一、SSH协议

  TCP/22

    SSH 应用层协议

    作用:远程连接设备, 方便操作

 

  服务器管理方式:

    1、本地管理方式

      安装系统、故障修复

    2、远程连接的方式

centos7.x版本中的ssh默认是开启的,所以查看一下ssh服务的端口

[root@localhost ~]# netstat -antp | grep ssh
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1234/sshd           
tcp        0     52 192.168.22.130:22       192.168.22.1:53680      ESTABLISHED 4986/sshd: root@pts 
tcp6       0      0 :::22                   :::*                    LISTEN      1234/sshd  

在nide01上生成密钥对

[root@node01 ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
5c:0a:16:3d:f7:47:c8:74:a4:8a:fa:66:53:09:de:f1 root@node01.linux.com
The key's randomart image is:
+--[ RSA 2048]----+
|      ..   o.oo  |
|       .o . oo.  |
|      o  o....   |
|     . o.+... .  |
|       .So.+ .   |
|       .. + E    |
|      .  .       |
|       .+        |
|       o..       |
+-----------------+

[root@node01 ~]# ls /root/.ssh/
id_rsa  id_rsa.pub

将公钥拷给node02

[root@node01 ~]# ssh-copy-id 192.168.22.130
The authenticity of host '192.168.22.130 (192.168.22.130)' can't be established.
ECDSA key fingerprint is 33:43:0a:ba:e1:1a:c3:d4:d7:3d:dc:74:af:b2:25:e0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.22.130's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.22.130'"
and check to make sure that only the key(s) you wanted were added.

 

在node02上在生成密钥对

[root@node02 ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:+z5gNQiMn+HVdVvgHRDDtQLr493j/XdK/T5E99jX3Ak root@node02.linux.com
The key's randomart image is:
+---[RSA 2048]----+
|     o   . oo+*+.|
|    . + . . o+.+o|
|     o = . . .o..|
|      + . +  E...|
|        S. +  o+*|
|        o.. o o+B|
|       ... . .ooo|
|         ..  ...*|
|         .o.  .+X|
+----[SHA256]-----+

将node02的公钥拷给node01

[root@node02 ~]# ssh-copy-id 192.168.22.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.22.129 (192.168.22.129)' can't be established.
ECDSA key fingerprint is SHA256:I2eTYpUvbeL3hyiiEqs1rl/t7pHJc+SCVNTwEUhmN0g.
ECDSA key fingerprint is MD5:a3:3e:a0:47:f5:33:2f:a7:d7:68:5b:e3:28:09:01:6f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.22.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.22.129'"
and check to make sure that only the key(s) you wanted were added.

 

查看node01中的authorized_keys文件中含有node02的公钥信息

[root@node01 ~]# cat /root/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChT+UMdHs0nFFzzWH+4aXdm6qx2vtkmpma+oYF6pabbTcDX1GbZYzqmSyLz7X5O9L8kpgJGXC6jK77jTYIjlHAIzjKSy59rg
CdAOHOrxN68ntXmuJIdnNJVIbcsCBLP+IB21Vyv+OUL20E/vBAGOYDEvA38PI+iddvNLYM7FuJXL8VCspTEbCIMEs+HUa1V8qzNQS/fNxD9tWLxFAiHu73lz3BX2ZED0iSOq9l/sD42epY93NJv4YblAcIcHuSeIa1m0dPpFULMnX/UDKK+ChKua3TMitHScujg/A0X3upvIEMQ38TdlsyxNb2ETN+DlVLHQ6356vzSMweR2BwNhG/ root@node02.linux.com

同理在node02上也能查看到node01的公钥

[root@node02 ~]# cat /root/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPrj8cI8RhKLBgYg8gZ+gj3dpm1/dq3eHNTOyYreiGDSnD+bzO/2biTc/mzSjFBNtbTcwx9/g+Qle60xTZo2l7F4oWNAafMR
O2sY7cc8sIvr3avqVOkSo/mtFj5cFoIq6+f/+DBk3DveJfQ2wfwf+GWsBedgWh19LO/vvufteyP03P8ZdJmbPdaEf8UjusV/pDM26z7lKrLFESwMm/QtRzHqUKU7HVWCgl3Nt8SYivZ7qJODEof83UVceAs5dDOLmgVjubolb5RzN0zQvVT8C1o0zyGtU2/97OrVwZ7yN+/46PluKlzkWUgWXIlA8/9oV46rDh+fHxy4Lvl7yRr1+R root@node01.linux.com

在node01上免密登录node02成功

[root@node01 ~]# ssh root@192.168.22.130
Last login: Thu Jan  7 13:14:14 2021 from 192.168.22.1
[root@node02 ~]# 

在node02上免密登录node01成功

[root@node02 ~]# ssh root@192.168.22.129
Last login: Thu Jan  7 13:14:22 2021 from 192.168.22.1
[root@node01 ~]# 

 

完成以上操作就可以完成了两台ssh之间的免密登录。

 

posted on 2021-01-07 13:25  Lyon-w  阅读(947)  评论(0编辑  收藏  举报