发布于 2017-06-27 02:17:15 | 162 次阅读 | 评论: 0 | 来源: 网友投递

这里有新鲜出炉的Linux常用命令,程序狗速度看过来!

Linux

Linux是一套免费使用和自由传播的类Unix操作系统,是一个基于POSIX和UNIX的多用户、多任务、支持多线程和多CPU的操作系统。它能运行主要的UNIX工具软件、应用程序和网络协议。


这篇文章主要介绍了详解SSH如何配置key免密码登录的相关资料,文中介绍的非常详细,对大家的学习或者工作具有一定的参考价值,需要的朋友们下面来一起看看吧。

如何使用

直接指定ip然后-i 指定key文件,然后指定用户


ssh 1.1.1.1 -i Test1 -l userxxx

不指定用户实际上就是使用当前的本机登陆的用户名去登陆远端主机,比如本地用户是AAA,那么:


ssh 1.1.1.1 -i Test1

等同于


ssh 1.1.1.1 -i Test1 -l AAA

这里要注意,生成的key是和一对用户绑定的,生成key的用户以及存储这个key的公钥的远端主机的用户。ssh的原理就是,公钥给人家,自己留秘钥,远端主机的其他用户也是无法看到这个指定的用户的接受到的公钥的,所以用户是一对一的。

比如我在test-server 下面的azuo1228生成key,然后拷贝到远端主机dest-server去使用,那么放在远端主机的哪个 用户home目录下面,对应的远端主机的这个用户才可以被无密码登陆,并不等于对远端主机的其他用户也能免密码登陆。

开始操作

1.生成key:


[azuo1228@test-server ~]$ ssh-keygen

这里一直敲回车就好


Generating public/private rsa key pair.
Enter file in which to save the key (/home/azuo1228/.ssh/id_rsa):
Created directory '/home/azuo1228/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/azuo1228/.ssh/id_rsa.
Your public key has been saved in /home/azuo1228/.ssh/id_rsa.pub.
The key fingerprint is:
d2:33:66:86:0a:b4:27:a9:86:92:24:ff:13:63:96:15 azuo1228@test-server
The key's randomart image is:
+--[ RSA 2048]----+
|   |
| E  |
| . .  |
| . o .o  |
|..= .oo S |
|++ +*. = o |
|=..o.o  |
|o ..  |
| ..  |
+-----------------+
[azuo1228@test-server ~]$ cd .ssh/
[azuo1228@test-server .ssh]$ dir
id_rsa id_rsa.pub

查看生产结果


[azuo1228@test-server .ssh]$ ll
total 8
-rw------- 1 azuo1228 administrator 1675 Dec 21 18:11 id_rsa
-rw------- 1 azuo1228 administrator 403 Dec 21 18:11 id_rsa.pub
[azuo1228@test-server .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUf
mZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server

2.拷贝到远端主机指定用户的home下面

可以看到这次还是要输密码的


[azuo1228@test-server .ssh]$ scp id_rsa.pub azuo1228@10.148.167.106:/home/azuo1228
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
azuo1228@10.148.167.106's password:
id_rsa.pub 100% 403 0.4KB/s 00:00

在此测试登录 -- 需要密码,还没免密码


[azuo1228@test-server .ssh]$ ssh azuo1228@10.148.167.106
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
azuo1228@10.148.167.106's password:
Last login: Wed Dec 21 18:07:21 2016 from shang1lu4gnl.ads.autodesk.com
Authorized uses only. All activity may be monitored and reported.
[azuo1228@dest-server ~]$

不存在.ssh的话需要创建


[azuo1228@dest-server ~]$ mkdir .ssh
[azuo1228@dest-server ~]$ cd .ssh/
[azuo1228@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server
[azuo1228@dest-server .ssh]$ ll
total 4
-rw-r--r-- 1 azuo1228 administrator 403 Dec 21 20:33 authorized_keys

需要权限为600


[azuo1228@dest-server .ssh]$ chmod 600 authorized_keys

[azuo1228@test-server .ssh]$ ssh azuo1228@10.148.167.106
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
Last login: Wed Dec 21 20:32:08 2016 from c72
Authorized uses only. All activity may be monitored and reported.
[azuo1228@dest-server ~]$
[azuo1228@dest-server ~]$
[azuo1228@dest-server ~]$ exit
logout
Connection to 10.148.167.106 closed.

再次登陆,就已经免密了


[azuo1228@test-server .ssh]$ ssh 10.148.167.106
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
Last login: Wed Dec 21 20:33:34 2016 from c72
Authorized uses only. All activity may be monitored and reported.

在尝试登陆zhour用户,依旧要密码,可见免密过程是一对一的。


[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhour
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
zhour@10.148.167.106's password:

拷贝公钥到另一个用户zhour


[azuo1228@test-server .ssh]$ scp id_rsa.pub zhour@10.148.167.106:/home/zhour

Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
zhour@10.148.167.106's password:
id_rsa.pub  100% 403 0.4KB/s 00:00

登陆依旧需要密码


[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhour
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
zhour@10.148.167.106's password:
Last login: Wed Dec 21 17:55:32 2016 from shang1lu4gnl.ads.autodesk.com
Authorized uses only. All activity may be monitored and reported.

添加公钥给zhour


[zhour@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server

这样就免密了


[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhour
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
Last login: Wed Dec 21 20:34:49 2016 from c72
Authorized uses only. All activity may be monitored and reported.

注意

需要注意两点,如下:

免密之后,scp这种走ssh 通道的都会免密;

key拷贝到远程主机的指定用户home目录下,最后,免输入密码的时候是远端主机的指定用户,非本地主机的用户

总结

以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对PHPERZ的支持。



最新网友评论  共有(0)条评论 发布评论 返回顶部

Copyright © 2007-2017 PHPERZ.COM All Rights Reserved   冀ICP备14009818号  版权声明  广告服务