linux学习--openssh的使用

linux基础

openssh简介

功能

1
2
1 类似telnet的远程联机使用shell的服务器,亦即是俗称的ssh
2 类是ftp服务的sftp-server提供更安全的FTP服务

加密原理

公钥:提供给远程主机用来加密。公共的钥匙,大家都能获取到
私钥:只能自己使用,用于解密公钥加密的文件
通信双方各自拥有对方的公钥,还保留有自己的私钥

ssh链接的过程

1
2
3
4
5
1 第一次启动sshd时候,自动生成公钥放在/etc/ssh/下(ssh_host*)
2 用户请求联机
3 服务器传送公钥给client
4 client将公钥记录于~/.ssh/known_hosts下,并开始生成自己公私钥
5 向server回传公钥

使用ssh远程访问

ssh认证的方式有两种

通过用户名和密码进行登陆

1
2
3
4
5
6
7
8
9
[root@localhost ~]# ssh root@192.168.3.195
The authenticity of host '192.168.3.195 (192.168.3.195)' can't be established.
ECDSA key fingerprint is 26:d9:6c:e2:98:2d:d7:9f:0a:fe:04:e6:ac:39:45:0d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.195' (ECDSA) to the list of known hosts.
root@192.168.3.195's password: 
Last failed login: Fri Jul 24 15:48:09 CST 2015 from 192.168.3.148 on ssh:notty
There were 9 failed login attempts since the last successful login.
Last login: Fri Jul 24 15:20:51 2015 from 192.168.3.130

通过手动生成密钥进行登陆

1 生成认证公私钥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a3:cb:18:2b:cf:9a:12:0d:03:be:a5:4f:2e:63:c3:51 root@localhost.localdomain
The key"'"s randomart image is:
+--[ RSA 2048]----+
|                 |
|.                |
|o                |
|o. E             |
| +=     S        |
|.+..   . .       |
|..= . .          |
|.*.= = .         |
|..*+= o          |
+-----------------+

2 将公钥拷贝给要访问的主机

1
2
3
4
5
6
7
8
root@localhost .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.3.195
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.3.195"'"s password: 
Number of key(s) added: 1

Now try logging into the machine, with:  "ssh 'root@192.168.3.195'"
and check to make sure that only the key(s) you wanted were added.
1
2
3
4
root@localhost .ssh]# ssh root@192.168.3.195
Last failed login: Fri Jul 24 15:53:54 CST 2015 from 192.168.3.180 on ssh:notty
There were 6 failed login attempts since the last successful login.
Last login: Fri Jul 24 15:48:16 2015 from 192.168.3.130

远程文件的拷贝

1 把本节点的内容拷贝到远程主机
scp /etc/passwd root@192.168.3.195:/mnt
2 把远程的文件拷贝到本地
scp root@192.168.3.195:/etc/shadow /mnt

Title:linux学习--openssh的使用

Author:Jin Feng

Created:2015-07-24, 14:53:11

Updated:2016-05-09, 09:29:13

Full URL:http://0x00000000.cn/2015/07/24/linux学习-openssh的使用/

License: "CC BY-NC-SA 4.0" Keep Link & Author if Distribute.

Contents
  1. 1. openssh简介
    1. 1.1. 功能
    2. 1.2. 加密原理
    3. 1.3. ssh链接的过程
  2. 2. 使用ssh远程访问
    1. 2.1. 通过用户名和密码进行登陆
    2. 2.2. 通过手动生成密钥进行登陆
  3. 3. 远程文件的拷贝
,