ . . .         |   |  .. +          |   |   .. +         |   |.  . o S        |   |oo E  .         |   |= =              |   |.o o             |   | ...            |   +-----------------+       [root@larrywen /]# cd ~/.ssh/   [root@larrywen .ssh]# ls   id_rsa id_rsa.pub  known_hosts       [root@larrywen .ssh]# ssh-copy-id -iid_rsa.pub 192.168.0.217   [email protected]'s password:   Now try logging into the machine, with"ssh '192.168.0.217'", and check in:        .ssh/authorized_keys       [root@larrywen ssh]# ssh 192.168.0.217   Last login: Fri Aug  2 11:33:41 2013 from 192.168.0.10   [root@similar ~]#           to make sure we haven't added extra keysthat you weren't expecting.       [root@larrywen .ssh]# yum installopenssh-clients -y       #雙向SSH等效性   [root@serv01 .ssh]# ssh-keygen   [root@serv01 .ssh]# ssh-copy-id -iid_rsa.pub 192.168.1.12   The authenticity of host '192.168.1.12(192.168.1.12)' can't be established.   RSA key fingerprint is3e:bd:1e:76:c4:c7:b4:98:dc:95:fc:61:d7:a8:45:71.   Are you sure you want to continueconnecting (yes/no)? yes   Warning: Permanently added '192.168.1.12'(RSA) to the list of known hosts.   [email protected]'s password:   Now try logging into the machine, with"ssh '192.168.1.12'", and check in:        .ssh/authorized_keys       to make sure we haven't added extra keysthat you weren't expecting.       [root@serv01 .ssh]# ssh 192.168.1.12   Last login: Tue Aug  6 22:10:09 2013 from 192.168.1.11   [root@serv02 ~]#           [root@serv02 .ssh]# ssh-keygen   Generating public/private rsa key pair.   Enter file in which to save the key(/root/.ssh/id_rsa):   Enter passphrase (empty for no passphrase):   Enter same passphrase again:   Your identification has been saved in/root/.ssh/id_rsa.   Your public key has been saved in/root/.ssh/id_rsa.pub.   The key fingerprint is:   54:6b:99:8a:21:2c:28:0d:2f:89:2e:1a:b1:b3:ef:[email protected]   The key's randomart image is:   +--[ RSA 2048]----+   |.        .      |   |.* .    . +     |   |B + o . . =      |   |o+ . . + o       |   |=.   . S        |   |o+               |   |o                |   | . .             |   | oE              |   +-----------------+   [root@serv02 .ssh]# ssh-copy-id -iid_rsa.pub 192.168.1.11   The authenticity of host '192.168.1.11(192.168.1.11)' can't be established.   RSA key fingerprint isf5:82:df:5b:07:2a:4a:b2:91:75:86:76:12:49:54:24.   Are you sure you want to continueconnecting (yes/no)? yes   Warning: Permanently added '192.168.1.11'(RSA) to the list of known hosts.   [email protected]'s password:   Now try logging into the machine, with"ssh '192.168.1.11'", and check in:        .ssh/authorized_keys       to make sure we haven't added extra keysthat you weren't expecting.       [root@serv02 .ssh]# ssh 192.168.1.11   Last login: Tue Aug  6 22:09:27 2013 from 192.168.1.12   [root@serv01 ~]#               #私鑰被Serv03拿去,可以登錄   #私密加密   [root@serv01 /]# ssh-keygen   [root@serv01 .ssh]# ssh-copy-id -iid_rsa192.168.1.13       [root@serv01 .ssh]# ssh-copy-id -i id_rsa192.168.1.13   The authenticity of host '192.168.1.13(192.168.1.13)' can't be established.   RSA key fingerprint isac:ca:a2:ca:b4:27:b5:aa:5d:1a:eb:6e:5f:3c:2e:51.   Are you sure you want to continueconnecting (yes/no)? yes   Warning: Permanently added '192.168.1.13'(RSA) to the list of known hosts.   [email protected]'s password:   Now try logging into the machine, with"ssh '192.168.1.13'", and check in:        .ssh/authorized_keys       to make sure we haven't added extra keysthat you weren't expecting.       [root@serv01 .ssh]# ssh 192.168.1.13   Last login: Tue Aug  6 21:47:04 2013 from 192.168.1.1   [root@serv03 ~]#       #私密不需要密碼——SSH代理   #重啟後失效   [root@serv01 .ssh]# ssh-agent $SHELL   [root@serv01 .ssh]# ssh-add       [root@serv01 .ssh]# ssh-keygen   Generating public/private rsa key pair.   Enter file in which to save the key(/root/.ssh/id_rsa):   Enter passphrase (empty for no passphrase):   Enter same passphrase again:   Your identification has been saved in/root/.ssh/id_rsa.   