连接ssh服务——ssh-keygen生成密钥(公钥,私钥)——ssh-copy-id 将公钥传输至远程服务器——访问远程服务端——scp跨主机上传以及复制下载
我方用户创建密钥后,将公钥传输给对方用户,对方将信任我方,我方可免密码访问
2.手动配置密钥认证登陆
//连接ssh
[root@localhost ~]# ssh root@192.168.56.13 ????//1号ssh登入2号(也可2号直接生成密钥)The authenticity of host ‘192.168.56.13 (192.168.56.13)‘ can‘t be established.ECDSA key fingerprint is SHA256:mew0e7pEB0HDYWtnCCYbYopmwO7dYS7T7oySpZ+cfqg.ECDSA key fingerprint is MD5:59:75:45:71:cd:34:a2:d3:df:5e:fc:cb:16:9a:04:53.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘192.168.56.13‘ (ECDSA) to the list of known hosts.root@192.168.56.13‘s password:Last login: Mon Jul 30 15:05:55 2018 from 192.168.56.1//生成密钥
[root@localhost ~]# ssh-keygen -t rsa ?????????????????//生成密钥Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Created directory ‘/root/.ssh‘.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:iEujOIJR4THdKHLM5L1XD6aUYF2rKxwPKPgFMyPCaEc root@localhost.localdomainThe key‘s randomart image is:+---[RSA 2048]----+| +=Eo+ .. ???????||+o**o.o. . ??????||+=Oo. o = ???????||+o.* + * o ??????||+ . O = S . ?????||.= = B . ????????||= o + o ?????????||.. ??. ??????????|| ????????????????|+----[SHA256]-----+[root@localhost ~]# ls .ssh/ ???????????????????????????????????????//查看隐藏中的sshid_rsa ?id_rsa.pub//ssh-copy-id 将公钥传输至需访问的客户端
[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.56.11 ????????????????????//将在登入2号创建的公钥传输至1号/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host ‘192.168.56.11 (192.168.56.11)‘ can‘t be established.ECDSA key fingerprint is SHA256:mFtHEvI1K3YUxeD7NAkROmKmlWRdR1iNOxgUI4lLFhM.ECDSA key fingerprint is MD5:37:2c:a4:4c:e6:25:20:21:e4:07:e4:87:50:cc:69:05.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.56.11‘s password:Permission denied, please try again.root@192.168.56.11‘s password:Number of key(s) added: 1Now try logging into the machine, with: ??"ssh ‘root@192.168.56.11‘"and check to make sure that only the key(s) you wanted were added.[root@localhost ~]# exit ??????????????????????????????????????????????????????//登出2号[root@localhost ~]# ssh root@192.168.56.11 ?????????????????????//返回1号root@192.168.56.11‘s password:Last login: Mon Jul 30 14:52:50 2018 from 192.168.56.1[root@localhost ~]# ls -a ???????????????????????????????????????????????????????//公钥已到达. ???????????????.bash_history ?.cache ??.esd_auth ????????????.redhat ?.test.sh.swp ?模板 ?下载.. ??????????????.bash_logout ??.config ?.ICEauthority ????????.ssh ????.viminfo ?????视频 ?音乐123 ?????????????.bash_profile ?.cshrc ??initial-setup-ks.cfg ?.tcshrc ?.xauthS1SUwn ?图片 ?桌面anaconda-ks.cfg ?.bashrc ???????.dbus ???.local ???????????????test.sh ?公共 ?????????文档[root@localhost ~]# ssh root@192.168.56.11 ???????????????????????//2号访问1号Last login: Mon Jul 30 16:12:37 2018 from 192.168.56.11 ?????//无需密码现在2号将公钥传输给1号,所以2号访问1号无需密码,但1号访问2号依然需要密码
这时,1号需要创建密钥,然后把公钥传输至2号即可免密码登陆2号了
scp跨主机上传以及复制
当前仅演示2号
传送演示
[root@localhost ~]# scp 123123.sh root@192.168.56.11:/ ????????????????????????????//使用scp命令传送至根目录下123123.sh ????????????????????????????????????????????????????????????????????????????100% ???0 ????0.0KB/s ??00:00 ??????????????????[root@localhost ~]# ls /123123.sh ?boot ?etc ??lib ???media ?opt ??root ?sbin ?sys ?????tmp ?varbin ???????dev ??home ?lib64 ?mnt ???proc ?run ??srv ??test.sh ?usr下载演示
[root@localhost ~]# ls /root ???????????????????????????????????//查看1号root目录123 ?anaconda-ks.cfg ?initial-setup-ks.cfg ?test.sh ?公共 ?模板 ?视频 ?图片 ?文档 ?下载 ?音乐 ?桌面[root@localhost ~]# scp root@192.168.56.11:/root/test.sh . ???????????//2号将1号目录下的root目录下的test.sh复制到2号当前目录下,与传输不同,文件及路径在ip后方test.sh ??????????????????????????????????????????????????????????????????????????????100% ?505 ??220.2KB/s ??00:00 ???linux——ssh远程访问,密钥的生成以及公钥的使用,上传与下载
原文地址:http://blog.51cto.com/13859004/2152274