• Linux快速入门(八)效率工具(SSH)


    环境

    (1)Kali(源主机),IP:10.211.55.4/24
    (2)Ubuntu(目标主机),IP:10.211.55.5/24

    SSH

    OpenSSH用于在远程系统上安全的运行Shell,假设现在需要在Kali机器上通过root用户远程登陆另一台机器Ubuntu,那么就可以使用SSH服务,但是使用SSH登录每次都需要输入密码,为了节省时间,可以配置SSH免密登陆。这样Kali这台机器就可以通过SSH直接登陆到Ubuntu

    SSH免密登陆

    主机连通性

    首先使用ping命令确保两台主机的连通性。

    ┌──(root㉿kali-linux-2022-2)-[~]
    └─# ping 10.211.55.5
    PING 10.211.55.5 (10.211.55.5) 56(84) bytes of data.
    64 bytes from 10.211.55.5: icmp_seq=1 ttl=64 time=0.928 ms
    64 bytes from 10.211.55.5: icmp_seq=2 ttl=64 time=0.818 ms
    64 bytes from 10.211.55.5: icmp_seq=3 ttl=64 time=0.832 ms
    ^C
    --- 10.211.55.5 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2050ms
    rtt min/avg/max/mdev = 0.818/0.859/0.928/0.048 ms
    

    创建配置文件

    Kali虚拟机虚拟机下创建SSH配置文件~/.ssh/config,先使用mkdir .ssh创建.ssh文件夹,然后进入.ssh文件夹通过touch config命令创建config文件,并在文件中配置以下按照格式配置以下信息:

    Host 目标主机的别名
    HostName 目标主机的IP或者域名
    User 登陆目标主机使用的用户名
    

    Kali上配置如下:

    ┌──(root㉿kali-linux-2022-2)-[~]
    └─# cat ~/.ssh/config
    Host ubuntu
    HostName 10.211.55.5
    User parallels
    

    创建密钥

    使用ssh-keygen命令创建密钥,所有的配置默认即可。

    ┌──(root㉿kali-linux-2022-2)-[~]
    └─# ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /root/.ssh/id_rsa
    Your public key has been saved in /root/.ssh/id_rsa.pub
    The key fingerprint is:
    SHA256:b/TY2e8TfhNTQu+lx+cnstlRZAeKEICVgKyGc2DeWy8 root@kali-linux-2022-2
    The key's randomart image is:
    +---[RSA 3072]----+
    | . ..+ooo.    .  |
    |..o . .  . . ... |
    |+o.       . .. .+|
    |+o.. .        .o=|
    |.o  o . S .    =+|
    |   . E . o + o.==|
    |      .   + + +o=|
    |         .  .o.*+|
    |            oo.oB|
    +----[SHA256]-----+
    

    创建完成之后,可以在.ssh文件下看到多出了两个文件:id_rsaid_rsa.pubid_rsa是私钥,
    id_rsa.pub是公钥。

    ┌──(root㉿kali-linux-2022-2)-[~]
    └─# ls .ssh 
    config  id_rsa  id_rsa.pub
    

    发送公钥

    现在只要将公钥传给你需要登录的主机即可,在这里就是将公钥传给ubuntu虚拟机,可以直接使用ssh-copy-id ubuntu将密钥传过去,这里的ubuntu就是之前在config文件里设置的别名。这里只需要输入一次parallels用户登陆ubuntu时使用的密码,也就是在config文件里设置的用户名对应的密码。

    ┌──(root㉿kali-linux-2022-2)-[~/.ssh]
    └─# ssh-copy-id ubuntu       
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    The authenticity of host '10.211.55.5 (10.211.55.5)' can't be established.
    ED25519 key fingerprint is SHA256:lN78YGD118UAp/ZmzrtWnrqicHaFkJbs5pIZfTH06b0.
    This key is not known by any other names
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    parallels@10.211.55.5's password: 
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh 'ubuntu'"
    and check to make sure that only the key(s) you wanted were added.
    

