Linux遠端連線——SSH服務
遠端連線
1、Telnet 埠: 23 明文,不加密,不安全
2、SSH 埠:22 安全 非對稱加密和對稱加密結合
非對稱加密
secret key 私鑰 伺服器端
public key 公鑰 客戶端
認證過程
Linux:openssh
c/s架構
伺服器端: sshd服務 配置檔案/etc/ssh/sshd_config
客戶端: ssh 配置檔案 /etc/ssh/ssh_config
有關ssh服務的命令:
ssh 遠端連線
ssh-keygen 金鑰生成器
ssh-copy-id 將公鑰傳輸至遠端伺服器
scp 跨主機拷貝檔案
一、基於口令認證
ssh 10.0.0.31
1、10.0.0.31(nfs01)會給 xwj(客戶端)建立一個存放nfs01公鑰的檔案 在客戶端的家目錄下 ~.ssh/known_hosts 檔案
2、然後才能輸入密碼登入
3、如果是再次ssh 10.0.0.31,直接輸入密碼登入即可
4、指定使用者登入
例如
[[email protected] ~]# ssh [email protected]
[email protected]'s password:
[[email protected] ~]$
二、基於祕鑰認證
第一步:生成金鑰對
命令1:互動式輸入
[[email protected] ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
命令2:用引數一步搞定
[[email protected] ~]# ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ''
用一條命令搞定,有助於將來實現自動化
-f 指定檔名
-P 指定生成金鑰的密碼(為空)
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
第二步:將~/.ssh/id_rsa.pub檔案拷貝到nfs01(10.0.0.31)
方法1、scp拷貝
將~/.ssh/id_rsa.pub檔案拷貝到nfs01(10.0.0.31)主機~/.ssh/目錄下 並重命名為authorized_keys
[[email protected] ~]# scp .ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys
許可權.ssh為700
許可權authorized_keys為600
[[email protected] ~]# chmod 700 .ssh
[[email protected] ~]# chmod 600 ~/.ssh/authorized_keys
方法2、ssh-copy-id命令拷貝
[[email protected] ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]