RECSE(ssh远程连接)

最新推荐文章于 2024-11-12 12:29:51 发布

代码滚蛋

最新推荐文章于 2024-11-12 12:29:51 发布

阅读量82

点赞数

文章标签： ssh 算法运维 linux

本文链接：https://blog.csdn.net/2301_77951758/article/details/134189494

版权

本文详细描述了如何在两台Linux主机间通过生成公私钥对实现免密登录，包括关闭防火墙、配置SSH服务、生成并传输公钥、验证无密码登录的过程。

摘要由CSDN通过智能技术生成

实验目的：

实现两台linux主机之间通过公钥验证能够互相实现免密登录

实验步骤：

1.关闭防火墙以及selinux，查看ssh服务的状态：

[root@server ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service;>
Active: active (running) since Tue 2023-10-31 17:13:2>
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 943 (sshd)
Tasks: 1 (limit: 11984)
Memory: 5.7M
CPU: 87ms
CGroup: /system.slice/sshd.service
└─943 "sshd: /usr/sbin/sshd -D [listener] 0 o>

10月 31 17:13:28 server systemd[1]: Starting OpenSSH serve>
10月 31 17:13:28 server sshd[943]: Server listening on 0.0>
10月 31 17:13:28 server sshd[943]: Server listening on :: >
10月 31 17:13:28 server systemd[1]: Started OpenSSH server>
10月 31 17:13:32 server sshd[994]: Accepted password for r>
10月 31 17:13:32 server sshd[994]: pam_unix(sshd:session):>
[root@server ~]# systemctl status firewalld
○ firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.ser>
Active: inactive (dead)
Docs: man:firewalld(1)
[root@server ~]# setenforce 0

2.在客户端制作公私钥对，并上传至服务器端：

[root@RHCE ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:KTtE5DiHTXX2ezo9AvfoewjFWu6eIHUx846YxG8515A root@RHCE
The key's randomart image is:
+---[RSA 3072]----+
| o.. o |
| B o . |
| + = .= |
| + o +* . |
| o S ==+ E |
| . o ooB.X o |
| o . +o@.* .|
| . . +o*.. |
| .=o |
+----[SHA256]-----+
[root@RHCE ~]# ssh-copy-id root@192.168.27.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.27.130's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.27.130'"
and check to make sure that only the key(s) you wanted were added.

3.尝试免密登录：

[root@RHCE ~]# ssh root@192.168.27.130
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Tue Oct 31 17:13:32 2023 from 192.168.27.1
[root@server ~]#

4.要实现两台linux主机可以互通，将刚才上述实验中的客户端和服务端主机调换，并重复上述操作：

[root@server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:5PkRfpcCNXqS54Az4dq/J+koE3dPmFbbMB14HfNLMic root@server
The key's randomart image is:
+---[RSA 3072]----+
| . o. +.|
| . o +..o +|
| * B oE +.|
| = = O+ B..|
| . S o++=o. |
| . .o=ooo. |
| o oo+ |
| o .o.o |
| o..oo |
+----[SHA256]-----+
[root@server ~]# ssh-copy-id root@192.168.27.136
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.27.136's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.27.136'"
and check to make sure that only the key(s) you wanted were added.

5.验证是否能进行免密登录：

[root@server ~]# ssh root@192.168.27.136
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Tue Oct 31 17:27:20 2023
[root@RHCE ~]#