1.实验目的:
配置ssh远程连接
1.实现两台linux主机之间通过公钥验证能够互相实现免密登陆
2.实验步骤:
两台主机,一个命名为client(ip:192.168.17.128),另一个命名为server(ip:192.168.17.129)。server的公钥验证登入跟client的命令一样,在此省略。
公钥验证:(免密登陆验证方式)
(1)C生成非对称秘钥
[root@client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): (可输入内容也可直接回车)
Enter passphrase (empty for no passphrase): (可输入内容也可直接回车)
Enter same passphrase again: (可输入内容也可直接回车)
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:3aK0t7cc31aGOeFXjA9Pv92WmWAh98HfEpmwGl9RKAA root@client
The key's randomart image is:
+---[RSA 3072]----+
| E... o.|
| o o |
| +.* |
| ..o.oOo+|
| S o++ooX*|
| . o...o*.X|
| o . o .=O|
| . o.o *=|
| ..o..o.|
+----[SHA256]-----+
(2) 公钥发送到服务器/root/.ssh/authorized_keys
[root@client ~]# ssh-copy-id root@192.168.17.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.17.129's password: (输入密码)Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.17.129'"
and check to make sure that only the key(s) you wanted were added.
(3) 等待客户端请求内部通过非对称验证
[root@client ~]# ssh root@192.168.17.129
Activate the web console with: systemctl enable --now cockpit.socketRegister this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last failed login: Sun Oct 29 20:11:54 CST 2023 from 192.168.17.128 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Oct 29 20:06:56 2023 from 192.168.17.1
[root@server ~]#