rhce第二次作业linux客户端普通用户通过秘钥登录linux服务端root用户

Catherines7

已于 2023-03-12 21:05:53 修改

阅读量144

点赞数

分类专栏： linux 文章标签： bash Powered by 金山文档

于 2023-03-11 16:59:19 首次发布

本文链接：https://blog.csdn.net/CQ17743254852/article/details/129465579

版权

linux 专栏收录该内容

6 篇文章 0 订阅

订阅专栏

我的理解：

使用密钥登录服务端，即客户端也生成一对公私钥，并将公钥发送给服务端。服务端验证客户端时，将生成随机数，并先使用对称密钥进行加密，再使用客户端发送过来的公钥加密，然后发送给客户端，客户端解密随机数后使用对称密钥加密发送给服务端，服务端收到相同的随机数就验证成功了。

实验步骤：1.生成公私钥

[redhat@localhost ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/redhat/.ssh/id_rsa): 
/home/redhat/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/redhat/.ssh/id_rsa.
Your public key has been saved in /home/redhat/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:v8gk6L23nxJBaHPFtDqrtAxqi7BHKAxuvHtjHkefG7Q redhat@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|       . +o      |
|      + o ..     |
|     . +  .      |
|.       ..       |
|=.   . .S.       |
|o=. ..o ++       |
|+...o.oEo..      |
|.+o*o= *=. o     |
|o+Boo *++++      |
+----[SHA256]-----+
[redhat@localhost ~]$ 
[redhat@localhost ~]$ cd /home/redhat/.ssh
[redhat@localhost .ssh]$ ll
total 12
-rw-------. 1 redhat redhat 2622 Mar 11 16:38 id_rsa
-rw-r--r--. 1 redhat redhat  582 Mar 11 16:38 id_rsa.pub
-rw-r--r--. 1 redhat redhat  177 Mar 11 11:25 known_hosts

2.复制公钥到服务端目录下

[redhat@localhost .ssh]$ ssh-copy-id root@192.168.239.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/redhat/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.239.128's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.239.128'"
and check to make sure that only the key(s) you wanted were added.

3.登录服务器

[redhat@localhost .ssh]$ ssh root@192.168.239.128
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Mar 11 14:01:21 2023 from 192.168.239.1
[root@localhost ~]#