ansible >> ssh
场景:主机A (ubuntu) 主机B (centos)
主机 A 安装ssh
主机 A 启动ssh
主机 B 安装ssh
主机 B 启动ssh服务
(若无service 命令 需要安装initscripts)
主机 A 配置主机列表
主机 A 生成秘钥
从主机 A 拷贝公钥到主机 B
主机 A 将主机 B 的秘钥写入known_hosts 文件 (大家要是复制这个文件的话,记得改变其权限,只能为700)
此时 ,从主机 A 登录主机 B 可通过秘钥登录
原理
1)公钥:用于加密,存在于服务器
2)私钥:用于解密,存在于客户机
流程
1)客户端向服务器发出连接请求
2)服务器查看客户端公钥(~/.ssh/authorized_keys)该客户机(客户机标志:用户@Host)对应的公钥
3)服务器验证公钥合法,则产生一条随机数(challenge),用公钥加密发送给客户端
4)客户端用私钥解密回传服务器端
5)随机数一致,认证通过
主机 A 安装ssh
root@ubuntz(主机A):/home/ubuntu# apt-get install openssh-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-3.13.0-32 linux-headers-3.13.0-32-generic
linux-image-3.13.0-32-generic linux-image-extra-3.13.0-32-generic
Use 'apt-get autoremove' to remove them.
Suggested packages:
rssh molly-guard monkeysphere
The following NEW packages will be installed:
openssh-server
0 upgraded, 1 newly installed, 0 to remove and 9 not upgraded.
Need to get 322 kB of archives.
After this operation, 955 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main openssh-server amd64 ...
Fetched 322 kB in 4s (69.5 kB/s)
Preconfiguring packages ...
Selecting previously unselected package openssh-server.
(Reading database ... 260939 files and directories currently installed.)
Preparing to unpack .../openssh-server_1%3a6.6p1-2ubuntu2.8_amd64.deb ...
Unpacking openssh-server (1:6.6p1-2ubuntu2.8) ...
Processing triggers for ufw (0.34~rc-0ubuntu2) ...
Processing triggers for ureadahead (0.100.0-16) ...
ureadahead will be reprofiled on next reboot
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Setting up openssh-server (1:6.6p1-2ubuntu2.8) ...
root@ubuntu:/home/ubuntu# /etc/init.d/ssh start
ssh start/running, process 3623
root@centos(主机B)# yum install openssh*
root@centos# service sshd start
Failed to get D-Bus connection: Operation not permitted
Generating SSH2 RSA host key: [ OK ]
Generating SSH2 ECDSA host key: [ OK ]
Generating SSH2 ED25519 host key: [ OK ]
Starting sshd: [ OK ]
(若无service 命令 需要安装initscripts)
root@centos# yum install initscripts
主机 A 配置主机列表
root@ubuntu:/home/ubuntu# vim /etc/hosts
添加主机172.17.0.2 hostname
root@ubuntu:/home/ubuntu# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
d2:ff:5b:30:60:e2:9e:61:c8:69:a2:06:93:a7:85:65 root@ubuntu
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| E . o |
| = . = o . |
|= o . * S o |
| * . o + + o |
|. o o . . |
| . . . |
| o. |
+-----------------+
root@ubuntu:/home/ubuntu# ssh-copy-id root@hostname
The authenticity of host 'hostname (172.17.0.2)' can't be established.
ECDSA key fingerprint is 16:dc:5b:7b:df:8d:96:36:76:6c:63:5e:2a:eb:56:67.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@hostname's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@hostname'"
and check to make sure that only the key(s) you wanted were added.
root@ubuntu:/home/ubuntu# ssh-keyscan hostname >> ~/.ssh/known_hosts
# hostname SSH-2.0-OpenSSH_7.4
# hostname SSH-2.0-OpenSSH_7.4
root@ubuntu:~/.ssh# ssh hostname
Warning: Permanently added the ECDSA host key for IP address '172.17.0.2' to the list of known hosts.
Last login: Tue Dec 26 11:22:34 2017 from gateway
[root@centos ~]#
1)公钥:用于加密,存在于服务器
2)私钥:用于解密,存在于客户机
流程
1)客户端向服务器发出连接请求
2)服务器查看客户端公钥(~/.ssh/authorized_keys)该客户机(客户机标志:用户@Host)对应的公钥
3)服务器验证公钥合法,则产生一条随机数(challenge),用公钥加密发送给客户端
4)客户端用私钥解密回传服务器端
5)随机数一致,认证通过
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
· 没有源码,如何修改代码逻辑?
· 全程不用写代码,我用AI程序员写了一个飞机大战
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· 记一次.NET内存居高不下排查解决与启示
· 白话解读 Dapr 1.15:你的「微服务管家」又秀新绝活了
· DeepSeek 开源周回顾「GitHub 热点速览」