SSH是一种用于加密网络连接的协议,常用于远程登录。它支持多种身份验证机制,包括密码和密钥对验证。通过ssh-keygen可以生成密钥对,ssh-copy-id用于将公钥传送到远程服务器,实现无密码登录。此外,SSH还包含scp用于安全文件复制,sftp则提供安全的文件传输功能。
SSH服务
SSH是一种网络协议,用于计算机之间的加密登录
概念 安全外壳协议,提供安全可靠的远程连接
其特点 ssh是工作在传输层和应用层的协议 提供了多种身份验证机制
身份验证机制
密码验证需要提供密码
密钥对验证无需提供密码,直接登录
ssh提供了一组管理命令
ssh
scp
sftp
ssh-copy-id 验证过程
客户端发起请求
确认是否保存指纹信息,yes确认保存
输入目标主机密码
打开子shell建立会话
若退出,则使用exit
1.ssh 作用:远程连接的客户端工具
准备yuto2 和 yuto3 演示 首先查看yuto3的IP 客户端以yuto2的用户身份登录到服务器
这里创建一个好辨认的目录
这里我们直接ssh 加IP 192.168.15.254 等他弹出我们输入yes 在接着输入yuto3的密码
客户端使用yuto2的用户身份不登录到服务器,执行查看服务器网卡配置文件的内容
[root@localhost ~]# ssh 192.168.15.254 cat /etc/sysconfig/network-scripts/ifcfg-ens33
root@192.168.15.254's password:
TYPE=Ethernet
BOOTPROTO=static
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.15.254
PREFIX=24
GATEWAY=192.168.15.254
没有绝对的客户端和服务器,主要是看谁是发起端,谁是接收端配置文件解析
2.scp的用法远程复制 将yuto2的12.txt复制到yuto3
去yuto3查看
从tuto3里把刚刚复制过去的在拿回来
3.现在我们看sftp 输入 yuto3的IP地址 输入phel可以看到我们可以干什么
[root@localhost ~]# sftp 192.168.15.254
root@192.168.15.254's password:
Connected to 192.168.15.254.
sftp>
sftp> help
Available commands:
bye Quit sftp
cd path Change remote directory to 'path'
chgrp grp path Change group of file 'path' to 'grp'
chmod mode path Change permissions of file 'path' to 'mode'
chown own path Change owner of file 'path' to 'own'
df [-hi] [path] Display statistics for current directory or
filesystem containing 'path'
exit Quit sftp
get [-afPpRr] remote [local] Download file
reget [-fPpRr] remote [local] Resume download file
reput [-fPpRr] [local] remote Resume upload file
help Display this help text
lcd path Change local directory to 'path'
lls [ls-options [path]] Display local directory listing
lmkdir path Create local directory
ln [-s] oldpath newpath Link remote file (-s for symlink)
lpwd Print local working directory
ls [-1afhlnrSt] [path] Display remote directory listing
lumask umask Set local umask to 'umask'
mkdir path Create remote directory
progress Toggle display of progress meter
put [-afPpRr] local [remote] Upload file
pwd Display remote working directory
quit Quit sftp
rename oldpath newpath Rename remote file
rm path Delete remote file
rmdir path Remove remote directory
symlink oldpath newpath Symlink remote file
version Show SFTP version
!command Execute 'command' in local shell
! Escape to local shell
? Synonym for help
[点击并拖拽以移动]
我想要他的3.txt get/3.txt 就拿过来了
4.密钥对验证
提供免交互的密码验证
客户端生成密钥对 ssh-keygen
客户端将公钥上传至服务器ssh-copy-id客户端
/etc/ssh/ssh.config客户端的全局配置文件
~/.ssh/known_hosts 客户端存储主机指纹的文件
~/.ssh.id_rsa客户端生成的私钥 只有生成密钥才会出现
~/.ssh.id_rsa.pub客户端生成的公钥
1.生成密钥 输入ssh-keygen 一路回车 就生成好了
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ZJYzj8r/HLA9GSvBqyCePAcV6v1l6WUDNyR/yPmybMw root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| |
| . ... |
| . . B= o |
| . . =.=B . |
| . o S+o+ |
| o .. .+*=+. |
| ....o++**+ |
| o.o...o.oEo |
| +o . .oo |
+----[SHA256]-----+
2将公钥传入服务器 ssh-copy-id 192.168.15.264
[root@localhost .ssh]# ssh-copy-id 192.168.15.254
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.15.254's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.15.254'"
and check to make sure that only the key(s) you wanted were added.
在登陆服务端就不需要密码了
扫一扫
7373
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
