学步园

环境

os：Ubuntu 12.04

1.安装
服务器端：

sudo apt-get install ssh openssh-server ssh-import-id
客户端： 
www.163ns.com @linux:~$sudo apt-get install openssh-client

2.配置
2.1.修改ssh端口
默认的ssh端口是22，太扎眼，建议改成别的端口，比如3301。
修改 /etc/ssh/sshd_config文件
将其中的

# port 22
改成 
port 3301
改完要重启ssh服务

www.163ns.com @linux:~$ sudo /etc/init.d/ssh restart

3.登录
一般的登录ssh服务器的方式有两种，一种是使用密码，还有一种是使用密钥文件登录。
3.1.使用密码登录

www.163ns.com @linux:~$ ssh testuser@192.168.56.101 -p3301
testuser@192.168.56.101's password: 
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic-pae i686)

* Documentation:  https://help.Ubuntu.com/

System information as of Thu May 17 00:31:21 CST 2012

System load:  0.0               Processes:           73
  Usage of /:   9.1% of 19.18GB   Users logged in:     1
  Memory usage: 14%               IP address for eth0: 192.168.56.101
  Swap usage:   0%

Graph this data and manage this system at https://landscape.canonical.com/

Last login: Thu May 17 00:22:04 2012 from 192.168.56.1
看到类似这些信息就说明登录成功了。
这种方式比较简单，但安全性稍差。
3.2.公钥-私钥登录
首先在终端执行

www.163ns.com @linux:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jim/.ssh/id_rsa):     
Enter passphrase (empty for no passphrase):  //这里需要输入你的passphrase密码，这个密码一会还要用到
Enter same passphrase again: 
Your identification has been saved in /home/jim/.ssh/id_rsa.
Your public key has been saved in /home/jim/.ssh/id_rsa.pub.
The key fingerprint is:
b9:8f:4b:e4:a8:39:9d:57:df:cb:4e:6c:79:76:db:7f www.163ns.com @linux
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|         .       |
|        S        |
|       + ..  . . |
|     ...+. . .= +|
|    .oo..o  .+.oE|
|    o. .o..  .+o=|
+-----------------+
www.163ns.com @linux:~$
上传公钥

www.163ns.com @linux:~$ ssh-copy-id "-p 3301 -i ~/.ssh/id_rsa.pub testuser@192.168.56.101"
Warning: Identity file ~/.ssh/id_rsa.pub not accessible: No such file or directory.
testuser@192.168.56.101's password: 
Now try logging into the machine, with "ssh '-p 3301 -i ~/.ssh/id_rsa.pub testuser@192.168.56.101'", and check in:

~/.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

www.163ns.com @linux:~$

程序提示你连接一下试试，照做吧

www.163ns.com @linux:~$ ssh -p 3301 -i ~/.ssh/id_rsa.pub testuser@192.168.56.101
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic-pae i686)

* Documentation:  https://help.Ubuntu.com/

System information as of Thu May 17 00:48:35 CST 2012

System load:  0.01              Processes:           73
  Usage of /:   9.1% of 19.18GB   Users logged in:     1
  Memory usage: 15%               IP address for eth0: 192.168.56.101
  Swap usage:   0%

Graph this data and manage this system at https://landscape.canonical.com/

Last login: Thu May 17 00:45:27 2012 from 192.168.56.1
testuser@demo-server:~$ exit
中间有个提示，让你输入先前的passphrase密码，只需要输入一次，以后就再也不用输入了。
ok，再登录一下试试，这次不导入公钥了v 
www.163ns.com @linux:~$ ssh testuser@192.168.56.101 -p 2201
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-23-generic-pae i686)

* Documentation:  https://help.Ubuntu.com/

System information as of Thu May 17 00:49:08 CST 2012

System load:  0.06              Processes:           73
  Usage of /:   9.1% of 19.18GB   Users logged in:     1
  Memory usage: 15%               IP address for eth0: 192.168.56.101
  Swap usage:   0%

Graph this data and manage this system at https://landscape.canonical.com/

Last login: Thu May 17 00:48:52 2012 from 192.168.56.1
administrator@demo-server:~$ exit
logout
Connection to 192.168.56.101 closed.
www.163ns.com @linux:~$ 
没有输入密码直接就登入到ssh服务器了。
看一下本地的.ssh目录有这么几个文件

www.163ns.com @linux:~$ ls .ssh -l
总用量 36
-rw------- 1 jim jim 1766  5月 17 00:46 id_rsa //这是私钥
-rw-r--r-- 1 jim jim  396  5月 17 00:46 id_rsa.pub //这是公钥
-rw-r--r-- 1 jim jim  222  5月 17 00:45 known_hosts //这是你所有访问过的ssh服务器的公钥信息，如果这个文件没有的话，下次登录时会提示你。