ssh免密通道
什么是ssh?
1.secure ssh
OpenSSH 是使用了 SSH 协议进行远程登录的首要连接工具,它加密所有的流量以消除窃听,连接劫持和其它攻击,此外,OpenSSH提供了大量的安全隧道功能,多种身份验证方法和复杂的配置选项。
ssh 加密 端口 22 --》远程控制服务器,中间传输的数据是加密的
- 准备两台虚拟机,一台做客户机,一台服务器
步骤一:
在客户机登录,并创建秘钥对:
# ssh- 按tab键
[root@localhost ssh]# ssh-
ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan
#ssh-keygen 生成秘钥对
#ssh-copy-id 发送公钥
步骤二:生成秘钥对
#一路回车
[root@localhost .ssh]# ssh-keygen -t ecdsa #生成秘钥对, 生成ecdsa类型的秘钥
Generating public/private ecdsa key pair.
Enter file in which to save the key (/root/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase): #passphrase 口令:生成一个口令,免密通道不需要设置
Enter same passphrase again: # 核对口令
Your identification has been saved in /root/.ssh/id_ecdsa.#私钥白村位置
Your public key has been saved in /root/.ssh/id_ecdsa.pub.#公钥保存位置
The key fingerprint is:
SHA256:EoSLpJ8FdLTYx5XNXI4Vo2ydXGWyTNz+34dKVd8bv8w root@localhost.localdomain
The key's randomart image is:
+---[ECDSA 256]---+
| ...o.. .= .=o+oo|
| o+.+ ...+B *.+.|
| o.oo.+ = = o..|
|. . o. . . .+|
| . o . S ..+|
| o . . =|
| . o+|
| . + =|
| .. E.|
+----[SHA256]-----+
[root@localhost .ssh]#
步骤三:查看生成的秘钥,并且上传到服务器
[root@localhost /]# cd /root/.ssh/ #密钥对保存路径
[root@localhost .ssh]# ls
id_ecdsa id_ecdsa.pub known_hosts
[root@localhost .ssh]# ll
总用量 12
-rw------- 1 root root 227 11月 29 17:16 id_ecdsa#秘钥不能设置为 777 否则失效
-rw-r--r-- 1 root root 188 11月 29 17:16 id_ecdsa.pub
-rw-r--r-- 1 root root 177 11月 29 15:22 known_hosts
**上传秘钥到服务器:**
# i 公钥存放位置
[root@localhost .ssh]# ssh-copy-id -i id_ecdsa.pub root@192.168.147.135
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_ecdsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.147.135's password: #需要输入登录密码
Number of key(s) added: 1 #成功传入秘钥
Now try logging into the machine, with: "ssh 'root@192.168.147.135'"
and check to make sure that only the key(s) you wanted were added.
#使用ssh 'root@192.168.147.135' 命令登录服务器
步骤四:验证免密通道
[root@localhost .ssh]# ssh root@192.168.147.135
Last failed login: Tue Nov 30 01:27:28 CST 2021 from 192.168.147.134 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Mon Nov 29 23:47:34 2021 from 192.168.147.134
# 登录成功
退出登录:
[root@localhost ~]# exit
登出
Connection to 192.168.147.135 closed.
ssh命令的使用:
未登录 情况下远程执行 操作(创建文件夹)
#客户端:
root@localhost ~]# ssh root@192.168.147.135 mkdir ~/liangxi/test
[root@localhost ~]# ls
########################
#服务器端:
[root@localhost liangxi]# ls
arr.sh dage.txt mkdir_test.sh test yuancheng_test.sh
#服务器上新建了一个 test文件夹
ssh远程执行脚本:
# 加入 sudo 选项 在服务器 /etc/log/
[root@localhost ~]# ssh root@192.168.147.135 sudo bash ~/liangxi/test.sh
1
2
3
4
5
6
7
8
9
10
# 日志存放路径
[root@localhost liangxi]# tail -f /var/log/secure
Nov 30 02:27:47 localhost sshd[12161]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 30 02:27:47 localhost sudo: root : TTY=unknown ; PWD=/root ; USER=root ; COMMAND=/bin/bash /root/liangxi/test.sh
scp命令的使用:
未登录的情况下上传文件:
[root@localhost ~]# mkdir tuisong # 本地创建一个文件
[root@localhost ~]# ls
anaconda-ks.cfg ckl dstat_minitor.csv monitor.csv Nginx tuisong
[root@localhost ~]# rm -rf tuisong/
[root@localhost ~]# cat > tuisong
推送文件
# 推送文件到服务器 ~/liangxi 目录下:
[root@localhost ~]# scp tuisong root@192.168.147.135:~/liangxi
tuisong 100% 13 13.2KB/s 00:00
# 上传成功
下载文件:
# 下载文件 到当前目录
[root@localhost ~]# scp root@192.168.147.135:~/liangxi/arr.sh .
arr.sh 100% 524 333.3KB/s 00:00
[root@localhost ~]# ls
anaconda-ks.cfg arr.sh ckl dstat_minitor.csv monitor.csv Nginx tuisong
下载整个文件夹:
# 下载文件夹 需要 接 -r 选项
[root@localhost ~]# scp -r root@192.168.147.135:~/liangxi/ ~/
mkdir_test.sh 100% 73 92.6KB/s 00:00
arr.sh 100% 524 868.1KB/s 00:00
dage.txt 100% 46 64.2KB/s 00:00
yuancheng_test.sh 100% 535 537.3KB/s 00:00
tuisong 100% 13 18.9KB/s 00:00
sftp 命令使用:
sftp是通过ssh协议来实现sftp功能:
文件传输协议(File Transfer Protocol)
1.上传文件
2.下载文件
使用sftp远程登录
[root@localhost ~]# sftp root@192.168.147.135
Connected to 192.168.147.135.
sftp>
命令切换:
sftp> pwd # 查看服务器当前路径
Remote working directory: /root
sftp> !pwd # ! 查看客服端当前的路径
/root
sftp> !ls
anaconda-ks.cfg arr.sh ckl dstat_minitor.csv liangxi monitor.csv Nginx tuisong
sftp> !rm -rf liangxi # 删除本地文件
下载与上传文件:
sftp> get test.sh # 下载
Fetching /root/liangxi/test.sh to test.sh
/root/liangxi/test.sh 100% 36 36.8KB/s 00:00
sftp其它命令:
# 删除服务器文件夹
sftp> rmdir test1
# 删除文件
sftp> rm arr.sh
Removing /root/liangxi/arr.sh
# help 或者 ? 可以查看命令的使用