远程连接服务器实验
实验要求:开启两台主机能够实现两台主机互相远程连接实现免密登录(基于密钥验证)
- 服务端(111)安装openssh-server包
开启两台虚拟机,ip分别为111/222
[root@localhost ~]# yum install -y openssh-server
- 客户端(222)创建密钥对。
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:weY0vAXlcUatMn1ltzrC7S4KA1G+DyCm9RgLm6RM6aI root@localhost
The key's randomart image is:
+---[RSA 3072]----+
| ...o.+. |
| . oo o + . +|
| = = o .B o. . oo|
|* B * o+.=o o .. |
|o* o o oS .o... |
|o . o o + |
|E o . o . |
| o . . |
| .. o. |
+----[SHA256]-----+
查看密钥对是否创建成功。
[root@localhost ~]# ll /root/.ssh
total 8
-rw-------. 1 root root 2655 Nov 12 16:58 id_rsa
-rw-r--r--. 1 root root 568 Nov 12 16:58 id_rsa.pub
- 将客户端(222)产生的公钥传给要登录服务端(111)的root用户家目录下.ssh/目录下,文件名为authorized.key。
[root@localhost ~]# cd /root/.ssh
[root@localhost .ssh]# ssh-copy-id root@192.168.242.111
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.242.111 (192.168.242.111)' can't be established.
ECDSA key fingerprint is SHA256:8hSzrHFlrIQfAHHvB7A6WZsgBmcV494Cns0iPqKUJLU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.242.111's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.242.111'"
and check to make sure that only the key(s) you wanted were added.
- 在服务端(111)要被登录的root用户家目录下.ssh/目录下查看公钥文件是否成功。
[root@localhost ~]# cd /root/.ssh
[root@localhost .ssh]# ll
total 16
-rw-------. 1 root root 568 Nov 12 17:01 authorized_keys
- 服务端(111)关闭防火墙和selinux。
[root@localhost .ssh]# systemctl stop firewalld
[root@localhost .ssh]# setenforce 0
[root@localhost .ssh]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enab>
Active: inactive (dead) since Thu 2020-11-12 17:04:07 CST; 17s >
Docs: man:firewalld(1)
Process: 1125 ExecStart=/usr/sbin/firewalld --nofork --nopid $FI>
Main PID: 1125 (code=exited, status=0/SUCCESS)
Nov 12 16:08:05 localhost systemd[1]: Starting firewalld - dynamic>
Nov 12 16:08:24 localhost systemd[1]: Started firewalld - dynamic >
Nov 12 16:08:27 localhost firewalld[1125]: WARNING: AllowZoneDrift>
Nov 12 17:03:52 localhost systemd[1]: Stopping firewalld - dynamic>
Nov 12 17:04:07 localhost systemd[1]: Stopped firewalld - dynamic >
[root@localhost .ssh]# getenforce
Permissive
- 在服务端(111)重启sshd服务。
[root@localhost .ssh]# systemctl restart sshd
[root@localhost .ssh]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; >
Active: active (running) since Thu 2020-11-12 17:05:45 CST; 6s >
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 3276 (sshd)
Tasks: 1 (limit: 4688)
Memory: 1.9M
CGroup: /system.slice/sshd.service
└─3276 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.c>
Nov 12 17:05:44 localhost systemd[1]: Starting OpenSSH server daem>
Nov 12 17:05:45 localhost sshd[3276]: Server listening on 0.0.0.0 >
Nov 12 17:05:45 localhost sshd[3276]: Server listening on :: port >
Nov 12 17:05:45 localhost systemd[1]: Started OpenSSH server daemo>
lines 1-15/15 (END)
- 客户端(222)远程连接服务端(111).
[root@localhost .ssh]# ssh root@192.168.242.111
2829
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
