SSH介绍
- SSH为Secure Shell的缩写,为建立在应用层基础上的安全协议.支持口令以及秘钥方式登录.默认使用22端口.支持RSA和DSA两种秘钥方式.
SSH服务端
-
Ubuntu及CentOS服务端安装命令如下,默认在安装服务器端时一并安装SSH客户端:
[CentOS] yum install openssh-server [Ubuntu] sudo apt install openssh-server
-
服务端SSH相关操作
//1 查看ssh服务是否启动 服务为sshd yjf@vbox-ubuntu:~$ ps -ef|grep ssh root 2846 1 0 06:50 ? 00:00:00 /usr/sbin/sshd -D //2 查看sshd服务使用的端口 yjf@vbox-ubuntu:~$ sudo netstat -lntup | grep ssh tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2846/sshd //3 秘钥目录为~/.ssh/目录 //4 sshd的配置文件: yjf@vbox-ubuntu:~$ sudo cat /etc/ssh/sshd_config //5 相关服务的开启 状态查看等命令 yjf@vbox-ubuntu:~$ sudo systemctl status sshd yjf@vbox-ubuntu:~$ sudo systemctl restart sshd yjf@vbox-ubuntu:~$ sudo systemctl enable sshd
SSH客户端
-
SSH的客户端可以用XSHELL,Securecrt, Mobaxterm等工具进行连接,也可以使用最简单的ssh命令进行连接.(Windows平台安装Git软件后自带ssh工具)
-
用户名密码验证方式
//1 ssh客户端直接登录方式 ccczyl2006@ccczyl2006-PC MINGW64 ~/Desktop $ ssh -p22 yjf@192.168.0.106 The authenticity of host '192.168.0.106 (192.168.0.106)' can't be established. ECDSA key fingerprint is SHA256:pr62XwLtsc2zRRMsP5x78RZVBU6EAwjXukuiauMO0RI. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.0.106' (ECDSA) to the list of known hosts. yjf@192.168.0.106's password:
-
xshell密码登录.新建连接后进行用户名和密码登录
-
-
秘钥验证方式
//1 进入用户根目录下的.ssh目录,使用命令生成公钥和秘钥(注意Enter passphrase输入的是私钥的密码 可以留空) $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/c/Users/ccczyl2006/.ssh/id_rsa): vbox-ubun tu_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in vbox-ubuntu_rsa. Your public key has been saved in vbox-ubuntu_rsa.pub. The key fingerprint is: SHA256:giIl8zh168hymZJNocd3c4bOBJfX1kzNVo7ugfT/TdE ccczyl2006@ccczyl2006-PC The key's randomart image is: +---[RSA 2048]----+ | .o ..| | . . + +o | |o + o o . o +.. .| | X o = o . . + .| |= * + * S . +.E| | O B = = . o.| |+ B . o . o| | + .o| | o| +----[SHA256]-----+ //2 生成的文件带.pub为公钥 另一个文件为私钥 $ ll total 15 -rw-r--r-- 1 ccczyl2006 197121 73 四月 11 15:44 config -rw-r--r-- 1 ccczyl2006 197121 118 四月 25 2018 'config - Copy' drwxr-xr-x 1 ccczyl2006 197121 0 四月 11 20:51 copy/ -rw-r--r-- 1 ccczyl2006 197121 6755 四月 11 19:56 known_hosts -rw-r--r-- 1 ccczyl2006 197121 1679 四月 11 20:56 vbox-ubuntu_rsa -rw-r--r-- 1 ccczyl2006 197121 406 四月 11 20:56 vbox-ubuntu_rsa.pub
//2 使用ssh-copy-id 命令拷贝公钥到服务器 $ ssh-copy-id -i vbox-ubuntu_rsa.pub yjf@192.168.0.106 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "vbox-ubuntu_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys yjf@192.168.0.106's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'yjf@192.168.0.106'" and check to make sure that only the key(s) you wanted were added. //3 登录服务器确保.ssh目录下已存在authorized_keys文件 //4 存放私有的文件夹.ssh下使用以下命令即可使用无密码访问 $ ssh -i ./vbox-ubuntu_rsa yjf@192.168.0.106
- xshell私有访问如下图
网友评论