ssh

ssh简介

专为远程登录会话和其他网路服务提供安全性的协议

  • 有效防止远程管理过程中的信息泄露
  • 传输数据加密,能防止DNS和IP欺骗
  • 传输数据压缩,加快传输速度

在linux系统中一般使用OpenSSH工具
OpenSSH是SSH协议的免费开源实现,提供了服务端程序openssh-server和客户端程序openssh-client

ssh命令

ssh [-pi] [user@host]
  -p    指定ssh端口号,默认为22
  -i    使用指定私钥文件连接服务器
  exit或logout可退出当前登陆

[root@aczdev-161-kvm .ssh]# ssh root@192.168.9.163
The authenticity of host '192.168.9.163 (192.168.9.163)' can't be established.
ECDSA key fingerprint is SHA256:t9dwM9KzQxGVag1Didv9FPIEztHIJUuyPbFhwby5rVc.
ECDSA key fingerprint is MD5:58:07:6d:4a:85:d6:af:a9:2b:78:16:90:32:58:ba:4b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.9.163' (ECDSA) to the list of known hosts.
Last login: Fri Mar 13 19:10:01 2020 from 192.168.6.5

[root@aczdev-163-kvm ~]# exit
logout
Connection to 192.168.9.163 closed.

ssh配置

ssh配置信息都保存在~/.ssh中

  • known_hosts: 连接服务器记录
  • authorized_keys: 作为服务端,客户端的绵密连接公钥文件
  • config: 作为客户端,记录连接服务器配置的别名

服务器别名

  • 远程管理命令(如ssh、scp等)连接一台服务器时,一般需要提供服务器地址、端口、用户名
  • 可以将经常使用的服务器连接参数记录到配置文件中,并设置别名,方便连接
[root@aczdev-12-kvm .ssh]# vim config

Host kvm-163
    HostName 192.168.9.163
    User root
    Port 22

The authenticity of host '192.168.9.163 (192.168.9.163)' can't be established.
ECDSA key fingerprint is SHA256:gR0zQ8hytD4BF7BHvU5bX3dSljCq8RCpQdvmCZSPQz0.
ECDSA key fingerprint is MD5:f2:49:55:52:ae:9e:a0:62:e3:e1:20:3a:af:b5:4b:29.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.9.163' (ECDSA) to the list of known hosts.
root@192.168.9.163's password:
[root@aczdev-163-kvm ~]# 

免密登陆

ssh-keygen [-tfc]
 -t  指定加密类型,默认为非对称加密(rsa), 所有可选项:dsa、ecdsa、ed25519、rsa 
 -f  设置密钥文件名,若设置,在连接时需指定要验证的密钥文件:ssh -i file user@host, 默认文件名则可省略
 -c  添加注释再密钥文件尾部
 
[root@dev-117-kvm ~]# ssh-keygen               # 生成密钥文件
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in y.
Your public key has been saved in y.pub.
The key fingerprint is:
SHA256:bFO1aL6MmN0SuA9/1uaZlmPoxPx+O7NeDMYZOG7XIGY root@dev-117-kvm
The key's randomart image is:
+---[RSA 2048]----+
|            .    |
|           o o   |
|          + E o  |
|       o + + + = |
|      . S . o * .|
|       * O o o o |
|      = + Bo .  o|
|       + o+.Bo+. |
|        o+.**++= |
+----[SHA256]-----+

[root@aczdev-12-kvm .ssh]# ssh-copy-id root@192.168.6.117       # 将公钥文件上传到192.168.6.117服务器上(.ssh/authorized_keys)
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.6.117's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.6.117'"
and check to make sure that only the key(s) you wanted were added.

[root@aczdev-12-kvm .ssh]# ssh root@192.168.6.117
Last login: Mon Mar 16 20:44:19 2020 from 192.168.9.12
[root@dev-117-kvm ~]#

免密钥文件登陆

1、生成密钥对

  • ssh-keygen -t rsa -f ~/.ssh/id_rsa
  • chmod 400 ~/.ssh/id_rsa

2、上传公钥到要连接的服务器.ssh/authorized_keys中: ssh-copy-id root@192.168.6.117
3、使用私钥文件登陆: ssh -i id_rsa root@192.168.6.117
4、也可将私钥文件在config中设置,简化登陆命令

[root@aczdev-12-kvm .ssh]# vim config

Host kvm-163
    HostName 192.168.9.163
    User root
    Port 22
    IdentityFile ~/.ssh/id_rsa


[root@aczdev-12-kvm .ssh]# ssh kvm-163
Last login: Mon Mar 16 18:29:00 2020 from 172.18.1.1
[root@aczdev-163-kvm ~]#
posted @ 2020-04-06 12:48  ericness  阅读(214)  评论(0编辑  收藏  举报