首页 > 其他分享 >全面指南:OpenSSH和日志管理策略,轻松提升安全与运维效率

全面指南:OpenSSH和日志管理策略,轻松提升安全与运维效率

时间:2024-11-13 14:46:51浏览次数:1  
标签:运维 19 OpenSSH 管理策略 192.168 ssh key root lnh

目录

  • 日志管理

    • 配置rsyslog服务器

  • openssh

    • Secure Shell 示例

    • SSH 主机密钥

    • 配置基于 SSH 密钥的身份验证

 

[root@lnh ~]# cat /etc/redhat-release 
CentOS Stream release 8  //查看当前系统版本
[root@lnh ~]# uname -r
4.18.0-257.el8.x86_64
//查看当前系统内核版本
[root@lnh ~]# dmesg 
...
[    5.273545] XFS (dm-2): Starting recovery (logdev: internal)
[    5.323019] XFS (dm-2): Ending recovery (logdev: internal)
[    5.397922] XFS (sda1): Ending clean mount
[    7.026122] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[    7.031966] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[    7.034521] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[    7.034533] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[    7.045958] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[    7.050984] e1000: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[    7.052685] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[    7.052696] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
//可以查看系统所有的调试信息,日志(此处是centos8里面的)
[root@lnh ~]# tail -f /var/log/messages 
Jul 19 16:39:01 lnh systemd-logind[976]: New session 1 of user root.
Jul 19 16:39:01 lnh systemd[1268]: Reached target Paths.
Jul 19 16:39:01 lnh systemd[1268]: Reached target Timers.
Jul 19 16:39:01 lnh systemd[1268]: Starting D-Bus User Message Bus Socket.
Jul 19 16:39:02 lnh systemd[1268]: Listening on D-Bus User Message Bus Socket.
Jul 19 16:39:02 lnh systemd[1268]: Reached target Sockets.
Jul 19 16:39:02 lnh systemd[1268]: Reached target Basic System.
Jul 19 16:39:02 lnh systemd[1268]: Reached target Default.
Jul 19 16:39:02 lnh systemd[1268]: Startup finished in 71ms.
Jul 19 16:39:02 lnh systemd[1]: Started User Manager for UID 0.
//系统标准错误日志信息;非内核产生的引导信息;各子系统产生的信息
[root@lnh ~]# cat /var/log/secure 
Jul 19 16:18:44 localhost polkitd[962]: Loading rules from directory /etc/polkit-1/rules.d
Jul 19 16:18:44 localhost polkitd[962]: Loading rules from directory /usr/share/polkit-1/rules.d
Jul 19 16:18:44 localhost polkitd[962]: Finished loading, compiling and executing 2 rules
Jul 19 16:18:44 localhost polkitd[962]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Jul 19 16:18:44 localhost sshd[1062]: Server listening on 0.0.0.0 port 22.
Jul 19 16:18:44 localhost sshd[1062]: Server listening on :: port 22.
Jul 19 16:19:51 localhost systemd[1304]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Jul 19 16:19:51 localhost login[1083]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Jul 19 16:19:51 localhost login[1083]: ROOT LOGIN ON tty1
Jul 19 16:20:53 localhost polkitd[935]: Loading rules from directory /etc/polkit-1/rules.d
...
//与安全相关的日志信息
// /var/log/maillog:邮件系统产生的日志信息

 

syslog和rsyslog服务均有两个进程:
syslogd:系统,非内核产生的日志信息。
klogd:内核,专门负责记录内核产生的日志信息。

 

[root@lnh ~]# ps aux |grep syslogd
root        1194  0.0  0.2 218472  5768 ?        Ssl  16:37   0:00 /usr/sbin/rsyslogd -n
root        1355  0.0  0.0  12108  1088 pts/0    S+   16:48   0:00 grep --color=auto syslogd
//一直都在
[root@lnh ~]# ps aux |grep klogd
root        1362  0.0  0.0  12108  1080 pts/0    S+   16:51   0:00 grep --color=auto klogd
//当前没有

 

配置rsyslog服务器

我们首先要关闭虚拟机创建一个克隆,记住是完整克隆

 

lnh作为客户端,ip是192.168.222.250
xbz作为服务端,ip是192.168.222.251
在客户端:
[root@lnh ~]# vim /etc/rsyslog.conf

 

图片
在客户端赋予权限访问服务端

 

[root@lnh ~]# systemctl restart rsyslog.service
//重启服务
在服务端:
[root@xbz ~]# vim /etc/rsyslog.conf

 

图片
取消这四行的注释

 

