Linux爱情故事之如何以不一样的姿势（ssh）进入她的心

1、ssh是谁，为什么要进入她的心

• ssh 是 linux 操作系统的远程登录命令
• ssh 默认的端口为 22
• ssh 安全协议版本为 SSH2
• ssh 由 openssh（提供ssh服务） 和 openssl（提供加密的程序） 组成
• windows 上常用的 ssh客户端 有：xshell 、xterm 、finalshell 、putty 等等

2、如何正确的扒拉ssh

2.1、ssh的常用参数

Linux:~ # ssh --help
unknown option -- -
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-E log_file] [-e escape_char]
           [-F configfile] [-I pkcs11] [-i identity_file]
           [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
           [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
           [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]

2.2、您配钥匙吗？（ssh生成公钥或者秘钥）

• 在没有配置过公钥或者私钥的机器上，是不会生成.ssh目录的，.ssh目录在用户的家目录下面（那可不，你家钥匙肯定在你家呗）

Linux-144:~ # cd ~/.ssh
-bash: cd: /root/.ssh: No such file or directory

• 使用 ssh-keygen 命令，获得属于自己的公钥和私钥
• 输入 ssh-keygen 命令后，一路回车即可同时获得公钥（id_rsa.pub）和私钥(id_rsa)
• ssh-keyge -t 可以指定生成公钥和私钥的算法，默认是 rsa 算法
  • [-t dsa | ecdsa | ed25519 | rsa | rsa1] 有这里的五种算法

Linux-144:~ # ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:nUn0/piKV9GejHr7uo4Hj+xMCWlMQK/4NNhnOoUQHV0 root@Linux-144
The key's randomart image is:
+---[RSA 2048]----+
|    .o+o .E      |
|     ..o.. .     |
|    .   o . ..   |
|     = = + +. .  |
|    o * S + .= . |
|     o B ...o++  |
|      +  .o*o .  |
|       . +=o+    |
|        .o=+==.  |
+----[SHA256]-----+
Linux-144:~ # ll ~/.ssh/
total 8
-rw------- 1 root root 1675 Jan 19 06:39 id_rsa
-rw-r--r-- 1 root root  396 Jan 19 06:39 id_rsa.pub

2.3、我要单向畅通无阻的进入你的心（ssh-copy-id发送公钥和秘钥）

• 使用 ssh-copy-id 可以将自己的公钥和私钥发送到其他远程的服务

Linux-144:~ # ssh-copy-id -i [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.72.145 (192.168.72.145)' can't be established.
ECDSA key fingerprint is SHA256:r+MDt63O2buie+vek5ysFZ5wbxd+QolySolYxn6JMCU.
Are you sure you want to continue connecting (yes/no)? yes            "首次登陆的时候，需要输入yes"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:                                                             "这里的密码，是192.168.72.145机器得密码"

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Linux-144:~ # ssh [email protected]                     "我已经可以单向畅通无阻的进入145的心了（ssh远程机器，不需要输入密码了）"
Last login: Tue Jan 19 06:36:09 2021 from 192.168.72.1
Linux-145:~ # ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0C:29:41:AC:5C
          inet addr:192.168.72.145  Bcast:192.168.72.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe41:ac5c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:591 errors:0 dropped:0 overruns:0 frame:0
          TX packets:330 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:63923 (62.4 Kb)  TX bytes:57765 (56.4 Kb)

Linux-145:~ # ssh [email protected]                     "但是145想要进入到144的心，就需要验证密码，单向奔赴，总是让人心疼"
The authenticity of host '192.168.72.144 (192.168.72.144)' can't be established.
ECDSA key fingerprint is SHA256:r+MDt63O2buie+vek5ysFZ5wbxd+QolySolYxn6JMCU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.72.144' (ECDSA) to the list of known hosts.
Password:
Last login: Tue Jan 19 06:36:12 2021 from 192.168.72.1

2.4、双向奔赴，才有意义（利用authorized_keys文件）

• 当用户向自己使用 ssh-copy-id -i user@ip(ip为本机ip) 时，会在 ~/.ssh 目录下，产生 authorized_keys 文件
• 当用户向远程用户使用 ssh-copy-id -i user@ip（远程端用户的ip） 时，远程用户的 ~/.ssh 目录下，会产生 authorized_keys 文件

