一、SSH是什么?
SSH(secure shell)是一種網絡協議,用于不同主機之間的加密通信。在1995年被設計出來,現已成為Linux系統的標準配置。
SSH作為一種協議,有多種實現,OpenSSH是其中的開源實現。
命令格式為:ssh 用戶名@ip addr
linux@linux:/$ ssh linux@30.0.1.43
The authenticity of host '30.0.1.43 (30.0.1.43)' can't be established.
ECDSA key fingerprint is SHA256:THHVZ1IfwqJk0YpV7Qk/a+ZvMds4phRQJEbrJIJFagg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '30.0.1.43' (ECDSA) to the list of known hosts.
linux@30.0.1.43's password:
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-122-generic x86_64)
......
linux@linux:~$ exit
logout
Connection to 30.0.1.43 closed.
英文的解釋為:無法確定主機“30.0.1.43 (30.0.1.43)”的真實性。現知道ECDSA key fingerprint,確認要連接嗎?
輸入yes,則給出提示:“警告:將“30.0.1.43”(ECDSA)永久添加到已知主機列表中。”
同時,要求輸入目標主機的密碼,便登錄成功。
遠程連接后,并實施操作后,輸入exit退出。
這里說明一下:
ECDSA是什么?
橢圓曲線數字簽名算法(ECDSA)是使用橢圓曲線密碼(ECC)對數字簽名算法(DSA)的模擬
將“30.0.1.43”(ECDSA)永久添加到已知主機列表中。存在什么地方?
linux@linux:~$ cat ~/.ssh/known_hosts
|1|tl/qb7M5czlKxx/K92mH+LvhzLg=|SBrV7zopc4QRmxrJMnas5fglLWs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFW6biQLrJ+0KwI1ODyN0iunhGqNahQE2smmawJEcwjdWg90AGPnpEc1T5EH9cZFRt9wfhq7AzpW0l5akYqdws0=
二、SSH的免密登錄
每次都輸入密碼,顯然是不友好的,如何做到免密登錄呢?可以使用公鑰的方式。
1.使用ssh-keygen創建密鑰對
ssh-keygen命令用來生成、創建和管理SSH認證用的公私鑰。
執行ssh-keygen命令,中間遇到輸入的內容,可以一路回車
linux@linux:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/linux/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/linux/.ssh/id_rsa.
Your public key has been saved in /home/linux/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bZX4G8qB+xcrrqutb4/9C//l6Wq6wCWk4k8yOtezuXQ linux@linux
The key's randomart image is:
+---[RSA 2048]----+
| |
| . . |
| .. o |
| oo o |
| . .S.+.o |
| . . .+oo.o |
| +.o.E+ .o .|
| ...*+++ooo. o.|
| .o oXX==*B++o.|
+----[SHA256]-----+
查看生成的公鑰id_rsa.pub和私鑰id_rsa
linux@linux:~$ cd ~/.ssh/
linux@linux:~/.ssh$ ls
id_rsa id_rsa.pub known_hosts
2.將生成id_rsa.pub拷貝到目標主機上
linux@linux:~/.ssh$ scp id_rsa.pub root@30.0.1.43:/tmp
root@30.0.1.43's password:
id_rsa.pub 100% 397 535.9KB/s 00:00
3.SSH到目標主機,并將id_rsa.pub添加到目標主機的authorized_keys
linux@linux:~/.ssh$ ssh root@30.0.1.43
root@30.0.1.43's password:
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-122-generic x86_64)
......
root@linux:/tmp# cat id_rsa.pub >> ~/.ssh/authorized_keys
查看authorized_keys文件內容
root@linux:/tmp# cat ~/.ssh/authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6FbeqPRLroVf57dgljfOUR6VV5BlCDB97kkmfS8meBP0BlOGspWFcroojP74RBBm2ChzoifufsI0huEm7M2oW76+DpteEgDXiFkT7A/U16+crgOsqtnG3tnHYIml+JlbT7Cq65YxnbZWA5MK3cDaQPBajb+jyqfnh2pmhbicjxATkub0CxGRvbkrnUIpzTqkDeXWmQc5E26QFaWfuuZQ/JQZ035oQhT0Kjh5l/7MeImFC++zJRr22anpy3xTM09w7o136C4hCvDpUAYtc2TfizrQP0c/DbE2W1TkgSQ0T8Pw9wht5zcX7Lk13r+HPiG4wXoZtWNVNeiyTc5doLpDt Generated-by-Nova
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDm/MEB2Qw4tN3z18Lkhjq84oluP/3zDnNGF64kdh+23KPKm2m5ev4kpXyC1/uNMfRYpYMhCYeLiFgOEdTINnBuXXDyJ4aohi0TeJPzWUwxtK6opUmeR82V5HBxE0eScEG+KlV5//CjPlbEJvB1x0zeYa6p/1icjWmkNTBnI3rEPPX+vFFQC0PrdibBXWWzRg3/h51YG4asNqp391t9sj+ZWCAbUZ1+zRBB8zYlgAnYhRahxVnjim4gicwM3+staaCqiQeaYODZu8DbmGxuWEUiZN4NfXl8Yej/tZH7cKfHgW+r2gXemiNH2FlHhnf5fi/OxsZQ+8XG7WrEOB+mKD7l linux@linux
說明:可以使用ssh-copy-id命令將id_rsa.pub拷貝到目標主機的 ~/.ssh/authorized_keys文件中,并給目標主機相應目錄適當的的權限。
ssh-copy-id -i ~/.ssh/id_rsa.pub 30.0.1.43
- 修改sshd_config配置文件
vim /etc/ssh/sshd_config
修改口令登錄:yes為no
PasswordAuthentication yes
去掉注釋,允許公鑰登錄
#PubkeyAuthentication yes
PubkeyAuthentication yes
添加:
RSAAuthentication yes
修改authorized_keys文件權限
root@linux:~# chmod 700 .ssh/
root@linux:~# chmod 600 ~/.ssh/authorized_keys
重啟sshd服務
root@linux:~# service sshd restart
- 使用id_rsa登錄目錄主機
linux@linux:~/.ssh$ ssh -i id_rsa root@30.0.1.43
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-122-generic x86_64)
......
-
Linux系統
+關注
關注
4文章
595瀏覽量
27449 -
網絡協議
+關注
關注
3文章
270瀏覽量
21584 -
SSH
+關注
關注
0文章
189瀏覽量
16364
發布評論請先 登錄
相關推薦
評論