[root@xbz ~]# systemctl restart rsyslog.service 
//重启服务
[root@xbz ~]# systemctl stop firewalld.service 
[root@xbz ~]# setenforce 0
//关闭防火墙
[root@xbz ~]# tail -f /var/log/secure 
Jul 19 17:02:19 lnh sshd[1012]: Server listening on :: port 22.
Jul 19 17:03:03 lnh systemd[1258]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Jul 19 17:03:03 lnh login[1032]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Jul 19 17:03:03 lnh login[1032]: ROOT LOGIN ON tty1
Jul 19 17:03:16 lnh sshd[1294]: Accepted password for root from 192.168.222.1 port 55495 ssh2
Jul 19 17:03:16 lnh sshd[1294]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 19 17:03:22 lnh sshd[1320]: Accepted password for root from 192.168.222.1 port 55497 ssh2
Jul 19 17:03:22 lnh sshd[1320]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jul 19 17:05:36 lnh sshd[1474]: Accepted password for root from 192.168.222.1 port 55524 ssh2
Jul 19 17:05:36 lnh sshd[1474]: pam_unix(sshd:session): session opened for user root by (uid=0)
//记录安全相关的东西
验证:
我们在客户端进行登录用户故意输入错误密码然后再登录
可以在服务的看到下面的信息
[root@xbz ~]# tail -f /var/log/secure 
ser root by (uid=0)
Jul 19 17:24:37 lnh sshd[1410]: pam_unix(sshd:session): session closed for user root
Jul 19 17:24:41 lnh unix_chkpwd[1441]: password check failed for user (root)
Jul 19 17:24:41 lnh sshd[1439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.222.1  user=root
Jul 19 17:24:44 lnh sshd[1439]: Failed password for root from 192.168.222.1 port 55818 ssh2
Jul 19 17:24:45 lnh sshd[1439]: Failed password for root from 192.168.222.1 port 55818 ssh2
Jul 19 17:24:46 lnh unix_chkpwd[1442]: password check failed for user (root)
Jul 19 17:24:48 lnh sshd[1439]: Failed password for root from 192.168.222.1 port 55818 ssh2
Jul 19 17:24:50 lnh unix_chkpwd[1443]: password check failed for user (root)
Jul 19 17:24:52 lnh sshd[1439]: Failed password for root from 192.168.222.1 port 55818 ssh2
Jul 19 17:24:54 lnh sshd[1439]: Accepted password for root from 192.168.222.1 port 55818 ssh2
Jul 19 17:24:54 lnh sshd[1439]: pam_unix(sshd:session): session opened for user root by (uid=0)

 

openssh

Secure Shell 示例

lnh作为客户端,ip是192.168.222.250
xbz作为服务端,ip是192.168.222.251

 

[root@lnh ~]# ssh [email protected] '/usr/sbin/ip a' //接命令的绝对路径,防止没有识别出命令
The authenticity of host '192.168.222.251 (192.168.222.251)' can't be established.             
ECDSA key fingerprint is SHA256:y11UDaNXs3AnvVUnZQfAim2VHAplF09YOvQp2NemHyk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '192.168.222.251' (ECDSA) to the list of known hosts.
[email protected]'s password: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:e8:25:ce brd ff:ff:ff:ff:ff:ff
    inet 192.168.222.251/24 brd 192.168.222.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fee8:25ce/64 scope link 
       valid_lft forever preferred_lft forever
//在同一网段下可以以远程用户身份(remoteuser)在远程主机(remotehost)上通过将输出返回到本地显示器的方式来执行单一命令
[root@lnh ~]# w
 17:41:09 up 38 min,  2 users,  load average: 0.02, 0.01, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1     -                17:02   38:20   0.28s  0.28s -bash
root     pts/0    192.168.222.1    17:06    0.00s  0.13s  0.02s w
//w命令可以显示当前登录到计算机的用户列表。这对于显示哪些用户使用ssh从哪些远程位置进行了登录以及执行了何种操作等内容特别有用

 

SSH 主机密钥

 