Linux-144:~ # ssh-copy-id -i [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.72.144 (192.168.72.144)' can't be established.
ECDSA key fingerprint is SHA256:r+MDt63O2buie+vek5ysFZ5wbxd+QolySolYxn6JMCU.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Linux-144:~ # ll ~/.ssh/
total 16
-rw------- 1 root root  396 Jan 19 06:58 authorized_keys
-rw------- 1 root root 1675 Jan 19 06:39 id_rsa
-rw-r--r-- 1 root root  396 Jan 19 06:39 id_rsa.pub
-rw-r--r-- 1 root root  352 Jan 19 06:58 known_hosts

• 远程用户生成自己的公钥和秘钥，也对自己使用 ssh-copy-id -i user@ip(ip为本机ip） ，以此来产生 authorized_keys 文件

Linux-145:~ # ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YRqMQywB7FBPve9XxBvCwG9mKkLuw/bBgc15HN4JjNs root@Linux-145
The key's randomart image is:
+---[RSA 2048]----+
|ooooo. .         |
|...+.o.oo        |
|o  .+ +.*+ .     |
| .  .=.X =B.+    |
|   o. B.E=oo o   |
|    o..oo   o    |
|   o .oo   .     |
|    =  .. .      |
|   . o.  .       |
+----[SHA256]-----+
Linux-145:~ # ssh-copy-id -i [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.72.145 (192.168.72.145)' can't be established.
ECDSA key fingerprint is SHA256:r+MDt63O2buie+vek5ysFZ5wbxd+QolySolYxn6JMCU.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

Linux-145:~ # ll ~/.ssh
total 16
-rw------- 1 root root  792 Jan 19 07:03 authorized_keys
-rw------- 1 root root 1679 Jan 19 07:02 id_rsa
-rw-r--r-- 1 root root  396 Jan 19 07:02 id_rsa.pub
-rw-r--r-- 1 root root  352 Jan 19 07:02 known_hosts

• 将其他主机的 authorized_keys 文件内的内容，复制到一台总的主机 authorized_keys 文件内，以此来达到多主机免密互信的效果

Linux-144:~ # cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMOdv/YkDbYwHRCo0ddj5IqiwLsLY8GkDUTh4yq9ypsyeIzcZvdrLWZ0ZJfFGdtX0RqeYOzbRyWbJZFGt64dZABoVedk429/fT92d1WoKMEfzek9u5uzxQIVKjJe5VaHj04ZW+snY2tsSJrKsCEe+NwaqrjnmU0I7fgSVXJgAiLwIp3yWMqj3nrV58FONaxcwzEkQ6o3Fz3jyqeXdy4vo/FoyT/dMBj4UK0xwKz3fy5h3k9Aarl7FjS3mBv7Tn0Q/zAGRJVSRc/M24tXiaqhBnh9MWxdZdxAwN76MaOOF0AcCE8oEHflZGByWwT7mQrnKP8ADerJqoE2BYpRhMHZvj root@Linux-144

