1.查询两台主机有无ssh服务软件
#主机1
rpm -qa | grep ssh
libssh-config-0.9.6-3.el9.noarch
libssh-0.9.6-3.el9.x86_64
openssh-8.7p1-24.el9_1.x86_64
openssh-clients-8.7p1-24.el9_1.x86_64
openssh-server-8.7p1-24.el9_1.x86_64
#主机2
rpm -qa | grep ssh
libssh-0.10.5-1.oe2309.x86_64
openssh-9.3p1-2.oe2309.x86_64
openssh-server-9.3p1-2.oe2309.x86_64
openssh-clients-9.3p1-2.oe2309.x86_64
2.确认ssh服务开启
#主机1
systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-01-11 19:36:22 CST; 52min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 915 (sshd)
Tasks: 6 (limit: 21289)
Memory: 20.0M
CGroup: /system.slice/sshd.service
├─ 915 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
├─4717 "sshd: root [priv]"
├─4721 "sshd: root@pts/0"
├─4722 -bash
├─4795 systemctl status sshd
└─4796 less
1月 11 19:36:22 localhost systemd[1]: Starting OpenSSH server daemon...
1月 11 19:36:22 localhost sshd[915]: Server listening on 0.0.0.0 port 22.
1月 11 19:36:22 localhost sshd[915]: Server listening on :: port 22.
1月 11 19:36:22 localhost systemd[1]: Started OpenSSH server daemon.
1月 11 20:18:20 localhost.localdomain sshd[4717]: Connection from 192.168.137.1 port 49913 on 192.168.137.139 port 22 rdomain ""
1月 11 20:18:26 localhost.localdomain sshd[4717]: Accepted password for root from 192.168.137.1 port 49913 ssh2
1月 11 20:18:26 localhost.localdomain sshd[4717]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)
1月 11 20:18:26 localhost.localdomain sshd[4717]: User child is on pid 4721
1月 11 20:18:26 localhost.localdomain sshd[4721]: Starting session: shell on pts/0 for root from 192.168.137.1 port 49913 id 0
#主机2
systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
Active: active (running) since Thu 2024-01-11 19:36:22 CST; 52min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 915 (sshd)
Tasks: 6 (limit: 21289)
Memory: 20.0M
CGroup: /system.slice/sshd.service
├─ 915 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
├─4717 "sshd: root [priv]"
├─4721 "sshd: root@pts/0"
├─4722 -bash
├─4795 systemctl status sshd
└─4796 less
1月 11 19:36:22 localhost systemd[1]: Starting OpenSSH server daemon...
1月 11 19:36:22 localhost sshd[915]: Server listening on 0.0.0.0 port 22.
1月 11 19:36:22 localhost sshd[915]: Server listening on :: port 22.
1月 11 19:36:22 localhost systemd[1]: Started OpenSSH server daemon.
1月 11 20:18:20 localhost.localdomain sshd[4717]: Connection from 192.168.137.1 port 49913 on 192.168.137.139 port 22 rdomain ""
1月 11 20:18:26 localhost.localdomain sshd[4717]: Accepted password for root from 192.168.137.1 port 49913 ssh2
1月 11 20:18:26 localhost.localdomain sshd[4717]: pam_unix(sshd:session): session opened for user root(uid=0) by root(uid=0)
1月 11 20:18:26 localhost.localdomain sshd[4717]: User child is on pid 4721
1月 11 20:18:26 localhost.localdomain sshd[4721]: Starting session: shell on pts/0 for root from 192.168.137.1 port 49913 id 0
状态为active(running)表示该服务正常运行,可以进行连接
3.ssh服务默认端口为22(端口号应该大于1024)
4.生成非对称密钥
[root@csa ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 123456
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in 123456
Your public key has been saved in 123456.pub
The key fingerprint is:
SHA256:uiqUSkI6YXDMRumoEhVMGwkAhxLI+FBRpmEiUCyB3Bs root@csa
The key's randomart image is:
+---[RSA 3072]----+
|^#&*o |
|@*@E |
|oXo o |
|+oo. |
|=o . S |
|*.o . |
|++ . |
|. . . |
| .... |
+----[SHA256]-----+
5.关闭服务端防火墙
[root@csa ~]# systemctl stop firewalld.service
6.查看
id_rsa:储存私钥的文件
id_rsa.pub:储存公钥的文件
[root@csa ~]# ll .ssh/
总用量 8
-rw-------. 1 root root 2590 1月 11 20:42 id_rsa
-rw-r--r--. 1 root root 562 1月 11 20:42 id_rsa.pub
7.将生成的公钥发给需要免密登录的设备
[root@localhost ~]# ssh-copy-id 192.168.137.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.137.129 (192.168.137.129)' can't be established.
ED25519 key fingerprint is SHA256:PtstggHhcP1MJ7Idbip7gOen/4oItyg9nGb8ZYMpQKI.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.137.129's password:
Permission denied, please try again.
root@192.168.137.129's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.137.129'"
and check to make sure that only the key(s) you wanted were added.
8.在对端查看ssh配置文件
[root@csa ~]# ll .ssh/
总用量 20
-rw-------. 1 root root 580 1月 11 20:45 authorized_keys
-rw-------. 1 root root 2590 1月 11 20:42 id_rsa
-rw-r--r--. 1 root root 562 1月 11 20:42 id_rsa.pub
-rw-------. 1 root root 666 1月 11 20:46 known_hosts
-rw-r--r--. 1 root root 97 1月 11 20:45 known_hosts.old
9.直接登录服务端,登录成功后,对端会将公钥传回
[root@csa ~]# ssh 192.168.137.140
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported.
Last login: Thu Jan 11 20:36:16 2024 from 192.168.137.1
Welcome to 6.4.0-10.1.0.20.oe2309.x86_64