1.說明密鑰認證的過程
連接ssh服務——ssh-keygen生成密鑰(公鑰,私鑰)——ssh-copy-id 將公鑰傳輸至遠程服務器——訪問遠程服務端——scp跨主機上傳以及複製下載
我方用戶創建密鑰後,將公鑰傳輸給對方用戶,對方將信任我方,我方可免密碼訪問
2.手動配置密鑰認證登陸
//連接ssh
[root@localhost ~]# ssh [email protected] //1號ssh登入2號(也可2號直接生成密鑰)
The authenticity of host '192.168.56.13 (192.168.56.13)' can't be established.
ECDSA key fingerprint is SHA256:mew0e7pEB0HDYWtnCCYbYopmwO7dYS7T7oySpZ+cfqg.
ECDSA key fingerprint is MD5:59:75:45:71:cd:34:a2:d3:df:5e:fc:cb:16:9a:04:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.56.13' (ECDSA) to the list of known hosts.
[email protected]'s password:
Last login: Mon Jul 30 15:05:55 2018 from 192.168.56.1
//生成密鑰
[root@localhost ~]# ssh-keygen -t rsa //生成密鑰
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:iEujOIJR4THdKHLM5L1XD6aUYF2rKxwPKPgFMyPCaEc [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| +=Eo+ .. |
|+o**o.o. . |
|+=Oo. o = |
|+o.* + * o |
|+ . O = S . |
|.= = B . |
|= o + o |
|.. . |
| |
+----[SHA256]-----+
[root@localhost ~]# ls .ssh/ //查看隱藏中的ssh
id_rsa id_rsa.pub
//ssh-copy-id 將公鑰傳輸至需訪問的客戶端
[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] //將在登入2號創建的公鑰傳輸至1號
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.56.11 (192.168.56.11)' can't be established.
ECDSA key fingerprint is SHA256:mFtHEvI1K3YUxeD7NAkROmKmlWRdR1iNOxgUI4lLFhM.
ECDSA key fingerprint is MD5:37:2c:a4:4c:e6:25:20:21:e4:07:e4:87:50:cc:69:05.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# exit //登出2號
[root@localhost ~]# ssh [email protected] //返回1號
[email protected]'s password:
Last login: Mon Jul 30 14:52:50 2018 from 192.168.56.1
[root@localhost ~]# ls -a //公鑰已到達
. .bash_history .cache .esd_auth .redhat .test.sh.swp 模板 下載
.. .bash_logout .config .ICEauthority .ssh .viminfo 視頻 音樂
123 .bash_profile .cshrc initial-setup-ks.cfg .tcshrc .xauthS1SUwn 圖片 桌面
anaconda-ks.cfg .bashrc .dbus .local test.sh 公共 文檔
[root@localhost ~]# ssh [email protected] //2號訪問1號
Last login: Mon Jul 30 16:12:37 2018 from 192.168.56.11 //無需密碼
現在2號將公鑰傳輸給1號,所以2號訪問1號無需密碼,但1號訪問2號依然需要密碼
這時,1號需要創建密鑰,然後把公鑰傳輸至2號即可免密碼登陸2號了
scp跨主機上傳以及複製
當前僅演示2號
傳送演示
[root@localhost ~]# scp 123123.sh [email protected]:/ //使用scp命令傳送至根目錄下
123123.sh 100% 0 0.0KB/s 00:00
[root@localhost ~]# ls /
123123.sh boot etc lib media opt root sbin sys tmp var
bin dev home lib64 mnt proc run srv test.sh usr
下載演示
[root@localhost ~]# ls /root //查看1號root目錄
123 anaconda-ks.cfg initial-setup-ks.cfg test.sh 公共 模板 視頻 圖片 文檔 下載 音樂 桌面
[root@localhost ~]# scp [email protected]:/root/test.sh . //2號將1號目錄下的root目錄下的test.sh複製到2號當前目錄下,與傳輸不同,文件及路徑在ip後方
test.sh 100% 505 220.2KB/s 00:00