一:SSH工作原理
01 客户端向服务器请求SSH 连接
02 服务端向客户端请求公钥信息
03 上传公钥信息到服务端,服务端收到后存放到/root/.ssh/authorized_keys
04 客户端使用自己的私钥去认证
05 服务端回复认证通过可以连接
二:基于密钥方式实现远程连接
2.1 客户端生成公钥和密钥
[root@mb01-61 ~]# ssh-keygen ###一路回车
[root@mb01-61 ~]# ll .ssh/ ###生成公钥和私钥
-rw------- 1 root root 1679 Aug 5 22:43 id_rsa
-rw-r--r-- 1 root root 394 Aug 5 22:43 id_rsa.pub
通过下面这种方式可以实现免交互生成公钥和密钥
[root@mb01-61 ~]# ssh-keygen -f /root/.ssh/id_rsa -N ''
2.2 将公钥推送到服务端
[root@m01-61 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.7
2.3 测试是否能正常
[root@m01-61 ~]# ssh root@172.16.1.7 hostname
web01-7
三:免交互分发公钥
默认正常情况下将公钥推送到服务端.要先确认在手动输入密码
[root@m01-61 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.7
Are you sure you want to continue connecting (yes/no)?
root@172.16.1.7's password:
为了方便,我们使用免交互
3.1 解决需要手动确认是否连接
使用参数-o StrictHostKeyChecking=no
[root@m01-61 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.8 -o StrictHostKeyChecking=no
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.8's password:
3.2 解决手动输入密码
安装sshpass工具
[root@m01-61 ~]# yum -y install sshpass -y
免交互分发公钥
[root@mb01-61 ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_rsa.pub 172.16.1.31 -o StrictHostKeyChecking=no
四:优化ssh
vim /etc/ssh/sshd_config
1:修改ssh端口
#Port 22 port 6666
2:不允许外网登录
#ListenAddress 0.0.0.0 ListenAddress 172.16.1.61 ###这里写本机ip,就是只监听这个网段的ip
3:不允许密码认证
PasswordAuthentication yes PasswordAuthentication no
网友评论