SSH简介:
SSH的简单介绍
1、安全外壳协议;
2、建立在应用层上的软件;
3、跨平台;
4、安全;
1.1 在Centos安装SSH服务(默认安装的)
要启动服务,然后设置开机运行chkconfig sshd on
1.2客户端的SSH工具:
典型的CS交互模式,有多种SSH软件连接。
在安装sever时候已经把client安装过了。
1.3使用SSH命令链接服务——命令行
macOS下使用teminal进行连接SSH:
命令非常的简单:ssh [username]@[domain_name]
Last login: Mon Apr 16 19:27:21 on ttys001
zhangyunchendeMacBook-Pro:~ zhangyunchen$ ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
zhangyunchendeMacBook-Pro:~ zhangyunchen$
zhangyunchendeMacBook-Pro:~ zhangyunchen$
zhangyunchendeMacBook-Pro:~ zhangyunchen$
zhangyunchendeMacBook-Pro:~ zhangyunchen$ ssh root@192.168.0.114
The authenticity of host '192.168.0.114 (192.168.0.114)' can't be established.
ECDSA key fingerprint is SHA256:VoLf/WSoie6PfXjWGPGmkHnfTeiUDHMCizH+hj+il+Q.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.114' (ECDSA) to the list of known hosts.
root@192.168.0.114's password:
Last login: Mon Apr 16 07:33:36 2018 from 192.168.0.155
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# exit
登出
Connection to 192.168.0.114 closed.
zhangyunchendeMacBook-Pro:~ zhangyunchen$ exit
logout
Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.
1.4 SSH config讲解
使用config是可以用来批量管理多个SSH,典型的运维要学会的技能。一般的config存放在~/.ssh/config
config的配置语法
语法关键词:
HostName;
Port;
User;
IdentityFile;秘钥文件路径
这个SSH config我感觉非常的像JSON文件的格式:host “centos”
Hostname 192.168.0.114
User root
Port 22
IdentityFile ~/.ssh/id_rsa.pub
IndentitiesOnly yes
具体操作:
Last login: Mon Apr 16 19:36:20 on ttys001
zhangyunchendeMacBook-Pro:~ zhangyunchen$ ssh root@192.168.0.105
^Z
[1]+ Stopped ssh root@192.168.0.105
zhangyunchendeMacBook-Pro:~ zhangyunchen$ ssh root@192.168.0.114
root@192.168.0.114's password:
Last login: Mon Apr 16 07:37:39 2018 from 192.168.0.155
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]#
[root@localhost ~]# exit
登出
Connection to 192.168.0.114 closed.
zhangyunchendeMacBook-Pro:~ zhangyunchen$ cd ~/.ssh
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ls
known_hosts
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ touch config
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ;s
-bash: syntax error near unexpected token `;'
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ls
config known_hosts
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ vim config
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ssh Centos
root@192.168.0.114's password:
Last login: Mon Apr 16 07:45:40 2018 from 192.168.0.155
[root@localhost ~]# vim config
[1]+ 已停止 vim config
[root@localhost ~]# vim ~/.ssh/config
[2]+ 已停止 vim ~/.ssh/config
[root@localhost ~]# cd ~/.ssh
-bash: cd: /root/.ssh: 没有那个文件或目录
[root@localhost ~]# cd ~/.ssh/
-bash: cd: /root/.ssh/: 没有那个文件或目录
[root@localhost ~]# exit
登出
有停止的任务。
[root@localhost ~]# exit
登出
Vim: Caught deadly signal TERM
Vim: Finished.
Vim: Caught deadly signal TERM
Vim: Finished.
Connection to 192.168.0.114 closed.
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ vim config
[2]+ Stopped vim config
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ cat config\
>
host "Centos"
HostName 192.168.0.114
User root
Port 22
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ exit
logout
There are stopped jobs.
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ exit
logout
Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.
host "Centos"
HostName 192.168.0.114
User root
Port 22
[进程已完成]~
1.5 SSH的免密码登录——SSH KEY
- 我们往往使用非对称加密的方式生成公钥
- 私钥主要存放在本地~/.ssh目录
- 公共密钥对外开放,放置在服务器的~/.ssh/authorized_keys
Linux下,我们通过SSH里面自带的ssh-keygen -t rsa/dsa来生成ssh key;
Last login: Mon Apr 16 21:19:28 on ttys000
zhangyunchendeMacBook-Pro:~ zhangyunchen$ cd ~/.ssh
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ssh-
ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ssh-
ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/zhangyunchen/.ssh/id_rsa): cent_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in cent_rsa.
Your public key has been saved in cent_rsa.pub.
The key fingerprint is:
SHA256:T/9j0NxcnE7Lzysf5aaI+ek/WCJyAp4u68kFsneK1Gc zhangyunchen@zhangyunchendeMacBook-Pro.local
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| ..|
| . oo|
| . .. oS . o+o+|
| + .o ooo.o +=+|
| o o.E +...= o+|
| . +.B. o.=+o+|
| ..*o oo=o*=.|
+----[SHA256]-----+
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ls
cent_rsa cent_rsa.pub config known_hosts
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$