openssh
环境
角色 | IP | 系统版本 | 备注 |
---|---|---|---|
server | 192.168.100.230 | Rocky9.3 | 服务器端 |
chilent | 192.168.100.240 | Rocky9.3 | 客户端 |
生成密钥
//使用ssh-keygen
命令生成密码。
将会生成私钥~/.ssh/id_rsa
公钥~/.ssh/id_rsa.pub
客户端
[root@client ~]# ls .ssh/
known_hosts known_hosts.old
[root@client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:cKhIqNHzhIvq5P1L48PC9SSabPi8VT6Fv8tIeX9I/kk root@client
The key's randomart image is:
+---[RSA 3072]----+
| |
| o . . |
|o = . o . |
|.+ * . o. |
|o o o oS. |
|. oo.+ . |
|..+ =++= oo .E |
|+.oB+oo.= oo... |
| oo=++o. +..oo |
+----[SHA256]-----+
[root@client ~]# ls .ssh/
id_rsa id_rsa.pub known_hosts known_hosts.old
[root@client ~]#
权限
//生成ssh
密钥后,密钥将默认存储在家目录下的.ssh/
目录中。
//私钥和公钥的权限就分别为600
和644
。.ssh
目录权限必须是700
。
客户端
[root@client ~]# ll -a
drwx------. 2 root root 80 Dec 12 02:37 .ssh
[root@client ~]# ll .ssh/
total 16
-rw-------. 1 root root 2590 Dec 12 02:37 id_rsa
-rw-r--r--. 1 root root 565 Dec 12 02:37 id_rsa.pub
-rw-------. 1 root root 843 Dec 12 02:27 known_hosts
-rw-r--r--. 1 root root 97 Dec 12 02:27 known_hosts.old
[root@client ~]#
传公钥
服务器端
//什么都有
[root@server ~]# cd .ssh
[root@server .ssh]# ls
[root@server .ssh]#
客户端
//把公钥给服务器端
[root@client ~]# ssh-copy-id root@192.168.100.230
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.100.230's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.100.230'"
and check to make sure that only the key(s) you wanted were added.
[root@client ~]#
服务器端
//公钥有了
[root@server .ssh]# ls
authorized_keys
[root@server .ssh]#
测试
客户端
//客户端连服务器端不用密码
[root@client ~]# ssh 192.168.100.230
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Tue Dec 12 02:55:45 2023 from 192.168.100.1
[root@server ~]#
scp
//传文件(客户端)
[root@client ~]# scp anaconda-ks.cfg root@192.168.100.230:/tmp/
anaconda-ks.cfg 100% 1081 554.6KB/s 00:00
[root@client ~]# scp anaconda-ks.cfg root@192.168.100.230:/tmp/abc
anaconda-ks.cfg 100% 1081 1.6MB/s 00:00
[root@client ~]#
//下载文件(客户端)
[root@client ~]# ls
anaconda-ks.cfg Desktop Documents Downloads Music Pictures Public Templates Videos
[root@client ~]# scp root@192.168.100.230:/tmp/abc .
abc 100% 1081 920.2KB/s 00:00
[root@client ~]# ls
abc anaconda-ks.cfg Desktop Documents Downloads Music Pictures Public Templates Videos
[root@client ~]#
//传目录
[root@client ~]# mkdir /test
[root@client ~]# scp -r /test root@192.168.100.230:/tmp/
//静默模式
[root@client ~]# scp -qr /test root@192.168.100.230:/tmp/
生成密码
//30位
[root@server ~]# tr -dc A-Za-z0-9_ < /dev/urandom | head -c 30 |xargs
yIf9gPjR8nlZ7xmCTbZVBqqwnJLig7
[root@server ~]#
设定空闲会话超时时长
[root@server ~]# vim /etc/profile
# /etc/profile
TMOUT=120
[root@server ~]# source /etc/profile