Linux中SSH服务(二)

一、基于公私钥的认证(免密登录)

1、Windows免密登录Linux

Windows推荐安装Cygwin软件:Cygwin

1.1Windows上面生成公私钥

bash 复制代码
之前已经生成过了,所以显示公私钥已存在
lovezyw@LAPTOP-AABHB5ED ~
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lovezyw/.ssh/id_rsa):
/home/lovezyw/.ssh/id_rsa already exists.
Overwrite (y/n)?


lovezyw@LAPTOP-AABHB5ED ~
$ ls ~/.ssh/
id_rsa  id_rsa.pub  known_hosts

2.2公钥发送给服务端

bash 复制代码
Windows上操作
$ ssh-copy-id root@10.0.0.61


Linux服务端查看
[master-61 root ~] # ls .ssh/ -l
total 12
-rw------- 1 root root  577 Jan  8 15:37 authorized_keys

3.3可以进行免密登录

2、linux免密登录linux

准备机器

master-61 10.0.0.61

web-7 10.0.0.7

2.1在master-61机器生成公私钥

bash 复制代码
[master-61 root ~] # ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:P34ShRM0e2AfzlmhqWDG5RDqWY7zCHKx8QpbXe3rs4o root@master-61
The key's randomart image is:
+---[RSA 2048]----+
|        oo* . o. |
|       o *.B *   |
|    o . B +oO    |
|     B O ooo.    |
|  o = B S oo     |
|   * o + ...     |
|  . . . . +.     |
|       . oo..    |
|      E ..+=     |
+----[SHA256]-----+
[master-61 root ~] # ls .ssh/ -l
total 12
-rw------- 1 root root  577 Jan  8 15:37 authorized_keys
-rw------- 1 root root 1679 Jan  8 15:54 id_rsa
-rw-r--r-- 1 root root  396 Jan  8 15:54 id_rsa.pub

2.2 发送master-61的公钥给web-7,并核对公钥是否一样

bash 复制代码
master-61机器上操作
[master-61 root ~] # ssh-copy-id root@10.0.0.7
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.7 (10.0.0.7)' can't be established.
ECDSA key fingerprint is SHA256:p+Y8oREDmNYotbNk8uqZv6KTTFKFnLhOxXp3D+Jet6Q.
ECDSA key fingerprint is MD5:d4:45:1d:1c:9f:5f:9f:8e:c7:86:d3:03:ee:f1:78:f4.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.7's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.0.7'"
and check to make sure that only the key(s) you wanted were added.

[master-61 root ~] # cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQAAABAQDghdixJEHOiWLHPuGuRpyWMPTo/ADq7em9Toc0l/fiiZ9g2uuhpBgbJwPaN7kcKcKDpVNSNloVVDGQpg38gvShEvM0Z7Xf9WKp2ZNv6rAnGMTPphfMq85/MQl2nHzD/sU5AIugoZBdx9qL02+7UAowpXBE7HCU+lenIFTULI5RZu3CADEaMhKziBZkthjPO4gUWmfs09YaVLQTETYuAvOwitXQzTDjQFlv8chK59YGXWeY/JYX2CUcY6xcwjVgsqg1uPG+DUWGnehNg/SWiHFMkxT/Pb5jMVtTE2HefHholNt32+ujD+b5d5D4Od8FONBt8WwSRooGPP/ root@master-61



web-7机器上检查公钥
[web-7 root ~] # ll .ssh
ls: cannot access .ssh: No such file or directory
[web-7 root ~] # ll .ssh/
total 4
-rw------- 1 root root 396 Jan  8 15:59 authorized_keys
[web-7 root ~] # 
[web-7 root ~] # cat ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDghdixJEHOiWLHPuGuRpyWMPTo/ADq7em9Toc0l/fiiZ9g2uuhpBgbJwPaN7kcKcKDpVNSNloVVDGQpg38gvShEvM0Z7Xf9WKp2ZNv6rAnGMTPphfMq85/MQl2nHzD/sU5AIugoZBdx9qL02+7UAowpXBE7HCU+lenIFTULI5QuPRZu3CADEaMhKziBZkthjPO4gUWmfs09qzcIzMYaVLQTETYuAvOwitXQzTDjQFlv8chK59YGXWeY/JYX2CUcY6xcwjVgsqg1uPG+DUWGnehNg/SWiHFMkxT/Pb5jMVtTE2HefHholNt32+ujD+b5d5D4Od8FONBt8WwSRooGPP/ root@master-61
[web-7 root ~] # 