    第一次与陌生的主机建立连接之后会自动创建.ssh/know_hosts文件,这个文件中记录的是连接过的主机的信息

    登录测试

    完成上述步骤之后,通过ssh 主机别名的方式就可以实现免密登陆,退出时直接使用exit就可以退出。

    ┌──(root㉿kali-linux-2022-2)-[~/.ssh]
    └─# ssh ubuntu               
    Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-41-generic aarch64)
    
     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
    
    This system has been minimized by removing packages and content that are
    not required on a system that users do not log into.
    
    To restore this content, you can run the 'unminimize' command.
    
    129 updates can be applied immediately.
    32 of these updates are standard security updates.
    To see these additional updates run: apt list --upgradable
    
    Last login: Mon Aug 29 22:20:01 2022 from 10.211.55.4
    parallels@ubuntu:~$ 
    parallels@ubuntu:~$ exit
    logout
    Connection to 10.211.55.5 closed.
    

    ssh和sshd

    sshOpenSSH的服务端,sshdOpenSSH的客户端。

    配置文件

    有关SSH的配置文件在/etc/ssh目录下

    ┌──(root㉿kali-linux-2022-2)-[~/.ssh]
    └─# cd /etc/ssh 
                                                                                 
    ┌──(root㉿kali-linux-2022-2)-[/etc/ssh]
    └─# ls
    moduli        sshd_config.d           ssh_host_ed25519_key.pub
    ssh_config    ssh_host_ecdsa_key      ssh_host_rsa_key
    ssh_config.d  ssh_host_ecdsa_key.pub  ssh_host_rsa_key.pub
    sshd_config   ssh_host_ed25519_key
    

    其中,ssh_config的配置是针对ssh的,sshd_config的配置是针对sshd的,这两个文件根据当前机器是用作客户端还是服务端对应修改的,配置文件中的具体内容在后面用到时再详解解释。

    root用户远程登录

    root用户默认是不允许远程登录的,如果想要开启root用户远程登录,需要在ubuntu上找到/etc/ssh中的配置文件sshd_config,然后将这个文件的权限改为读写:

    parallels@ubuntu:~$ cd /etc/ssh/
    parallels@ubuntu:/etc/ssh$ sudo chmod 666 sshd_config
    

    接着在这个文件末尾添加PermitRootLogin yes,最后使用service ssh restart命令重启SSH服务。
    这时,在Kali上,将~/.ssh/config中的User改为root

    Host ubuntu
    HostName 10.211.55.5
    User root
    

    通过ssh-copy-id ubuntu将密钥传过去:

    ┌──(root㉿kali-linux-2022-2)-[~]
    └─# ssh-copy-id ubuntu  
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    root@10.211.55.5's password: 
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh 'ubuntu'"
    and check to make sure that only the key(s) you wanted were added.
    

    这样就可以实现root用户的免密登录:

    ┌──(root㉿kali-linux-2022-2)-[~]
    └─# ssh ubuntu        
    Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-41-generic aarch64)
    
     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
    
    This system has been minimized by removing packages and content that are
    not required on a system that users do not log into.
    
    To restore this content, you can run the 'unminimize' command.
    
    129 updates can be applied immediately.
    32 of these updates are standard security updates.
    To see these additional updates run: apt list --upgradable
    
    root@ubuntu:~# who am i
    root     pts/1        2022-08-29 23:02 (10.211.55.4)
    root@ubuntu:~# exit
    logout
    Connection to 10.211.55.5 closed.
    
  • 相关阅读:
    sudo: no tty present and no askpass program specified 解决方法
    中间件kingshard入门(一):基本安装
    mysql主从配置
    haproxy+keepalive双主高可用实现负载均衡
    lvs负载均衡配置
    docker可视化集中管理工具shipyard安装部署
    安装nodejs
    redis数据导入与导出以及配置使用
    搭建ss5环境
    thinkphp5+python.apscheduler实现计划任务
  • 原文地址:https://www.cnblogs.com/Timesi/p/16637680.html
Copyright © 2020-2023  润新知