ssh远程管理工具(Secure Shell)
特点:加密传输数据,安全,默认22端口
1.账户密码登录(口令)模式:
远程登录:ssh [-p port] username@ip (root用户可省略username@)
[root@centos68 ~]# ssh yunweixiaocai@192.168.1.9
The authenticity of host '192.168.1.9 (192.168.1.9)' can't be established.
RSA key fingerprint is 92:ac:6d:2f:77:1e:d5:9c:92:a1:71:53:f7:ee:66:d5.
Are you sure you want to continue connecting (yes/no)? yes #输入yes
Warning: Permanently added '192.168.1.9' (RSA) to the list of known hosts.
yunweixiaocai@192.168.1.9's password:
[yunweixiaocai@centos75 ~]$ #登录成功
2.密钥对验证模式:
登录步骤
# 1.客户端生成密钥文件
[root@centos68 ~]# ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): # 密钥对保存位置
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa. # 私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. # 公钥
The key fingerprint is:
a9:79:97:d9:96:44:08:fc:ca:e7:79:c0:24:c8:ce:cd root@centos68
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| .. . |
| . . .. . |
| o ..o. |
| o +S= . |
| ooE += . |
| o .o+o+ |
| . .o.. |
| . |
+-----------------+
# 2.将公钥文件上传至服务器端
[root@centos68 ~]# ssh-copy-id yunweixiaocai@192.168.1.9
yunweixiaocai@192.168.1.9's password:
Now try logging into the machine, with "ssh 'yunweixiaocai@192.168.1.9'", and check in:
.ssh/authorized_keys # 服务器将客户端公钥保存在yunweixiaocai家目录下
to make sure we haven't added extra keys that you weren't expecting.
# 3.客户端与服务器端验证客户端公钥文件相同
[root@centos75 ~]# cat /home/yunweixiaocai/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EA……省略……cKdx83H7aTTdGNYKRloVKhiw== root@centos68
[root@centos68 ~]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EA……省略……cKdx83H7aTTdGNYKRloVKhiw== root@centos68
# 4.登录服务器
[root@centos68 ~]# ssh yunweixiaocai@192.168.1.9
Last login: Sat Mar 6 15:57:26 2021 from 192.168.1.201 #不再询问密码
[yunweixiaocai@centos75 ~]$
3.远程登录相关设置
配置文件 /etc/ssh/sshd_config,修改后重启sshd服务
[root@centos75 ~]# vi /etc/ssh/sshd_config
PasswordAuthentication no # no,禁用账户密码登录模式
PermitRootLogin no # no, 禁用root远程登录
Port 22 # 端口设置
ListenAddress ip # 设置ssh监听IP(多网卡时设置,添加网卡ifconfig eth0:x 192.168.1.x)
4.远程传输文件
远程上传文件:scp 本地路径 username@ip:/绝对路径,-P指定端口
远程下载文件:scp username@ip:/绝对路径 本地路径 ,-P指定端口
sftp [-oPort=port] username@ip
附:实验前准备:
1.两台机器不同名:
#centos6.8修改主机名,修改后才重启:
> cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos68 #修改名字
> cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.201 centos68 #添加此行
# centos7.x修改主机名,修改后重启:
> cat /etc/hostname
centos75 #直接改名
2.关闭防护(重启机器):
iptables -F #清空防护墙规则
setenforce 0 #临时关闭SELinux
chkconfig iptables off #设置防火墙开机不自启--centos6.8
systemctl disable firewalld #设置防火墙开机不自启--centos7.x
sed -i '7s/enforcing/disabled/' /etc/selinux/config #永久关闭SELinux
本文所有图片来自尚硅谷刘川老师课程