主机A使用ssh登录到主机B
- 1、主机A操作如下
[root@A .ssh]# ssh-keygen #生成秘钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): #直接回车,默认存放路径
Enter passphrase (empty for no passphrase): #设置秘钥密码,直接回车代表无
Enter same passphrase again: #再次设置秘钥密码,直接回车代表无
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:l5zUtKOC1v7BAeG2O7m64ZVGBnye4gZTdVLzvovRpA8 root@fudanwuxinginxb
The key's randomart image is:
+---[RSA 2048]----+
| +.+ . |
| . o + = . |
| + = . = |
| . B * = . |
| o + S B o |
| = = B = . |
| + O E o |
| o + + * . |
| +o. o o |
+----[SHA256]-----+
[root@A .ssh]# ssh-copy-id root@192.168.10.158 #将秘钥传输到主机B(root为主机B上的用户,192.168.10.158为主机B的地址)
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.158's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.10.158'"
and check to make sure that only the key(s) you wanted were added.
[root@A .ssh]# ssh root@192.168.10.158 #使用ssh进行登录主机B
Enter passphrase for key '/root/.ssh/id_rsa': #因为我设置了秘钥密码,所以此处需要输入秘钥密码,否则会直接进入系统
Last login: Sun Sep 2 14:27:10 2018 from 192.168.10.178
[root@fudanwuxi ~]# - 2、主机B上进行查看(/root/.ssh目录下的authorized_keys文件)
[root@B ~]# cd /root/
[root@B ~]# ll -a
总用量 40
dr-xr-x---. 6 root root 253 9月 1 19:29 .
dr-xr-xr-x. 17 root root 224 5月 14 12:45 ..
-rw-------. 1 root root 1783 5月 14 12:46 anaconda-ks.cfg
-rw-------. 1 root root 305 9月 1 19:59 .bash_history
-rw-r--r--. 1 root root 18 12月 29 2013 .bash_logout
-rw-r--r--. 1 root root 176 12月 29 2013 .bash_profile
-rw-r--r--. 1 root root 176 12月 29 2013 .bashrc
drwx------. 4 root root 31 5月 14 13:02 .cache
drwx------. 4 root root 30 5月 14 13:02 .config
-rw-r--r--. 1 root root 100 12月 29 2013 .cshrc
drwx------. 3 root root 25 5月 14 12:52 .dbus
-rw-r--r--. 1 root root 1831 5月 14 12:53 initial-setup-ks.cfg
drwx------. 2 root root 29 9月 2 14:29 .ssh
-rw-r--r--. 1 root root 129 12月 29 2013 .tcshrc
-rw-------. 1 root root 595 9月 1 19:16 .viminfo
-rw-------. 1 root root 108 5月 14 13:02 .xauthBwvZib
[root@B ~]# cd .ssh
[root@B .ssh]# ll -a
总用量 4
drwx------. 2 root root 29 9月 2 14:29 .
dr-xr-x---. 6 root root 253 9月 1 19:29 ..
-rw-------. 1 root root 402 9月 2 14:29 authorized_keys- 扩展
1、只许秘钥验证,拒绝传统密码验证
[root@B .ssh]# vi /etc/ssh/ssh_config #修改主机B的ssh配置文件
PasswordAuthentication yes #将yes修改为no2、在主机B上将主机A登陆的会话踢除
[root@B ~]# w
14:39:37 up 1 day, 23:30, 4 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
guest :0 :0 14May18 ?xdm? 19:10 0.53s /usr/libexec/g
guest pts/0 :0 14May18 111days 0.60s 4.02s /usr/libexec/g
root pts/1 192.168.10.17 Sat11 1.00s 0.23s 0.05s w
root pts/2 192.168.10.178 14:29 9.00s 0.12s 0.12s -bash
[root@B ~]# pkill -kill -t pts/2 #将ssh登陆的用户踢除
[root@B ~]# w
14:40:11 up 1 day, 23:31, 3 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
guest :0 :0 14May18 ?xdm? 19:11 0.53s /usr/libexec/g
guest pts/0 :0 14May18 111days 0.60s 4.02s /usr/libexec/g
root pts/1 192.168.10.17 Sat11 3.00s 0.19s 0.01s w
[root@B ~]# 
507
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
