SSH
SSH
作用:
安全shell,用于登录远程主机并且在远程主机执行命令的
telnet
明文密码
客户端 服务端
[root@localhost ~]# ssh
ssh ssh-agent sshd ssh-keyscan ssh-add ssh-copy-id ssh-keygen
//服务端 //客户端
SSH客户端:
配置文件:/etc/ssh/ssh_config
ssh
xshell
putty
securecrt
SSH服务端:
配置文件:/etc/ssh/sshd_config 重启sshd才会生效
[root@localhost ~]# service sshd restart
sshd
依赖软件:
[root@localhost ~]# which ssh
/usr/bin/ssh
[root@localhost ~]# rpm -qf /usr/bin/ssh
openssh-clients-5.3p1-117.el6.x86_64
[root@localhost ~]# which sshd
/usr/sbin/sshd
[root@localhost ~]# rpm -qf /usr/sbin/sshd
openssh-server-5.3p1-117.el6.x86_64
在Linux上登录另一个linux
linux上的ssh使用
[root@localhost ~]# ssh 172.16.88.191
登录方式
LINUX平台:
ssh -p 200
u1@172.16.88.191
WINDOWS平台:
shh u1@172.16.80.191 200
用ssh连接远程主机,登录用户是以当前用户身份登录远程shell
自动认为远程主机也有与当前用户名相同的用户
ssh连接:连接出错
2级别,3级别
[root@localhost ~]# chkconfig --list |grep sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost ~]# chkconfig sshd off
[root@localhost ~]# chkconfig --list |grep sshd
sshd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~]# chkconfig sshd on
[root@localhost ~]# chkconfig --list |grep sshd
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost ~]# service sshd status
openssh-daemon (pid 1765) is running...
[root@localhost ~]#
公钥:
(首次连接时提示)
加密,将明文的字符串改为密文的字符串
加密算法:
- 对称,密钥只有1个
- 非对称,密钥有2个(公钥,私钥)
- 公钥,私钥成对使用,互相加解密,单一没用,不能通过一方算出另一方
- 公钥可以对外公开(public)
- ,私钥不能公开,私人所有(妥善保管)(private)
常用:
数据加密(保密性)
用公钥加密,私钥解密
123---公钥》1#a(公钥加密之后)
1#a---私钥》123(私钥解密)
数字签名(唯一性)
用私钥加密,用公钥解密
123---hash(哈希)>>摘要值---私钥》密文
123和密文---------》对方
密文---公钥》摘要值
123---hash(哈希)>>摘要值
两个摘要值比较,如果相同,就没问题,否则,有问题
第一次连接:
The authenticity of host '172.16.50.59 (172.16.50.59)' can't be established.
RSA key fingerprint is 9f:42:70:b5:79:0c:1d:38:de:6e:80:f8:31:b0:3d:e0.
Are you sure you want to continue connecting (yes/no)?
know_hosts文件
存在客户端
内容是曾经连接过的服务器的公钥
免密登录
前提:配置好ssh的互信(单向)
1、生成客户机(u1)的私钥公钥(家目录/.ssh/(隐藏文件))
[root@localhost ~]# su zzh
[zzh@localhost ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/zzh/.ssh/id_rsa):
Created directory '/home/zzh/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/zzh/.ssh/id_rsa.
Your public key has been saved in /home/zzh/.ssh/id_rsa.pub.
The key fingerprint is:
52:08:16:c2:80:16:c8:08:a7:a9:4f:c6:e5:7a:e8:8b zzh@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|O++ +. |
|+*.o . . |
|+ . . . |
|.. o . |
|. + . . S |
| + o . |
| + . |
| o . |
|E o. |
+-----------------+
su u1
ssh -keygen
id_rsa (存放私钥的文件)
[是否设置密码(保护私钥文件)]:
id_rsa.pub (存放公钥的文件)
2、将公钥放到远程主机(服务端)上的某个用户名下
命令:ssh-copy-id u2@172.16.88.191(另一个主机)
[zzh@localhost .ssh]$ ssh-copy-id u1@172.16.88.191
u1@172.16.88.191's password:
Now try logging into the machine, with "ssh 'u1@172.16.88.191'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.