SSH
SSH为Secure Shell(安全Shell协议)的缩写,是专为远程登录会话和其他网络服务提供安全性的协议,并且利用ssh协议可以有效防止远程管理过程中的信息泄露问题。
1.安装openssh
#rpm -qa | grep openssh (查询,本机已安装openssh,四个安装包都需要安装)
openssh-server-5.3p1-84.1.el6.x86_64 服务端
openssh-5.3p1-84.1.el6.x86_64 通用组件库
openssh-clients-5.3p1-84.1.el6.x86_64 客户端
openssh-askpass-5.3p1-84.1.el6.x86_64 建立会话用的工具和库文件
2.ssh远程登录
#ssh -l USERNAME REMOTE_HOST 后面可以加一条命令['COMMAND'],执行完命令就退出
or
#ssh USERNAME@REMOTE_HOST
实例:
[root@admin2 ~]# ssh -l root 192.168.23.151
The authenticity of host '192.168.23.151 (192.168.23.151)' can't be established.主机真实性无法确立
RSA key fingerprint is 0a:9f:bc:43:31:12:98:29:6b:b2:99:af:dc:1a:1d:69.密钥指纹
Are you sure you want to continue connecting (yes/no)? yes是否确定继续连接
Warning: Permanently added '192.168.23.151' (RSA) to the list of known hosts.永久添加'192.168.23.151' (RSA)到主机列表
root@192.168.23.151's password: 输入登录密码
Last login: Wed Aug 29 16:14:37 2018 from 192.168.23.1
连接成功,远程主机的公钥会保存在$HOME/.ssh/known_hosts文件中,下次再次连接时识别到公钥则不会出现是否连接的警告。
3.ssh免密码登录
admin2为客户端,admin为服务器端
(1)生成密钥
.ssh目录得权限必须为700,否则公钥不能生效
#ssh-keygen -t {rsa | dsa } -f /path/to/keyfile -N 'passwd'
-t:密钥类型
-f:存放密钥的路径
-N:设置登录密码
[root@admin2 ~]# ssh-keygen -t rsa or ssh-keygen -t rsa -f .ssh/id_rsa -N ' '
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):存放密钥的路径
Enter passphrase (empty for no passphrase):设置登录密码为空
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
17:8b:fd:5b:cb:aa:cc:78:2e:85:d8:d8:9b:ab:d6:e4 root@admin2
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| o o |
| =S.+ |
| o =... |
| + + . . |
| . E+. + . |
| ...o==.o.o |
+-----------------+
(2)将公钥传输至服务器某用户的$HOME/.ssh/authorized_keys文件中
#ssh-copy-id -i /path/to/pubkey USERNAME@REMOTEHOST
[root@admin2 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.23.151
root@192.168.23.151's password:
Now try logging into the machine, with "ssh 'root@192.168.23.151'", and check in:.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
也可以使用scp传输
#scp [options] SRC:DEST
[root@admin2 ~]# scp .ssh/id_rsa.pub root@192.168.23.151:/root
id_rsa.pub 100% 393 0.4KB/s 00:00[root@admin ~]# cat id_rsa.pub >> .ssh/authorized_keys
ssh-copy-id直接将公钥追加到authorized.keys文件中,更加方便,建议使用ssh-copy-id命令。
3.登录验证
免密码登录
[root@admin2 ~]# ssh -l root 192.168.23.151
Last login: Wed Aug 29 16:48:45 2018 from 192.168.23.151
[root@admin ~]#
免密码登录成功!