码迷,mamicode.com
首页 > Web开发 > 详细

linux——ssh远程访问,密钥的生成以及公钥的使用,上传与下载

时间:2018-07-30 18:03:10      阅读:235      评论:0      收藏:0      [点我收藏+]

标签:been   info   lib   proc   生成密钥   sam   远程服务器   客户端   keygen   

1.说明密钥认证的过程
连接ssh服务——ssh-keygen生成密钥(公钥,私钥)——ssh-copy-id 将公钥传输至远程服务器——访问远程服务端——scp跨主机上传以及复制下载

我方用户创建密钥后,将公钥传输给对方用户,对方将信任我方,我方可免密码访问


2.手动配置密钥认证登陆
//连接ssh

[root@localhost ~]# ssh root@192.168.56.13     //1号ssh登入2号(也可2号直接生成密钥)
The authenticity of host ‘192.168.56.13 (192.168.56.13)‘ can‘t be established.
ECDSA key fingerprint is SHA256:mew0e7pEB0HDYWtnCCYbYopmwO7dYS7T7oySpZ+cfqg.
ECDSA key fingerprint is MD5:59:75:45:71:cd:34:a2:d3:df:5e:fc:cb:16:9a:04:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.56.13‘ (ECDSA) to the list of known hosts.
root@192.168.56.13‘s password:
Last login: Mon Jul 30 15:05:55 2018 from 192.168.56.1

//生成密钥

[root@localhost ~]# ssh-keygen -t rsa                  //生成密钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:iEujOIJR4THdKHLM5L1XD6aUYF2rKxwPKPgFMyPCaEc root@localhost.localdomain
The key‘s randomart image is:
+---[RSA 2048]----+
| +=Eo+ ..        |
|+o**o.o. .       |
|+=Oo. o =        |
|+o.* + * o       |
|+ . O = S .      |
|.= = B .         |
|= o + o          |
|..   .           |
|                 |
+----[SHA256]-----+
[root@localhost ~]# ls .ssh/                                        //查看隐藏中的ssh
id_rsa  id_rsa.pub

//ssh-copy-id 将公钥传输至需访问的客户端

[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.56.11                     //将在登入2号创建的公钥传输至1号
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host ‘192.168.56.11 (192.168.56.11)‘ can‘t be established.
ECDSA key fingerprint is SHA256:mFtHEvI1K3YUxeD7NAkROmKmlWRdR1iNOxgUI4lLFhM.
ECDSA key fingerprint is MD5:37:2c:a4:4c:e6:25:20:21:e4:07:e4:87:50:cc:69:05.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.56.11‘s password:
Permission denied, please try again.
root@192.168.56.11‘s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘root@192.168.56.11‘"
and check to make sure that only the key(s) you wanted were added.

[root@localhost ~]# exit                                                       //登出2号
[root@localhost ~]# ssh root@192.168.56.11                      //返回1号
root@192.168.56.11‘s password:
Last login: Mon Jul 30 14:52:50 2018 from 192.168.56.1

[root@localhost ~]# ls -a                                                        //公钥已到达
.                .bash_history  .cache   .esd_auth             .redhat  .test.sh.swp  模板  下载
..               .bash_logout   .config  .ICEauthority         .ssh     .viminfo      视频  音乐
123              .bash_profile  .cshrc   initial-setup-ks.cfg  .tcshrc  .xauthS1SUwn  图片  桌面
anaconda-ks.cfg  .bashrc        .dbus    .local                test.sh  公共          文档

[root@localhost ~]# ssh root@192.168.56.11                        //2号访问1号
Last login: Mon Jul 30 16:12:37 2018 from 192.168.56.11      //无需密码

现在2号将公钥传输给1号,所以2号访问1号无需密码,但1号访问2号依然需要密码
这时,1号需要创建密钥,然后把公钥传输至2号即可免密码登陆2号了


scp跨主机上传以及复制
当前仅演示2号

传送演示

[root@localhost ~]# scp 123123.sh root@192.168.56.11:/                             //使用scp命令传送至根目录下
123123.sh                                                                             100%    0     0.0KB/s   00:00                   
[root@localhost ~]# ls /
123123.sh  boot  etc   lib    media  opt   root  sbin  sys      tmp  var
bin        dev   home  lib64  mnt    proc  run   srv   test.sh  usr

下载演示

[root@localhost ~]# ls /root                                    //查看1号root目录
123  anaconda-ks.cfg  initial-setup-ks.cfg  test.sh  公共  模板  视频  图片  文档  下载  音乐  桌面

[root@localhost ~]# scp root@192.168.56.11:/root/test.sh .            //2号将1号目录下的root目录下的test.sh复制到2号当前目录下,与传输不同,文件及路径在ip后方
test.sh                                                                               100%  505   220.2KB/s   00:00    

linux——ssh远程访问,密钥的生成以及公钥的使用,上传与下载

标签:been   info   lib   proc   生成密钥   sam   远程服务器   客户端   keygen   

原文地址:http://blog.51cto.com/13859004/2152274

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!