本文详细描述了如何安装OpenEuler操作系统,并指导如何在两台Linux主机间通过SSH配置实现免密登录,包括密钥对生成、授权和验证过程。
1.安装OpenEuler操作系统
-
第一步:点击文件菜单,点击新建虚拟机,选择典型,点击下一步
-
-
第二步:选择稍后安装操作系统,点击下一步
-
-
第三步:选择操作系统类型,由于OpenEuler22.03 LTS SP2使用Linux5.10内核则选择如下:
-
-
第四步:命名虚拟机
-
-
第五步:设置磁盘空间,根据虚拟机安装要求设置,如下:
-
-
设置32G,动态空间申请,设置为单个文件
-
-
第六步:自定义硬件,设置硬件参数
-
-
第七步:设置自定义硬件
-
内存:推荐2GB
-
处理器:1颗、2核心
-
==新CD/DVD:适应ISO映像文件,点击浏览按钮,选择之前下载好的openEuler-22.03-LTS-SP2-x86_64-dvd.iso镜像文件==
-
网络适配器:选择NAT模式
-
显示器:去掉"加速3D图形“的对钩
-
最终:
-
-
-
选择关闭、完成
-
第八步OpenEuler22.03操作系统的安装部署
-
使用鼠标点击黑色界面进入OpenEuler22.03系统,通过ctrl+alt可以释放鼠标焦点回到Windows
-
通过键盘方向键选择第一项Install openEuler 22.03-LTS-SP2 选项进行安装系统
-
-
选择语言:中文或英文
-
-
安装信息摘要设置
-
安装目的地:显示安装位置,一般为硬盘,点击自定义进行行分区:
-
/boot:系统启动分区,推荐500M或1GB
-
swap:交换分区,4G
-
/:根分区,期望容量省略,表示将剩余空间全部分配
-
网络和主机名:打开网卡连接
-
-
-
root账户密码设置:密码为OPENlab123
-
-
创建用户:创建一个普通账户fox,设置密码:OPENlab123
-
-
重启系统
-
第九步:配置OpenEuler22.03
-
登录
-
账户:root
-
密码:OPENlab123
-
-
2.通过两台linux主机配置ssh实现互相免密登陆
2.1SSH简介
1.介绍
SSH用于计算机之间的加密登录,是一类网络协议,使用SSH协议远程登录另一台计算机,这种登录是相对安全的,即使被中途截获,密码不会泄露。
2.工作流程
(1)建立连接:SSH服务器在指定的端口监听客户端的连接请求,在客户端向服务器发起连接请求后,建立一个TCP连接。
(2)协商版本:某些版本可以支持更多的认证方法和密钥交换方法,SSH服务器和客户端通过协商确定最终使用的SSH版本号。
(3)算法协商:双方根据各自支持的算法,协商出最终用于产生会话密钥的密钥交换算法,用于数据信息加密的加密算法、用于进行数字签名和认证的公钥算法。
(4)交换密钥:服务器和客户端通过密钥交换算法,动态生成共享的会话密钥和绘画ID,建立加密通道。会话密钥主要用于后续数据传输的加密,会话ID用于在认证过程中标识该SSH连接。
(5)用户认证:密码(password)认证、密钥(publickey)认证、password-publickey认证(同时满足)、all认证(选择其一)
(6)会话请求和交互:认证通过后,SSH客户端向服务器端发送会话请求,请求服务器提供服务,建立好会话后,SSH服务器端和客户端在该会话上进行数据信息交互。
3.配置原理
1.Client将自己的公钥存放在Server上,追加在文件authorized_keys中。
2.Server端接收到Client的连接请求后,会在authorized_keys中匹配到Client的公钥pubKey,并生成随机数R,用Client的公钥对该随机数进行加密得到pubKey(R),然后将加密后信息发送给Client。
3.Client端通过私钥进行解密得到随机数R,然后对随机数R和本次会话的SessionKey利用MD5生成摘要Digest1,发送给Server端。
4.Server端会也会对R和SessionKey利用同样摘要算法生成Digest2。
5.Server端会最后比较Digest1和Digest2是否相同,完成认证过程。
4.配置步骤
主机A:192.168.119.128 主机B:192.168.119.129
A登录B
第一步:生成密钥对 在A机下产生密钥:ssh-keygen -t RSA -b 4096,一直按enter
[root@server ~]# ssh-keygen -t RSA -b 4096 Generating public/private RSA key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:AvhOqfaHqsmvTtQZg2sSIt2tUVJrVvuN7m2l6a7pM6Q root@server The key's randomart image is: +---[RSA 4096]----+ | ..o . | | ..o + o . | |+.oo+ = . | |o.o.+B . o | |.+ o= . S o . | |+ + . .. . | | .o .. o. + | |oo .. . E.oo+ | |+=+o.. .=B+ | +----[SHA256]-----+
检查是否产生密钥对:
id_rsa 私钥
id_rsa.pub 公钥
[root@server ~]# cd /root/.ssh [root@server .ssh]# ll 总用量 12 -rw-r--r-- 1 root root 381 7月 18 23:46 authorized_keys -rw------- 1 root root 3369 1月 10 12:58 id_rsa -rw-r--r-- 1 root root 737 1月 10 12:58 id_rsa.pub
第二步:发送公钥到要连接的另一个主机
[root@server .ssh]# ssh-copy-id 192.168.119.129 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.119.129 (192.168.119.129)' can't be established. ED25519 key fingerprint is SHA256:l91NRfMcJ/H7FnN7ifXVSzjSLz6AIPGeZwdOb7xlpaE. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.119.129's password: #输入密码 Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.119.129'" and check to make sure that only the key(s) you wanted were added.
第三步:测试 从主机A连接主机B
[root@server .ssh]# ssh 192.168.119.129 Activate the web console with: systemctl enable --now cockpit.socket Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Wed Jan 10 12:53:20 2024 from 192.168.119.1 [root@node1 ~]#
B登录A
第一步:生成密钥对 在B机下产生密钥:ssh-keygen -t RSA -b 4096,一直按enter
[root@node1 ~]# ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:+U+UmLSFKcdKD+tgZEIT/2prG8nQfYfh0xEOPKd3OcQ root@node1 The key's randomart image is: +---[RSA 4096]----+ | +. .. .. | | . o .o=..E | | . + + B++. . | | = + @.O.o+ | | . + S X.=. . | | + = o + | | * . . . | | ..o o | | .o. . | +----[SHA256]-----+
检查是否产生密钥对:
id_rsa 私钥
id_rsa.pub 公钥
[root@node1 ~]# ll .ssh 总用量 12 -rw------- 1 root root 737 1月 10 13:02 authorized_keys -rw------- 1 root root 3369 1月 10 13:07 id_rsa -rw-r--r-- 1 root root 736 1月 10 13:07 id_rsa.pub
第二步:发送公钥到要连接的另一个主机
[root@node1 ~]# ssh-copy-id 192.168.119.128 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.119.128 (192.168.119.128)' can't be established. ED25519 key fingerprint is SHA256:l91NRfMcJ/H7FnN7ifXVSzjSLz6AIPGeZwdOb7xlpaE. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.119.128's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.119.128'" and check to make sure that only the key(s) you wanted were added.
第三步:测试 从主机B连接主机A
[root@node1 ~]# ssh 192.168.119.128 Activate the web console with: systemctl enable --now cockpit.socket Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Wed Jan 10 12:53:54 2024 from 192.168.119.1
2264
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