[root@lnh ~]# cat ~/.ssh/known_hosts 
192.168.222.251 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKh5FAHxXc6ck4NXY9q32oHHoZrK1+aMTpEo6smApoMbBUfvSd9YxtlRhd9TdPy8qfPwBg6ZdRkEFeRxlIzaSh8=
//192.168.222.251是客户端远程服务端的ip地址 ecdsa-sha2-nistp256 是算法,AAAA这里是公钥
//主机ID存储在本地客户端系统上的 ~/.ssh/known_hosts 中
//此处也可以换ip地址,之后还是可以进行登录,因为公钥没有发生改变
[root@xbz ~]# cd /etc/ssh/
[root@xbz ssh]# ll
total 600
-rw-r--r--. 1 root root     577388 Apr 27  2020 moduli
-rw-r--r--. 1 root root       1770 Apr 27  2020 ssh_config
drwxr-xr-x. 2 root root         28 Jul 19 16:14 ssh_config.d
-rw-------. 1 root root       4269 Apr 27  2020 sshd_config
-rw-r-----. 1 root ssh_keys    492 Jul 19 16:18 ssh_host_ecdsa_key
-rw-r--r--. 1 root root        162 Jul 19 16:18 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys    387 Jul 19 16:18 ssh_host_ed25519_key
-rw-r--r--. 1 root root         82 Jul 19 16:18 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys   2578 Jul 19 16:18 ssh_host_rsa_key
-rw-r--r--. 1 root root        554 Jul 19 16:18 ssh_host_rsa_key.pub
[root@xbz ssh]# less ssh_host_ecdsa_key
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQSoeRQB8V3OnJODV2Pat9qBx6Gaytfm
jE6RKOrJgKaDGwVH70nfWMbZUYXfU3T8vKnz8AYOmXUZBBXkcZSM2kofAAAAoP4DJvj+Ay
b4AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKh5FAHxXc6ck4NX
Y9q32oHHoZrK1+aMTpEo6smApoMbBUfvSd9YxtlRhd9TdPy8qfPwBg6ZdRkEFeRxlIzaSh
8AAAAhAP8Fsmj6nWXKoVWYgPeuv22eYQK8hQn4Wrr7PTXRlztaAAAAAAECAwQFBgc=
-----END OPENSSH PRIVATE KEY-----
//可以在服务端查看是否一样
[root@lnh ~]# ls /etc/ssh/*key*
/etc/ssh/ssh_host_ecdsa_key      /etc/ssh/ssh_host_ed25519_key.pub
/etc/ssh/ssh_host_ecdsa_key.pub  /etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_ed25519_key    /etc/ssh/ssh_host_rsa_key.pub
//主机密钥存储在SSH服务器上的 /etc/ssh/ssh_host_key* 中
//有pub的是公钥,其他的是私钥

 

配置基于 SSH 密钥的身份验证

 

在客户端上面的操作:
[root@lnh ~]# ssh-keygen -t rsa  //-t是指定算法 rsa算法
Enter file in which to save the key (/root/.ssh/id_rsa):  //确认这个秘钥保存在括号里面那个目录里面?id_rsa是私钥
Enter passphrase (empty for no passphrase): //请设置私钥的密码
Enter same passphrase again: //重新输入私钥密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Tgi3RqIiIw0nt3uMxeuyw3J3DM3uN8PUK4ItiDoWlXM root@lnh
The key's randomart image is:
+---[RSA 3072]----+    //rsa算法 长度3072
|                 |
|                 |
|o o + o          |
| * B E o         |
|= = =o+ S.       |
|o+ =.ooo. .      |
| o+.+* o.  .     |
|+.*o+ * * .      |
|++.=.+.o +       |
+----[SHA256]-----+
[root@lnh ~]# ls .ssh/
id_rsa  id_rsa.pub  known_hosts
//可以查看到私钥,pub结尾的是公钥
把这个客户机上面的公钥发送给服务端
[root@lnh ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
//因为我的公钥就是叫id_rsa.pub 这个名字所以直接用这个
//如果公钥不叫id_rsa.pub ,那么要指定位置 [root@lnh ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
在服务端查看:
[root@xbz ~]# ls .ssh/
authorized_keys
//这个就是传过来的公钥
在客户端:
[root@lnh ~]# ssh [email protected]
Last login: Tue Jul 19 17:05:36 2022 from 192.168.222.1
//可以查看到可以直接免密登录
在服务端也进行设置秘钥
[root@xbz ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:FppTggRIQaZOQGlZHVBCOyG5RicFG80NYUU9xl8wCys root@xbz
The key's randomart image is:
+---[RSA 3072]----+
|=@&%@=+. o.      |
|=B==++ =o o.     |
|+o+o.Eo.=..      |
|oo  . .= o       |
|..    + S        |
|       o         |
|                 |
|                 |
|                 |
+----[SHA256]-----+
[root@xbz ~]# ls .ssh/
authorized_keys  id_rsa  id_rsa.pub
[root@xbz ~]# ssh-copy-id  [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.222.250 (192.168.222.250)' can't be established.
ECDSA key fingerprint is SHA256:y11UDaNXs3AnvVUnZQfAim2VHAplF09YOvQp2NemHyk.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
在客户端查看:
[root@xbz ~]# ls .ssh/
authorized_keys  id_rsa  id_rsa.pub  known_hosts
在服务端登录验证:
[root@xbz ~]# ssh [email protected]
Last login: Tue Jul 19 17:24:54 2022 from 192.168.222.1
//直接免密登录

