1. Check whether the ssh key already exists
Usually sshkey will be generated in the user's home directory by default, so check whether there is a .ssh folder in the home directory and whether there is a related directory. (~/.ssh/id_rsa)
2. Generate key
Type in the console:
ssh-keygen -t rsa
Note: -t means to select the type of kye. There are RSA and DSA respectively. Please refer to Baidu for details
The console output is as follows:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
(In order to avoid the need to enter passphrase every time you make an ssh connection, you can enter passphrase here.)
Now your private key is placed in the file ~/.ssh/id_rsa, and the public key is placed in the file ~/.ssh/id_rsa.pub.
3. Use ssh key
The purpose of using the ssh key is to establish mutual trust between two machines, and no password is required to log in from one to the other. The specific methods are as follows:
1. First create a key pair on host A
ssh-keygen -t rsa
At this time, you can see the generated secret key ~/.ssh/id_rsa and public key ~/.ssh/id_rsa.pub on host A
2. Put the public key of host A on host B
scp -r /root/.ssh/id_rsa.pub 192.168.31.147:/root/.ssh/authorized_keys
The scp command is explained here:
There are three common ways to copy files between different Linux:
The first is ftp, that is, one of the Linux installations ftp Server, so that the other can use the ftp client program to copy files.
The second method is to use the samba service, which is similar to the Windows file copy operation, which is more concise and convenient.
The third is to use the scp command to copy files.
scp is a file copy with Security, based on ssh login. It is more convenient to operate. For example, to copy the current file to another remote host, the following command can be used.
scp /home/daisy/full.tar.gz [email protected]:/home/root
Then you will be prompted to enter the login password of the root user of the other 172.19.2.75 host, and then start copying.
3. At this time, using A to log in to B does not require a password
ssh B_ip
The same can be applied to B logging in to A
Fourth, SSH detailed 1, the structure of SSH
SSH is composed of client and server software. There are two incompatible versions: 1.x and 2.x. Client programs using SSH 2.x cannot connect to SSH 1.x service programs. OpenSSH 2.x supports both SSH 1.x and 2.x.
The server is a daemon that runs in the background and responds to connection requests from clients. The server is generally the sshd process, which provides processing of remote connections, generally including public key authentication, key exchange, symmetric key encryption, and non-secure connections.
The client contains the ssh program as well as other applications like scp (remote copy), slogin (remote login), sftp (secure file transfer), etc.
Their working mechanism is roughly that the local client sends a connection request to the remote server, the server checks the requested package and IP address and then sends the key to the SSH client, and the local sends the key back to the server. Since this connection is established. SSH 1.x and SSH 2.x have some differences in connection protocols.
Once a secure transport layer connection is established, the client sends a service request. When user authentication is complete, a second service request is sent. This allows newly defined protocols to coexist with the aforementioned protocols. The connection protocol provides a wide variety of channels, with standard methods for establishing secure interactive session shells and forwarding ("tunneling") proprietary TCP/IP ports and X11 connections.
SSH is designed to work on its own without using a super server (inetd), although it is possible to run the SSH process through tcpd on inetd, but this is completely unnecessary. After starting the SSH server, sshd is running and listening on the default port 22 (you can use # ps -waux | grep sshd to see if sshd is running correctly) If SSH is not started through inetd, then SSH will Been waiting for a connection request. When the request comes, the SSH daemon will spawn a child process, which will handle this connection.
2. Start and stop of SSH
First make sure the ssh service is installed
Check if the service has been started
ps -e | grep sshd
Start, stop, restart services
service sshd start start the ssh service
service sshd stop stop the ssh service
service sshd restart restarts the ssh service
Or use a script with a path:
/etc/init.d/sshd start
/etc/init.d/sshd stop
/etc/init.d/restart
Configure ssh-server, the configuration file is located in /etc/ssh/sshd_config, the default port is 22, for security, it is generally customized to another port, and then restart