2.3登录测试免密

bash 复制代码
[master-61 root ~] # ssh root@10.0.0.7
Last login: Wed Jan  8 15:58:02 2025 from 10.0.0.1
[web-7 root ~] # 

二、SSH文件权限

1、~/.ssh/config 配置文件的使用(方便快捷登录)

~/.ssh/config 文件允许你为不同的主机或服务器配置特定的选项

配置文件示例

Host test

HostName 10.0.0.1

User root

Port 22

IdentityFile ~/.ssh/id_rsa

常用参数

Host:指定别名或通配符,允许为多个主机配置共同的选项。例如,Host * 可以匹配所有主机。

HostName:指定主机的 IP 地址或域名。

User:指定用户名。

Port:指定连接的端口号。

IdentityFile:指定 SSH 私钥文件。

ForwardAgent:是否启用 SSH 代理转发。默认是 no。

Compression:是否启用压缩,通常设置为 yes 可以加速连接,尤其是在低带宽环境下

2、文件权限设置

ssh文件对应权限如下

chmod 700 ~/.ssh

chmod 600 ~/.ssh/id_rsa

chmod 644 ~/.ssh/id_rsa.pub

chmod 600 ~/.ssh/config

3、登录测试

bash 复制代码
master-61机器相关文件和权限都配置好,直接ssh web-7登录
注:确保master-61的公钥传送到web-7机器上了
[master-61 root ~] # ssh-copy-id root@10.0.0.7
[master-61 root ~] # ll .ssh/
total 20
-rw------- 1 root root  577 Jan  8 15:37 authorized_keys
-rw------- 1 root root   92 Jan  9 08:58 config
-rw------- 1 root root 1679 Jan  8 15:54 id_rsa
-rw-r--r-- 1 root root  396 Jan  8 15:54 id_rsa.pub
-rw-r--r-- 1 root root  170 Jan  8 15:59 known_hosts
[master-61 root ~] # 
[master-61 root ~] # cat .ssh/config 
Host web-7
  HostName 10.0.0.7
  User root
  Port 22
[master-61 root ~] # ssh web-7
Last login: Thu Jan  9 08:59:00 2025 from 10.0.0.61
[web-7 root ~] # 
相关推荐
不念霉运27 分钟前
Gitee:本土化DevOps平台如何助力中国企业实现高效研发协作
运维·gitee·devops
爱喝水的鱼丶28 分钟前
SAP-ABAP:ABAP Open SQL 深度解析:核心特性、性能优化与实践指南
运维·开发语言·数据库·sql·性能优化·sap·abap
liweiweili1262 小时前
Tomcat 服务器日志
java·运维·服务器·tomcat
程序员编程指南2 小时前
Qt 嵌入式 Linux 系统定制全指南
linux·c语言·开发语言·c++·qt
皓月盈江4 小时前
Linux Deepin深度操作系统应用商店加载失败,安装星火应用商店
linux·debian·deepin·国产操作系统·深度操作系统·星火应用商店·deepin应用商店加载失败
Linux技术芯5 小时前
#Linux内存管理# 详细介绍madvise函数的工作原理
linux
Hey! Hey!6 小时前
在 Ubuntu 22.04 上运行 cAdvisor 时遇到 mountpoint for cpu not found 错误
linux·运维·ubuntu
渡我白衣6 小时前
Linux网络编程:基于UDP 的聊天室雏形
linux·网络·udp
gnawkhhkwang7 小时前
io_getevents 和 io_pgetevents 系统调用及示例
linux·c语言·开发语言
朱小弟cs67 小时前
Orange的运维学习日记--23.Linux计划任务详解
linux·运维·学习