远程连接
1、Telnet 端口: 23 明文,不加密,不安全
2、SSH 端口:22 安全 非对称加密和对称加密结合
非对称加密
secret key 私钥 服务器端
public key 公钥 客户端
认证过程
Linux:openssh
c/s架构
服务器端: sshd服务 配置文件/etc/ssh/sshd_config
客户端: ssh 配置文件 /etc/ssh/ssh_config
有关ssh服务的命令:
ssh 远程连接
ssh-keygen 密钥生成器
ssh-copy-id 将公钥传输至远程服务器
scp 跨主机拷贝文件
一、基于口令认证
ssh 10.0.0.31
1、10.0.0.31(nfs01)会给 xwj(客户端)创建一个存放nfs01公钥的文件 在客户端的家目录下 ~.ssh/known_hosts 文件
2、然后才能输入密码登录
3、如果是再次ssh 10.0.0.31,直接输入密码登录即可
4、指定用户登录
ssh username@host
例如
[root@xwj ~]# ssh [email protected]
[email protected]'s password:
[zhang@nfs01 ~]$
[zhang@nfs01 ~]$
二、基于秘钥认证
第一步:生成密钥对
命令1:交互式输入
[root@xwj ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
命令2:用参数一步搞定
[root@xwj ~]# ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ''
用一条命令搞定,有助于将来实现自动化
-f 指定文件名
-P 指定生成密钥的密码(为空)
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
第二步:将~/.ssh/id_rsa.pub文件拷贝到nfs01(10.0.0.31)
方法1、scp拷贝
将~/.ssh/id_rsa.pub文件拷贝到nfs01(10.0.0.31)主机~/.ssh/目录下 并重命名为authorized_keys
[root@xwj ~]# scp .ssh/id_rsa.pub [email protected]:~/.ssh/authorized_keys
权限.ssh为700
权限authorized_keys为600
[root@nfs01 ~]# chmod 700 .ssh
[root@nfs01 ~]# chmod 600 ~/.ssh/authorized_keys
方法2、ssh-copy-id命令拷贝
[root@xwj ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]