我们在在linux下开发时,总是需要多台电脑协调工作,来回切换,此时ssh工具大有可为。SSH 为 Secure Shell 的缩写,由 IETF 的网络工作小组(Network Working Group)所制定;SSH 为建立在应用层和传输层基础上的安全协议。SSH 是目前较可靠,专为远程登录会话和其他网络服务提供安全性的协议。利用 SSH 协议可以有效防止远程管理过程中的信息泄露问题。SSH最初是UNIX系统上的一个程序,后来又迅速扩展到其他操作平台。SSH在正确使用时可弥补网络中的漏洞。SSH客户端适用于多种平台。几乎所有UNIX平台-包括HP-UX、Linux、AIX、Solaris、Digital UNIX、Irix,以及其他平台,都可运行SSH。
受到ssh加密版权问题,现在很多人都转而使用OpenSSH,openSSH是SSH的替代软件,而且是免费的。OpenSSH默认使用RSA密钥,它采用安全、加密的网络连接工具代替telnet、ftp、rlogin、rsh和rcp工具
一、安装
首先是否,yum 工具搜索 openSSH
yum search openssh
得到如下结果
Loaded plugins: product-id, refresh-packagekit, search-disabled-repos, security, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
======================================================================= N/S Matched: openssh =======================================================================
openssh-askpass.x86_64 : A passphrase dialog for OpenSSH and X
openssh.x86_64 : An open source implementation of SSH protocol versions 1 and 2
openssh-clients.x86_64 : An open source SSH client applications
openssh-ldap.x86_64 : A LDAP support for open source SSH server daemon
openssh-server.x86_64 : An open source SSH server daemon
Name and summary matches only, use "search all" for everything.
[root@yj138 hadoop]#
如果需要仅作为客户端,安装 openssh.x86_64 openssh-clinet.x86_64
如果既需要作为客户端,也需要作为服务器,还需要安装 openssh-server.x86_64
这里全部安装
yum install openssh.x86_64 openssh-clients.x86_64 openssh-server.x86_64
由于我的电脑已安装,所示输出如下信息
Loaded plugins: product-id, refresh-packagekit, search-disabled-repos, security, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Setting up Install Process
Package openssh-5.3p1-123.el6_9.x86_64 already installed and latest version
Package openssh-clients-5.3p1-123.el6_9.x86_64 already installed and latest version
Package openssh-server-5.3p1-123.el6_9.x86_64 already installed and latest version
Nothing to do
[root@yj138 hadoop]#
二、基本操作
2.1 登录到远程
ssh 远程地址
ssh 登录到远程
[hadoop@localhost ~]$ ssh 192.168.112.130
The authenticity of host '192.168.112.130 (192.168.112.130)' can't be established.
ECDSA key fingerprint is ff:7b:94:49:f5:2d:d3:59:23:c7:a8:cf:b0:d6:e4:b9.
Are you sure you want to continue connecting (yes/no)? yes # 再次登陆不会有这个提示
Warning: Permanently added '192.168.112.130' (ECDSA) to the list of known hosts.
hadoop@192.168.112.130's password:
ssh 登录远程 指定用户
[hadoop@localhost home]$ ssh -l root 192.168.112.130
root@192.168.112.130's password:
Last login: Sat Jun 9 15:18:44 2018 from 192.168.112.131
2.2 拷贝文件
拷贝本地到远程 scp
[root@localhost ~]# scp anaconda-ks.cfg root@192.168.112.131:/tmp
root@192.168.112.131's password:
anaconda-ks.cfg 100% 1704 1.7KB/s
拷贝远程到本地 scp
[root@localhost ~]# scp root@192.168.112.130:/tmp/anaconda-ks.cfg /root
root@192.168.112.130's password:
anaconda-ks.cfg 100% 1704 1.7KB/s 00:00
如果是拷贝目录, 使用scp -r
三、免密登录
为什么设置免密登录及远程拷贝?
方便操作,处理快速;
计算机集群中机器之间有频繁的数据交换需求。
设置方法:(假设A、B计算机要进行加密通信)
A计算机root用户的命令行输入ssh-keygen –t rsa,生成密钥对;
若B计算机授权给A免密钥登录B,则将A计算机的公钥放入B计算机的authorized_keys文件中。
通俗理解设置:将计算机的信任关系与人之间的信任关系作类比。张三若信任李四,则表示李四在张三的受信任名单的列表中(类比A计算机的公钥放到B计算机的authorized_keys文件中)。
计算机中运行:
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): [回车]
Enter passphrase (empty for no passphrase):
Enter same passphrase again: 【回车】
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:【回车】
SHA256:ZZX5VDHOPcyyXq74ogpPKDea2FThfQxqWaSL0g0QUZc root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| ++. ... .o +o|
…
| . o . . . o |
| o = . . . |
| + = = .. . |
| . + o....oo |
+----[SHA256]-----+
[root@localhost ~]# cd ~/.ssh/
[root@localhost .ssh]# cat id_rsa.pub >>authorized_keys
[root@localhost .ssh]# chmod 600 authorized_keys
[root@localhost .ssh]# scp authorized_keys root@192.168.112.131:/root/.ssh
root@192.168.112.131's password:
authorized_keys 100% 408 23.2KB/s 00:00
[root@localhost .ssh]# ssh 192.168.112.131
Last login: Fri Jun 8 21:56:46 2018
---------------------
作者:桂小林
来源:CSDN
原文:https://blog.csdn.net/quintind/article/details/80717744
版权声明:本文为博主原创文章,转载请附上博文链接!
如果已经生成了rsa, 也可直接将 id_rsa.pub 拷贝到目标设备,过程如下
[root@yj138 .ssh]# scp id_rsa.pub root@192.168.252.130:/root/.ssh
root@192.168.252.130's password:
id_rsa.pub 100% 392 0.4KB/s 00:00
[root@yj138 .ssh]# ssh 192.168.252.130
root@192.168.252.130's password:
Last login: Fri Nov 30 10:51:27 2018 from 192.168.252.138
[root@localhost ~]# cd /root/.ssh
[root@localhost .ssh]# ls -a
. .. id_rsa.pub known_hosts
[root@localhost .ssh]# cat id_rsa.pub>>authorized_keys // 将密钥内容拷贝到文authorized_keys
[root@localhost .ssh]# ls -a
. .. authorized_keys id_rsa.pub known_hosts
[root@localhost .ssh]# rm -f id_rsa.pub
[root@localhost .ssh]#
[root@localhost .ssh]# logout
Connection to 192.168.252.130 closed.
[root@yj138 .ssh]# ssh 192.168.252.130
Last login: Fri Nov 30 10:53:15 2018 from 192.168.252.138
本文内容 转载自 https://blog.csdn.net/quintind/article/details/80717744