ssh功能与密钥公钥

什么是openssh

是一个提供远程访问控制的软件

 

如何实现远程访问

 

ssh 远程主机用户@远程主机IP地址

ssh root@172.25.254.1

 

The authenticity of host '172.25.254.1 (172.25.254.1)' can't be established.

ECDSA key fingerprint is 55:dd:43:ce:bf:94:dd:91:49:e7:97:29:63:3d:02:02.

 

 

Are you sure you want to continue connecting (yes/no)? yes 建立安全传输key

root@172.25.254.1's password:                                 密码输入没有回显

 

 

Last failed login: Sun Oct 11 16:56:29 CST 2015 from 172.25.254.206 on ssh:notty

There was 1 failed login attempt since the last successful login.

Last login: Sun Oct 11 16:55:46 2015 from 172.25.254.206

 

 

 

[root@foundation1 ~]# 登陆成功

Ctrl+ D |logout 退出

[root@foundation1 ~]# logout

Connection to 172.25.254.1 closed.

 

 

[root@localhost ~]# vim /etc/motd 设定登陆显示字符

1.ssh的key认证

 

生成key

[test@foundation0 ~]$ ssh-keygen         生成公钥和私钥的工具

 

 

 

Generating public/private rsa key pair.

Enter file in which to save the key (/home/test/.ssh/id_rsa):『enter』       指定加密字符保存文件，使用默认

Created directory '/home/rrtest/.ssh'.

 

 

Enter passphrase (empty for no passphrase): 密码，必须大于4位

Enter same passphrase again:

 

 

Your identification has been saved in /home/test/.ssh/id_rsa.

Your public key has been saved in /home/test/.ssh/id_rsa.pub.

 

 

 

The key fingerprint is: 确认密码

 

 

 

a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com

The key's randomart image is:

+--[ RSA 2048]----+

|      .*+        |

|      +. o .     |

|     .. . E .    |

|       o + + *   |

|        S + * +  |

|       . * . o   |

|        . .      |

|                 |

|                 |

+-----------------+

 

 

[test@foundation0 .ssh]$ pwd

/home/test/.ssh 生成密钥存放位置

 

 

[test@foundation0 .ssh]$ ls

id_rsa  id_rsa.pub id_rsa位私钥     id_rsa.pub位公钥

 

使用key加密目标主机的目标用户

[test@foundation0 ~]$  ssh-copy-id -i /home/test/.ssh/id_rsa.pub westos@172.25.254.100

 

 

The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established.

ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08.

Are you sure you want to continue connecting (yes/no)? yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

westos@172.25.254.100's password:

 

Number of key(s) added: 1

 

Now try logging into the machine, with:   "ssh 'westos@172.25.254.100'"

and check to make sure that only the key(s) you wanted were added.

 

 

 

 

 

ssh-copy-id         上传key的工具

-i         指定使用的公钥

/home/test/.ssh/id_rsa.pub 使用公钥的名称

westos         被管理的目标用户

172.25.254.100         被管理用户所在主机的ip

 

 

authorized_keys         此文件在目标用户加目录的.ssh中，这个文件就是目标用户被加密的标识，文件内容位公钥内容。

 

 

 

sshd服务的简单配置

 

vim /etc/ssh/sshd_config sshd服务的配置文件

 

48 PermitRootLogin yes|no 是否允许root用户通过sshd的认证

78 PasswordAuthentication yes|no 开启或关闭用户密码认证  yes -> no

AllowUsers student westos 用户白名单，只允许在名单中出现的用户使用sshd服务

systemctl restart sshd 重新加载配置