CentOS7做ssh免密登录详解程序员
youxi2 192.168.1.7
这里我将防火墙关闭进行实验,如果防火墙开启,请将端口加入到防火墙规则中。
(2).目标
在ssh端口不为22的情况下,进行单向免密登录或双向免密登录(端口不一致)
(3).实验
首先修改两台服务器的端口,vim /etc/ssh/sshd_config,找到如下部分
#Port 22
将#去除,22改为想要的端口号。这里我将youxi1的ssh端口号改为2890,youxi2的ssh端口号改为2891。
接着使用命令systemctl restart sshd重启服务。再使用netstat -tlunp | grep sshd查看端口号(如果没有netstat请安装net-tools)
[[email protected] Packages]# netstat -tlunp | grep sshd //youxi1 tcp 0 0 0.0.0.0:2890 0.0.0.0:* LISTEN 9953/sshd tcp6 0 0 :::2890 :::* LISTEN 9953/sshd [[email protected] ~]# netstat -tlunp | grep sshd //youxi2 tcp 0 0 0.0.0.0:2891 0.0.0.0:* LISTEN 17526/sshd tcp6 0 0 :::2891 :::* LISTEN 17526/sshd
1)单向免密登录
youxi1使用ssh远程youxi2不需要密码,但youxi2使用ssh远程youxi1需要密码
在yousi1上使用ssh-keygen生成公钥和私钥(这里使用默认的rsa),一路默认即可
[[email protected] ~]# ssh-keygen -t rsa //默认指定的是rsa,所以可以没有-t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): //选项没有指定生成地址时,此处也可以指定 Created directory /root/.ssh. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:ia+le9ZX3cAxztmIINJbWnEGrK9lq4lY4pYNevgqecM [email protected] The keys randomart image is: +---[RSA 2048]----+ | . .ooo | | . o =o o | | . B . = * | | .+. . B .| | . S. o.| | . . + . o| | o o.+. o= . . | |o E.++.=+.o . | | o.*+ =+o. . | +----[SHA256]-----+
在没有指定生成地址时,会默认生成到家目录下的.ssh/目录下。使用rsa就会生成id_rsa和id_rsa.pub两个文件,如果使用的是dsa则生成的是id_dsa和id_dsa.pub两个文件。
[[email protected] ~]# ls /root/.ssh/ id_rsa id_rsa.pub
接着使用命令ssh-copy-id命令将公钥发到youxi2服务器上
[[email protected] ~]# ssh-copy-id -i .ssh/id_rsa.pub -p2891 [email protected]//-p选项指定被远程的服务器的端口号 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub" The authenticity of host [192.168.1.7]:2891 ([192.168.1.7]:2891) cant be established. ECDSA key fingerprint is SHA256:j3ee8eoTo2XEv0QxCYmxphMipcNRxC+IONPmt1HwRLg. ECDSA key fingerprint is MD5:25:e2:b4:08:f2:79:7d:6e:42:84:b5:78:3d:6a:81:20. Are you sure you want to continue connecting (yes/no)? yes //yes继续 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]s password: //输入192.168.1.7服务器上的root用户的密码 Number of key(s) added: 1 Now try logging into the machine, with: "ssh -p 2891 [email protected]" and check to make sure that only the key(s) you wanted were added.
公钥传完后虽然会在本地生成.ssh/known_hosts文件,但并不生效。而在youxi2服务器的root用户的家目录下生成.ssh目录,并含有authorized_keys文件。
[[email protected] ~]# ls .ssh/ authorized_keys
此时youxi1上的id_rsa.pub文件与youxi2是上的authorized_keys文件相同。
最后测试:在youxi1上ssh远程youxi2,会发现并不需要输入密码
[[email protected] ~]# ssh -p 2891 [email protected] Last login: Sun May 12 17:46:49 2019 from youxi1.cn [[email protected] ~]# ls .ssh/ authorized_keys
注意:是本机生成的公钥发给被远程的服务器,在发送公钥和远程服务器时,都需要指定被远程的服务器的端口号。
2)双向免密登录
双向免密就是互换公钥即可,这里接着上面把youxi2的公钥发送到youxi1上,并进行测试。
[[email protected] ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:9+woxNPvkE99zGUEZNcI+DJaUUIZXXMKb7k/Y6kPiJU [email protected] The keys randomart image is: +---[RSA 2048]----+ | .+*++*.+| | +..+.B.| | o = .| | + o. o | | .S+.E . o| | =.++.. =o| | . ooo+..==| | . *. +.o| | ...+... | +----[SHA256]-----+ [[email protected] ~]# ssh-copy-id -i .ssh/id_rsa.pub -p2890 [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub" The authenticity of host [192.168.1.6]:2890 ([192.168.1.6]:2890) cant be established. ECDSA key fingerprint is SHA256:j3ee8eoTo2XEv0QxCYmxphMipcNRxC+IONPmt1HwRLg. ECDSA key fingerprint is MD5:25:e2:b4:08:f2:79:7d:6e:42:84:b5:78:3d:6a:81:20. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -p 2890 [email protected]" and check to make sure that only the key(s) you wanted were added. [[email protected] ~]# ssh -p 2890 [email protected] Last login: Sun May 12 17:24:54 2019 from youxi2.cn [[email protected] ~]#
2765.html
服务器部署程序员系统优化网站设置运维相关文章
- VMware虚拟机下的CentOS7网络配置
- centos 日志审计_CentOS7 – 审计日志[通俗易懂]
- Centos7 安装yum源
- Centos7安装mysql+keepalived 高可用环境[通俗易懂]
- 虚拟机centos7没有ip地址怎么弄_虚拟机查ipconfig命令不存在
- 0x00000116蓝屏解决方案_centos7重启服务器命令
- Centos7安装BBR
- Linux重启网卡失败_centos7重启后网卡不启动
- centos7 socks5代理_ssh代理上网
- Centos7 安装telnet
- Centos7 运行Springboot打包后的jar文件的相关操作
- CentOS7 将 ens33 网卡名称更改为 eth0
- CentOS7安装步骤
- Centos7安装NPM
- centos7安装ImageMagick
- 怎么给虚拟机中的CentOS7配置固定ip
- Centos7下nginx的安装与配置教程详解
- 解决CentOS7虚拟机无法上网并设置CentOS7虚拟机使用静态IP上网
- Centos7下Samba服务器配置(实战)
- 莫小安 CentOS7使用firewalld打开关闭防火墙与端口详解程序员
- 构建基于SSH的Linux内外网间隔离访问(外网ssh访问内网linux)
- 行轻松连接Linux:熟悉SSH命令行(ssh连接linux命令)
- Linux如何快速删除SSH服务(linux删除ssh)
- 服务器重启Linux服务器:通过SSH连接来实现(ssh重启linux)
- 密钥添加 SSH 密钥,在 Linux 世界解锁更多奥秘(linux添加ssh)
- Centos7安装Redis:一步步搭建Redis服务器(centos7安装redis)
- Linux下完美配置SSH远程连接(linux下配置ssh)
- 借助SSH建立MySQL安全隧道(ssh隧道mysql)
- 的使用Linux系统下SSH工具的正确使用(linux下ssh工具)
- “Linux远程安全:教您简单修改SSH密码”(linux修改ssh密码)
- 使用SSH安全连接到Redis服务器(ssh连接到redis)
- SSH实现Redis集群整合赋予资源集群新的生命力(ssh整合redis集群)