Your public key has been saved in /root/.ssh/id_rsa.pub.   The key fingerprint is:   bd:5d:d4:1b:52:32:2f:a3:4e:60:d1:7a:1d:91:c2:[email protected]   The key's randomart image is:   +--[ RSA 2048]----+   |        .=E +o. |   |         .= o=. |   |        o. o+oo.|   |       .o...o+ o|   |       S oo  .. |   |         oo .   |   |         ...    |   |                 |   |                 |   +-----------------+   [root@serv01 .ssh]# ssh-copy-id -i id_rsa192.168.1.12   The authenticity of host '192.168.1.12(192.168.1.12)' can't be established.   RSA key fingerprint is3e:bd:1e:76:c4:c7:b4:98:dc:95:fc:61:d7:a8:45:71.   Are you sure you want to continueconnecting (yes/no)? yes   Warning: Permanently added '192.168.1.12'(RSA) to the list of known hosts.   [email protected]'s password:   Now try logging into the machine, with"ssh '192.168.1.12'", and check in:        .ssh/authorized_keys       to make sure we haven't added extra keysthat you weren't expecting.       [root@serv01 .ssh]# ssh 192.168.1.12   Enter passphrase for key'/root/.ssh/id_rsa':   Last login: Tue Aug  6 22:14:11 2013 from 192.168.1.11   [root@serv02 ~]# exit   logout   Connection to 192.168.1.12 closed.   [root@serv01 .ssh]# ssh-agent $SHELL   [root@serv01 .ssh]# ssh-add   Enter passphrase for /root/.ssh/id_rsa:   Identity added: /root/.ssh/id_rsa(/root/.ssh/id_rsa)   [root@serv01 .ssh]# ssh 192.168.1.12   Last login: Tue Aug  6 22:18:36 2013 from 192.168.1.11     八 xinetd和ssh結合使用 [plain]  #進程:   #1.獨立守護進程:單獨的向外提供服務,有單獨的端口   #2.超級守護進程:管理其他服務 xinetd   #xinetd:不對外提供服務,管理服務   [root@serv01 .ssh]# yum install xinetd* -y   [root@serv01 .ssh]# chkconfig   auditd                0:off       1:off       2:on       3:on       4:on       5:on       6:off   avahi-daemon         0:off       1:off       2:off       3:on       4:on       5:on       6:off   crond                0:off       1:off       2:on       3:on       4:on       5:on       6:off   ip6tables      0:off       1:off       2:off       3:off       4:off       5:off       6:off   iptables       0:off       1:off       2:off       3:off       4:off       5:off       6:off   messagebus          0:off       1:off       2:on       3:on       4:on       5:on       6:off   netconsole     0:off       1:off       2:off       3:off       4:off       5:off       6:off   netfs                 0:off       1:off       2:off       3:on       4:on       5:on       6:off   network              0:off       1:off       2:on       3:on       4:on       5:on       6:off   postfix        0:off       1:off       2:on       3:on       4:on       5:on       6:off   rdisc                 0:off       1:off       2:off       3:off       4:off       5:off       6:off   restorecond    0:off       1:off       2:off       3:off       4:off       5:off       6:off   rhnsd                0:off       1:off       2:on       3:on       4:on       5:on       6:off   rhsmcertd            0:off       1:off       2:off       3:on       4:on       5:on       6:off   rsyslog        0:off       1:off       2:on       3:on       4:on       5:on       6:off   saslauthd      0:off       1:off       2:off       3:off       4:off       5:off       6:off   sshd                 0:off       1:off       2:on       3:on       4:on       5:on       6:off   udev-post             0:off       1:on       2:on       3:on       4:on       5:on       6:off   xinetd                0:off       1:off       2:off       3:on       4:on       5:on       6:off       xinetd based services:          chargen-dgram:       off          chargen-stream: off          daytime-dgram:       off          daytime-stream: off          discard-dgram: off          discard-stream:   off          echo-dgram:          off          echo-stream:   off          tcpmux-server:  off          time-dgram:           off          time-stream:   off       #服務被頻繁地使用:不需要管理;比如Apache   #當然服務使用少,需要被管理       #包含文件:yum源 日志切換   #配置文件   [root@serv01 etc]# ls /etc/xinetd.conf   /etc/xinetd.conf       [root@serv01 etc]# cd xinetd.d/   [root@serv01 xinetd.d]# ll   total 44   -rw-r--r--. 