目录
linux主机之间
telnet 192.168.1.120 ssh #测试对方的ssh 服务是否开启
#按Ctrl + ] 会呼出telnet的命令行
ssh密钥配对认证
- openssh 连接
[root@localhost ~]# ping ton.tom -c2 //没ping通主机名在/etc/hosts下添加 或者直接ping对方ip
PING ton.tom (192.168.1.111) 56(84) bytes of data.
64 bytes from ton.tom (192.168.1.111): icmp_seq=1 ttl=64 time=1.03 ms
64 bytes from ton.tom (192.168.1.111): icmp_seq=2 ttl=64 time=0.883 ms
--- ton.tom ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 0.883/0.954/1.025/0.071 ms
[root@localhost ~]#
[root@localhost .ssh]# ssh ton.tom
The authenticity of host 'ton.tom (192.168.1.111)' can't be established.
RSA key fingerprint is SHA256:7oVlQO5rj8RWD0uXREAYX1Z/YSgSpKg0YMUywjTnHrA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ton.tom' (RSA) to the list of known hosts.
root@ton.tom's password:
Last login: Sun Jul 26 04:23:39 2020 from 192.168.1.120
[root@ton ~]#
[root@ton ~]# ls
anaconda-ks.cfg file_creat.c linux-2.6.28.10.tar.gz
[root@ton ~]# exit
logout
Connection to ton.tom closed.
[root@localhost ~]#
- 添加key认证,免密码登陆
[server@localhost ~]$ ssh-keygen #生成密钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/home/server/.ssh/id_rsa):
Created directory '/home/server/.ssh'.
Enter passphrase (empty for no passphrase): #直接回车不添加
Enter same passphrase again:
Your identification has been saved in /home/server/.ssh/id_rsa.
Your public key has been saved in /home/server/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:CwLPbgDUDAliuAiFe69bEWJN2raeyw5Qc1GaUr+Ocj0 server@localhost
The key's randomart image is:
+---[RSA 2048]----+
|=** +.. |
|B. O = |
|+oO O . |
|++.X o . |
|....* o S |
| . +.B . . |
| o.O E . |
| .B . . |
| .o+ |
+----[SHA256]-----+
[server@localhost ~]$ ssh-copy-id yonghu@192.168.1.111 #把公钥文件上传到对应用户
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/server/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.111 (192.168.1.111)' can't be established.
RSA key fingerprint is SHA256:7oVlQO5rj8RWD0uXREAYX1Z/YSgSpKg0YMUywjTnHrA.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
yonghu@192.168.1.111's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'yonghu@192.168.1.111'"
and check to make sure that only the key(s) you wanted were added.
[server@localhost ~]$ ssh yonghu@192.168.1.111 #这时就可以不用输入密码直接登入了
[yonghu@ton ~]$ ls
- 涉及到的命令
ssh-keygen -t rsa #生成密钥对
ssh-keygen -t dsa # -t type #密钥类型
ssh-copy-id -i ~/.ssh/id_rsa.pub root@ton.tom #-i identity_file 将本机的公钥复制到远程用户地址上
/etc/ssh/sshd_config需对应配置文件
Port 22
Protocol 2
PermitRootLogin yes #允许root可以ssh登陆
PubkeyAuthentication yes #设置密钥对的访问方式
PasswordAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
tips:
使用 ssh 加命令 的方式比较安全
同时为了连接方便可以使用alias
alias ton="ssh root@ton.tom " (hostname后面加多一个空格以免后面命令连接上来,同时可将alias写入~/.bashrc中)
执行时直接
ton "mkdir /tmp/test"
[root@localhost ~]# ssh root@192.168.1.111 "ls /home"
root@192.168.1.111's password:
bincopy.sh
initrd.img
iso
pub
tom
vmlinuz
yonghu
[root@localhost ~]#
- SecureCRT公钥连接主机(即crt与主机间的免密认证登陆)
tools -> create public key -> 选择加密算法
rsa 并且加密长度设置最长
保存成id_rsa
生成全局id_rsa.pub选择生成OpenSSH 密钥格式
拷贝其中公钥id_rsa.pub的内容到服务器上的.ssh文件夹下的authorized_keys文件中
authorized_keys 可直接手动创建
![](https://i-blog.csdnimg.cn/blog_migrate/4fab7841d484db737db0e44a0d2dbff4.png)
#手动创建需如下
-rw------- 1 tom tom 381 Jul 26 07:28 authorized_keys ----注意属组与权限600
drwx------ 2 tom tom 4096 Jul 26 07:28 .ssh ----目录属组与权限700
文件传输
- 使用scp命令直接上传文件到ssh用户端
[server@localhost ~]$ scp tom.txt yonghu@192.168.1.111:/home/yonghu #上传
[server@localhost ~]$ scp yonghu@192.168.1.111:/tmp/3.txt ./ #下载到本地当前目录下
-p 保留文件的时间和权限 preserve
-r 递归 recursive
-C 压缩传输时的数据流
- 同步rsync
rsync -av root@192.168.1.111:/var/log /server/ 将服务器上的整个目录同步到当前 ./server目录下
scp拷贝比较生硬,没有分析文件不同,rsync则不同
rsync会比scp更好传输文件他会发送文件的时间,大小,和md5来判断文件是否需要重传
- sftp
[server@localhost ~]$ sftp yonghu@192.168.1.111
Connected to yonghu@192.168.1.111.
sftp> put tom.txt #上传
Uploading tom.txt to /home/yonghu/tom.txt
tom.txt 100% 0 0.0KB/s 00:00
sftp> get /tmp/3.txt #从服务器端下载
Fetching /tmp/3.txt to 3.txt
sftp> exit
如果遇到ftp connection refused,可以 service vsftpd restart
ftp遇到的错误
ftp: root@192.168.3.139: Temporary failure in name resolution
#网关配置问题
ftp: root@192.168.3.139: Name or service not known
sudo iptables -F #可关闭iptables
- lftp - Sophisticated file transfer program
mget *.iso 下载多个文件
lcd 切换本地下载目录
get [OPTS] <rfile> [-o <lfile>][root@localhost ~]# lftp -u root,123456 192.168.1.11 / user:passwd
lftp root@192.168.1.111:~> pwd 打印出一个ftp链接
ftp://root:123456@192.168.1.111/%2Froot可使用root去ftp
vsftpd/ user_list
vsftpd/ ftpusers
- nfs
NFS /etc/export配置
/var/ftp/pub 192.168.1.0/255.255.255.0(ro,async)
Centos8 重启网络service 命令
restart NetworkManager.service
Ubuntu16.04 重启网络service 命令
service networking restart