标签:been info lib proc 生成密钥 sam 远程服务器 客户端 keygen
1.说明密钥认证的过程我方用户创建密钥后,将公钥传输给对方用户,对方将信任我方,我方可免密码访问
2.手动配置密钥认证登陆
//连接ssh
[root@localhost ~]# ssh root@192.168.56.13 //1号ssh登入2号(也可2号直接生成密钥)
The authenticity of host ‘192.168.56.13 (192.168.56.13)‘ can‘t be established.
ECDSA key fingerprint is SHA256:mew0e7pEB0HDYWtnCCYbYopmwO7dYS7T7oySpZ+cfqg.
ECDSA key fingerprint is MD5:59:75:45:71:cd:34:a2:d3:df:5e:fc:cb:16:9a:04:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.56.13‘ (ECDSA) to the list of known hosts.
root@192.168.56.13‘s password:
Last login: Mon Jul 30 15:05:55 2018 from 192.168.56.1
//生成密钥
[root@localhost ~]# ssh-keygen -t rsa //生成密钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:iEujOIJR4THdKHLM5L1XD6aUYF2rKxwPKPgFMyPCaEc root@localhost.localdomain
The key‘s randomart image is:
+---[RSA 2048]----+
| +=Eo+ .. |
|+o**o.o. . |
|+=Oo. o = |
|+o.* + * o |
|+ . O = S . |
|.= = B . |
|= o + o |
|.. . |
| |
+----[SHA256]-----+
[root@localhost ~]# ls .ssh/ //查看隐藏中的ssh
id_rsa id_rsa.pub
//ssh-copy-id 将公钥传输至需访问的客户端
[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.56.11 //将在登入2号创建的公钥传输至1号
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host ‘192.168.56.11 (192.168.56.11)‘ can‘t be established.
ECDSA key fingerprint is SHA256:mFtHEvI1K3YUxeD7NAkROmKmlWRdR1iNOxgUI4lLFhM.
ECDSA key fingerprint is MD5:37:2c:a4:4c:e6:25:20:21:e4:07:e4:87:50:cc:69:05.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.56.11‘s password:
Permission denied, please try again.
root@192.168.56.11‘s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh ‘root@192.168.56.11‘"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# exit //登出2号
[root@localhost ~]# ssh root@192.168.56.11 //返回1号
root@192.168.56.11‘s password:
Last login: Mon Jul 30 14:52:50 2018 from 192.168.56.1
[root@localhost ~]# ls -a //公钥已到达
. .bash_history .cache .esd_auth .redhat .test.sh.swp 模板 下载
.. .bash_logout .config .ICEauthority .ssh .viminfo 视频 音乐
123 .bash_profile .cshrc initial-setup-ks.cfg .tcshrc .xauthS1SUwn 图片 桌面
anaconda-ks.cfg .bashrc .dbus .local test.sh 公共 文档
[root@localhost ~]# ssh root@192.168.56.11 //2号访问1号
Last login: Mon Jul 30 16:12:37 2018 from 192.168.56.11 //无需密码
现在2号将公钥传输给1号,所以2号访问1号无需密码,但1号访问2号依然需要密码
这时,1号需要创建密钥,然后把公钥传输至2号即可免密码登陆2号了
scp跨主机上传以及复制
当前仅演示2号
传送演示
[root@localhost ~]# scp 123123.sh root@192.168.56.11:/ //使用scp命令传送至根目录下
123123.sh 100% 0 0.0KB/s 00:00
[root@localhost ~]# ls /
123123.sh boot etc lib media opt root sbin sys tmp var
bin dev home lib64 mnt proc run srv test.sh usr
下载演示
[root@localhost ~]# ls /root //查看1号root目录
123 anaconda-ks.cfg initial-setup-ks.cfg test.sh 公共 模板 视频 图片 文档 下载 音乐 桌面
[root@localhost ~]# scp root@192.168.56.11:/root/test.sh . //2号将1号目录下的root目录下的test.sh复制到2号当前目录下,与传输不同,文件及路径在ip后方
test.sh 100% 505 220.2KB/s 00:00
linux——ssh远程访问,密钥的生成以及公钥的使用,上传与下载
标签:been info lib proc 生成密钥 sam 远程服务器 客户端 keygen
原文地址:http://blog.51cto.com/13859004/2152274