Linux-145:~ # cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMOdv/YkDbYwHRCo0ddj5IqiwLsLY8GkDUTh4yq9ypsyeIzcZvdrLWZ0ZJfFGdtX0RqeYOzbRyWbJZFGt64dZABoVedk429/fT92d1WoKMEfzek9u5uzxQIVKjJe5VaHj04ZW+snY2tsSJrKsCEe+NwaqrjnmU0I7fgSVXJgAiLwIp3yWMqj3nrV58FONaxcwzEkQ6o3Fz3jyqeXdy4vo/FoyT/dMBj4UK0xwKz3fy5h3k9Aarl7FjS3mBv7Tn0Q/zAGRJVSRc/M24tXiaqhBnh9MWxdZdxAwN76MaOOF0AcCE8oEHflZGByWwT7mQrnKP8ADerJqoE2BYpRhMHZvj root@Linux-144
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqQQdDVXdaKvWSNucbOv69V4GKeU8Yi9A+9oDsWCgvN/BSVTATAHSxRNE5JSy+jnwb3EDqpDHxTuFgbLp6I91J4vc4Cj3ek75TbsFsrKmk3aIJF6DxCLzY0t9rySbeO7wCW8PffgtUSgtwrjL9m/ipqMmTjQsPRLoo8TCIYrnfvA/HJklS7gPXrWFquf0iaDjMMZpPhGkEU0wcHFbh4V73g4TsIpQ/fjnZfLmSxKN1UnNf8OGgf/Cq8kB7x3W3eduK9sZt28d2IwcPLXOvfbquZV98O8jonV2MOIYdIbKZiKa/fMeExhEO1LrvdnZINeSHNbXqIVhdRnbM9i5Sm+OZ root@Linux-145
Linux-145:~ # ssh [email protected]
Password:
"可以看到，144主机上，没有145主机的认证信息，因此，145主机通过ssh连接144主机的时候，需要提供密码"
"此时，我们将145机器上 authorized_keys 文件内，将第二段内容，复制到144机器上的 authorized_keys 文件内"
Linux-144:~ # cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMOdv/YkDbYwHRCo0ddj5IqiwLsLY8GkDUTh4yq9ypsyeIzcZvdrLWZ0ZJfFGdtX0RqeYOzbRyWbJZFGt64dZABoVedk429/fT92d1WoKMEfzek9u5uzxQIVKjJe5VaHj04ZW+snY2tsSJrKsCEe+NwaqrjnmU0I7fgSVXJgAiLwIp3yWMqj3nrV58FONaxcwzEkQ6o3Fz3jyqeXdy4vo/FoyT/dMBj4UK0xwKz3fy5h3k9Aarl7FjS3mBv7Tn0Q/zAGRJVSRc/M24tXiaqhBnh9MWxdZdxAwN76MaOOF0AcCE8oEHflZGByWwT7mQrnKP8ADerJqoE2BYpRhMHZvj root@Linux-144
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqQQdDVXdaKvWSNucbOv69V4GKeU8Yi9A+9oDsWCgvN/BSVTATAHSxRNE5JSy+jnwb3EDqpDHxTuFgbLp6I91J4vc4Cj3ek75TbsFsrKmk3aIJF6DxCLzY0t9rySbeO7wCW8PffgtUSgtwrjL9m/ipqMmTjQsPRLoo8TCIYrnfvA/HJklS7gPXrWFquf0iaDjMMZpPhGkEU0wcHFbh4V73g4TsIpQ/fjnZfLmSxKN1UnNf8OGgf/Cq8kB7x3W3eduK9sZt28d2IwcPLXOvfbquZV98O8jonV2MOIYdIbKZiKa/fMeExhEO1LrvdnZINeSHNbXqIVhdRnbM9i5Sm+OZ root@Linux-145

• 此时，我们在145机器上，通过ssh远程访问144机器来测试

Linux-145:~ # ssh [email protected]
Last login: Tue Jan 19 07:06:44 2021 from 192.168.72.145
Linux-144:~ # ssh [email protected]
Last login: Tue Jan 19 06:55:00 2021 from 192.168.72.144
Linux-145:~ # ssh [email protected]
Last login: Tue Jan 19 07:10:20 2021 from 192.168.72.145
Linux-144:~ # ssh [email protected]
Last login: Tue Jan 19 07:10:30 2021 from 192.168.72.144
Linux-145:~ # ssh [email protected]
Last login: Tue Jan 19 07:10:42 2021 from 192.168.72.145
Linux-144:~ # ssh [email protected]
Last login: Tue Jan 19 07:10:46 2021 from 192.168.72.144

• 这个时候，我们就可以看到，两台主机之间，已经可以双向畅通无阻的访问彼此的内心了

3、谢幕

• 彼此间的交心，需要双向奔赴，只是其中一方赤露敞开，依旧无法解决问题
• 然而人却无法像机器一样这么单纯，人类似乎就是一个矛盾体，越神秘的，越好奇；越容易得到的，越不珍惜
• 人类情感太复杂了，还是和机器过一辈子吧，毕竟机器不会骗人，昂昂昂~~~