一、root账号使用ssh-keygen 生成密匙
[root@vmware ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: a8:15:87:79:47:07:10:cf:c7:73:3c:bd:91:11:2b:12 root@vmware The key's randomart image is: +--[ RSA 2048]----+ | oooE. o.| | o + o.. .+| | + o +.+.++.| | = . ..o..o| | o S . | | o | | . | | | | | +-----------------+ [root@vmware ~]#
二、发布公钥 -i 指定本地公钥存放路径
[root@vmware ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.1.113 -p36000 The authenticity of host '[10.0.1.113]:36000 ([10.0.1.113]:36000)' can't be established. ECDSA key fingerprint is 00:6b:71:8a:34:4c:60:d8:ff:c6:81:27:77:77:d1:ff. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.0.1.113's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh -p '36000' 'root@10.0.1.113'" and check to make sure that only the key(s) you wanted were added.
三、直接登录
[root@vmware ~]# ssh root@10.0.1.113 -p36000 Last login: Thu May 24 16:02:49 2018 from 10.0.5.134 [root@yzh-jkb-privatization ~]#
四、直接查看拷贝过去的文件,会将id_dsa.pub 重命名为:
[root@yzh-jkb-privatization /]# ls /root/.ssh/authorized_keys
/root/.ssh/authorized_keys
[root@yzh-jkb-privatization .ssh]# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2/mi0jrbM13E8f89yFy+Mro2u+VYoSAiXgoOMrm2eZlss6nHdp8oV/qGTGucNPPVGGB6rHm6fvl/Z75u2CExJWUw3bSvevHieV3dfHngPHANDnxM6JXtr6DBjKVcKm3Bv+QlpvUJ/LJixnsTE4rgX4G1OWCP92q77eM0LEhD8eZllXCC/AkLxxxxxxxxxVNZehmR5BhJ/d4/Ad26idABX67dsQHZ1BxAha1AFF9uwZeNw1oJWqahkXFY8l+3YEWkrqBZsDZ67A81DmTBV7bbqwcqicHejHbScN101tg973XACGkXQxugPkGJxozn64CCs0dIt+Dk7qe4HYbTtE37 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCntTKU2jJhHWNt3PfMM2443B+t5R4mrgVQ3UoqRoSaSVMaLkSOpxl9NW2KPYf0U3MueV0rPpW1MnzL1YYITKqvhvrq0ae5ByRsdoEJK62tJc5RrPt2RHRdN1hrImz3Bmpc5mC9bAvqESzeTvMRhHZe/rL1WDZ4qDV1DGKCaxxxxxxxxEflwNVzUTAGXPQcKg54adnF4GYCEArzFd1PbGK6M24pjlQ3lBEyvMtZf2N8Jl/Q8bScbMCO2Fm/bjHyB33ix2RjCfvdF8hWY0weVgtdC6U+uRf1EGjTsEjU16EyfkmaoD+IYnlqF/ffSBHsr128cQaZhv+Af admin@steven.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDK5fz2aaIL3FgYETzFemnzoemZhJ6VBE/+HfDvrNgAqkjr/FlPrJWO1iObpIBLgxxxxxxxg6X1l6oTONXc8W1G4bFDnAuw1r/ZY1uVPi/sadqEl7jPE8XLqeV70L7E5wDyrkq2H2sZr8rA4hQ/f+l12jLaG0b3pd2U7rA7ylazsd3eYxpik5B4/arepf/exy/zEyTQkTXo7OVbFae0fWn/yThlu6UA1cqIankYsX3toy5FhO1LO21dEFiWgJ+wcykQiE7fndErX+Ht9vX1T80oPqNSBFFRELUVHGP42R4JtVzFdjlrcwpAcdFJ9Ry8LutUEdGGl2xHM9Ki7Ld9+Z root@vmware
五、普通用户登录
1、本机创建用户 useradd username
2、echo xxx密码 | passwd --stdin username
3、ssh-copy-d -i /root/.ssh/id_rsa.pub username@10.0.1.113
六、把文件从远程主机 copy 到当前系统
[root@vmware ~]# scp -P36000 root@10.0.1.113:/jkb-install-20180420.tar.gz / jkb-install-20180420.tar.gz 4% 47MB 8.3MB/s 02:09 ETA 拷贝目录 加 -r 参数
七、服务端配置
[root@vmware ~]# cat /etc/ssh/sshd_config
1、说明
#Port 22 # 默认 不是注释 Port 36000 # 可以添加多个端口号 #ListenAddress 0.0.0.0 #设置sshd服务器绑定的ip地址,0.0.0.0 表示监听多有地址 ListenAddress 10.0.1.119 # 只允许此ip访问 #Protocol 2 # 协议,如果用1,在后面添加 ,1
#LogLevel INFO # 日志记录登记 info级别以上 #PermitRootLogin yes # 默认允许root用户登录 PasswordAuthentication yes # 密码验证 #PermitEmptyPasswords no # 允许密码为空 no #LoginGraceTime 2m # 登录时输入密码时间,如果超过改时间,强迫断线,无单位时为s #PrintMotd yes # 登录后是否显示一些信息,打印的是/etc/motd 这个文档的内容。 #UseDNS yes #判断客户端来源是否正常合法,因此会使用DNS反查客户主机名,如果在内网连接,设置为no 联机速度会快一些 UsePrivilegeSeparation sandbox # 是否权限较低的程序提供用户操作,当普通用户登录,这个值会让sshd产生一个属于自己的sshd程序来使用,而不是root的程序,相对系统来说较为安全。
2、日志存放目录/var/log/secure
# The authpriv file has restricted access. authpriv.* /var/log/secure
3、