1 root root 1157 Feb 28  2011 chargen-dgram   -rw-r--r--. 1 root root 1159 Feb 28  2011 chargen-stream   -rw-r--r--. 1 root root 1157 Feb 28  2011 daytime-dgram   -rw-r--r--. 1 root root 1159 Feb 28  2011 daytime-stream   -rw-r--r--. 1 root root 1157 Feb 28  2011 discard-dgram   -rw-r--r--. 1 root root 1159 Feb 28  2011 discard-stream   -rw-r--r--. 1 root root 1148 Feb 28  2011 echo-dgram   -rw-r--r--. 1 root root 1150 Feb 28  2011 echo-stream   -rw-r--r--. 1 root root 1212 Feb 28  2011 tcpmux-server   -rw-r--r--. 1 root root 1149 Feb 28  2011 time-dgram   -rw-r--r--. 1 root root 1150 Feb 28  2011 time-stream       [root@serv01 xinetd.d]# man xinetd.conf   #stream:TCP   #dgram:UDP       #讓xinetd服務管理sshd   [root@serv01 xinetd.d]# vim ssh   [root@serv01 xinetd.d]# cat ssh   service ssh   {          socket_type         = stream          wait                = no          nice                = 10          user                = root          server              =/usr/sbin/sshd          disable             = no   }   #查看服務,可以看到顯示on   [root@serv01 xinetd.d]# chkconfig   xinetd                0:off       1:off       2:off       3:on       4:on       5:on       6:off       xinetd based services:          chargen-dgram:       off          chargen-stream: off          daytime-dgram:       off          daytime-stream: off          discard-dgram: off          discard-stream:   off          echo-dgram:          off          echo-stream:   off          ssh:                  on          tcpmux-server:  off          time-dgram:           off          time-stream:   off       #禁止,查看服務,可以看到顯示off   [root@serv01 xinetd.d]# vim ssh   [root@serv01 xinetd.d]# cat ssh   service ssh   {          socket_type         = stream          wait                = no          nice                = 10          user                = root          server              =/usr/sbin/sshd          disable             = yes   }       [root@serv01 xinetd.d]# chkconfig       xinetd                0:off       1:off       2:off       3:on       4:on       5:on       6:off       xinetd based services:          chargen-dgram:       off          chargen-stream: off          daytime-dgram:       off          daytime-stream: off          discard-dgram: off          discard-stream:   off          echo-dgram:          off          echo-stream:   off          ssh:                  off          tcpmux-server:  off          time-dgram:           off          time-stream:   off       #關閉sshd服務   [root@serv01 xinetd.d]# /etc/init.d/sshdstop   Stopping sshd:                                            [  OK  ]   #重啟xinetd服務   [root@serv01 xinetd.d]# /etc/init.d/xinetdrestart   Stopping xinetd:                                          [FAILED]   Starting xinetd:                                           [ OK  ]   #查看網絡狀態,發現沒有xinetd   [root@serv01 xinetd.d]# netstat -langput   Active Internet connections (servers andestablished)   Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name     tcp       0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1144/master           tcp       0      0 192.168.1.11:22             192.168.1.1:37741           ESTABLISHED 1377/0                tcp       0      0 ::1:25                      :::*                        LISTEN      1144/master           udp       0      0 0.0.0.0:5353                0.0.0.0:*                               1034/avahi-daemon:    udp       0      0 0.0.0.0:54455               0.0.0.0:*                               1034/avahi-daemon:    IPv6/IPv4 Group Memberships   Interface       RefCnt Group   --------------- ---------------------------   lo              1      224.0.0.1   eth1           1      224.0.0.251   eth1            1      224.0.0.1   eth0            1      224.0.0.251   eth0            1      224.0.0.1   lo              1      ff02::1   eth1            1      ff02::1:ff07:dd45   eth1            1      ff02::1   eth0            1      ff02::1:ff07:dd3b   eth0            1      ff02::1       #遠程連接,發生失敗   [root@larrywen .ssh]# ssh 192.168.1.11   ssh: connect to host 192.168.1.11 port 22:Connection refused   #再次編輯,加上     server_args      = -I   #可以通過man xinetd.conf查看server_args   [root@serv01 xinetd.d]# man xinetd.conf   server_args   [root@serv01 xinetd.d]# vim ssh   [root@serv01 xinetd.d]# cat ssh   service ssh   {          socket_type         = stream          wait                = no          nice                = 10          user                = root          server              =/usr/sbin/sshd          disable             = no          server_args      = -i   }   #重啟服務   [root@serv01 xinetd.d]# /etc/init.d/xinetdrestart   Stopping xinetd:                                          [  OK  ]   Starting xinetd:                                           [  OK  ]   #再次查看,發現有xinetd服務   [root@serv01 xinetd.d]# netstat -langput   Active Internet connections (servers andestablished)   Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name     tcp       0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1144/master           tcp       0      0 192.168.1.11:22             192.168.1.1:37741           ESTABLISHED 1377/0                tcp       0      0 :::22                       :::*                        LISTEN      2410/xinetd           tcp       0      0 ::1:25                      :::*                        LISTEN      1144/master           udp       0      0 0.0.0.0:5353                0.0.0.0:*                               1034/avahi-daemon:    udp       0      0 0.0.0.0:54455               0.0.0.0:*                               1034/avahi-daemon:    IPv6/IPv4 Group Memberships   Interface       RefCnt Group   --------------- ---------------------------   lo              1      224.0.0.1   eth1            1      224.0.0.251   eth1            1      224.0.0.1   eth0            1      224.0.0.251   eth0            1      224.0.0.1   lo              1      ff02::1   eth1            1      ff02::1:ff07:dd45   eth1            1      ff02::1   eth0           1      ff02::1:ff07:dd3b   eth0            1      ff02::1       #遠程連接   [root@larrywen .ssh]# ssh 192.168.1.11   The authenticity of host '192.168.1.11(192.168.1.11)' can't be established.   RSA key fingerprint isf5:82:df:5b:07:2a:4a:b2:91:75:86:76:12:49:54:24.   Are you sure you want to continueconnecting (yes/no)? yes   Warning: Permanently added '192.168.1.11'(RSA) to the list of known hosts.   [email protected]'s password:   Last login: Tue Aug  6 22:15:35 2013 from 192.168.1.12   [root@serv01 ~]#   #再次查看,發現有xinetd服務   [root@serv01 xinetd.d]# netstat -langput   Active Internet connections (servers andestablished)   Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name     tcp       0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1144/master           tcp       0      0 192.168.1.11:22             192.168.1.1:37741           ESTABLISHED 1377/0                tcp       0      0 192.168.1.11:22             192.168.1.1:52605           ESTABLISHED 2413/1                tcp       0      0 :::22                       :::*                        LISTEN      2410/xinetd           tcp       0      0 ::1:25                      :::*                        LISTEN      1144/master           udp       0      0 0.0.0.0:5353                0.0.0.0:*                               1034/avahi-daemon:    udp       0      0 0.0.0.0:54455               0.0.0.0:*                               1034/avahi-daemon:    IPv6/IPv4 Group Memberships   Interface       RefCnt Group   --------------- ---------------------------   lo              1      224.0.0.1   eth1            1      224.0.0.251   eth1            1      224.0.0.1   eth0            1      224.0.0.251   eth0            1      224.0.0.1   lo              1      ff02::1   eth1            1      ff02::1:ff07:dd45   eth1            1      ff02::1   eth0            1      ff02::1:ff07:dd3b   eth0            1      ff02::1           #查看sshd命令的位置   [root@serv01 xinetd.d]# grep"SSHD" /etc/init.d/sshd -n   41:SSHD=/usr/sbin/sshd  
Copyright © Linux教程網 All Rights Reserved