 

//scp命令常用选项
-r //递归复制
-p //保持权限
-P //端口
-q //静默模式
-a //全部复制

链接:https://www.cnblogs.com/tushanbu/p/16495244.html

标签:运维,19,OpenSSH,管理策略,192.168,ssh,key,root,lnh
From: https://www.cnblogs.com/testzcy/p/18543921

相关文章

  • 数据库运维实操优质文章文档分享(含Oracle、MySQL等) | 2024年10月刊
    本文为大家整理了墨天轮数据社区2024年10月发布的优质技术文章/文档,主题涵盖Oracle、MySQL、PostgreSQL等主流数据库系统以及国产数据库的技术实操,从基础的安装配置到复杂的故障排查,再到性能优化的实用技巧及常用脚本等,分享给大家:Oracle优质技术文章概念梳理&安装配置OracleR......
  • Linux之运维命令
    查看日志1、系统今日小于warning级别的日志manjournalctl|grep-C2"debug"|journalctl-xenall--sincetoday-pwarning[-ojson|-ojson-pretty]2、系统启动日志、内核日志#启动journalctl-b[-0]#内核journalctl-k3、指定服务或进程最新日志#......
  • 【运维】如何在不同操作系统上获取计算机硬件信息
    目录引言一、Windows操作系统1.1获取CPU信息1.2获取内存信息1.3获取硬盘信息1.4获取显卡信息1.5获取显存信息二、macOS操作系统2.1获取CPU信息2.2获取内存信息2.3获取硬盘信息2.4获取显卡信息2.5获取显存信息三、Linux操作系统3.1获取CPU信息3.2......
  • [运维][Nginx]Nginx学习(1/5)--Nginx基础
    Nginx简介背景介绍Nginx一个具有高性能的【HTTP】和【反向代理】的【WEB服务器】,同时也是一个【POP3/SMTP/IMAP代理服务器】,是由伊戈尔·赛索耶夫(俄罗斯人)使用C语言编写的,Nginx的第一个版本是2004年10月4号发布的0.1.0版本。另外值得一提的是伊戈尔·赛索耶夫将Nginx的源码......
  • 运维系列&虚拟机系列:Ubuntu Server 24.04.1 配置静态ip
    UbuntuServer24.04.1配置静态ipUbuntuServer24.04.1配置静态ip1.找到NetPlan配置文件2.cat一下3.我这里用的无线网卡,修改wlp1s0下的配置4.保存文件后,执行5.检查IP地址和网络连接UbuntuServer24.04.1配置静态ip实体机安装完后,记录一下静......
  • 运维工程师的出路到底在哪里?零基础入门到精通,收藏这篇就够了
    目录前言一、运维工程师的职责二、能力要求(一)技术方面(二)管理方面(三)业务方面三、35岁被称为运维半衰期,究竟为何?四、该如何顺利过渡半衰期五、运维的职业发展路径总结前言你是不是也常常听到身边的运维人员抱怨,他们的出路到底在哪里呢?别着急,让我告诉你,运维人员......
  • centos6升级openssh
    环境:OS:Centos6.51.查看当前的版本[root@localhostsoft]#ssh-VOpenSSH_5.3p1,OpenSSL1.0.1e-fips11Feb2013[root@localhostsoft]#  2.下载rpm安装包我们这里计划升级到9.8[root@localhostsoft]#cd/soft[root@localhostsoft]#wgethttp://down.tag.gg/Openssh/......
  • 运维人员必备的 Mac Zsh 配置技巧
    作者:SRE运维博客博客地址:https://www.cnsre.cn/文章地址:https://www.cnsre.cn/posts/241022203423/相关话题:https://www.cnsre.cn/tags/aws/运维人员必备的MacZsh配置技巧作为一名运维工程师,我们在日常工作中经常需要与AWS打交道。为了提高工作效率,我在Mac的......
  • 「漏洞复现」某融信运维安全审计系统 download 任意文件读取漏洞
    0x01 免责声明请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。工具来自网络,安全性自测,如有侵权请联系删除。本次测试仅供学习使用,如若非法他用,与平台和本文作者无关,需......
  • 海柔仿真系统存储实践:混合云架构下实现高可用与极简运维
    海柔创新是一家专注于箱式仓储机器人系统的研发和设计的科技公司,其仿真平台通过数字模拟技术,再现实际仓库环境和设备,利用导入的地图、订单、库存及策略配置等数据来验证和优化仓储解决方案,确保设计方案的效率和合理性。最初,海柔的仿真平台在单机环境中运行,但随着数据量的增长,运维......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99