1、ssh是谁,为什么要进入她的心
ssh 是 linux 操作系统的远程登录命令ssh 默认的端口为 22ssh 安全协议版本为 SSH2ssh 由 openssh(提供ssh服务) 和 openssl(提供加密的程序) 组成windows 上常用的 ssh客户端 有:xshell 、xterm 、finalshell 、putty 等等
2、如何正确的扒拉ssh
2.1、ssh的常用参数
Linux:~ # ssh --help
unknown option -- -
usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
[-D [bind_address:]port] [-E log_file] [-e escape_char]
[-F configfile] [-I pkcs11] [-i identity_file]
[-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
[-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
[-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
[user@]hostname [command]
2.2、您配钥匙吗?(ssh生成公钥或者秘钥)
- 在没有配置过公钥或者私钥的机器上,是不会生成
.ssh目录的,.ssh目录在用户的家目录下面(那可不,你家钥匙肯定在你家呗)
Linux-144:~ # cd ~/.ssh
-bash: cd: /root/.ssh: No such file or directory
Linux-144:~ # ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:nUn0/piKV9GejHr7uo4Hj+xMCWlMQK/4NNhnOoUQHV0 root@Linux-144
The key's randomart image is:
+---[RSA 2048]----+
| .o+o .E |
| ..o.. . |
| . o . .. |
| = = + +. . |
| o * S + .= . |
| o B ...o++ |
| + .o*o . |
| . +=o+ |
| .o=+==. |
+----[SHA256]-----+
Linux-144:~ # ll ~/.ssh/
total 8
-rw------- 1 root root 1675 Jan 19 06:39 id_rsa
-rw-r--r-- 1 root root 396 Jan 19 06:39 id_rsa.pub
2.3、我要单向畅通无阻的进入你的心(ssh-copy-id发送公钥和秘钥)
- 使用
ssh-copy-id 可以将自己的公钥和私钥发送到其他远程的服务
Linux-144:~ # ssh-copy-id root@192.168.72.145
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.72.145 (192.168.72.145)' can't be established.
ECDSA key fingerprint is SHA256:r+MDt63O2buie+vek5ysFZ5wbxd+QolySolYxn6JMCU.
Are you sure you want to continue connecting (yes/no)? yes "首次登陆的时候,需要输入yes"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password: "这里的密码,是192.168.72.145机器得密码"
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.72.145'"
and check to make sure that only the key(s) you wanted were added.
Linux-144:~ # ssh root@192.168.72.145 "我已经可以单向畅通无阻的进入145的心了(ssh远程机器,不需要输入密码了)"
Last login: Tue Jan 19 06:36:09 2021 from 192.168.72.1
Linux-145:~ # ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:41:AC:5C
inet addr:192.168.72.145 Bcast:192.168.72.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe41:ac5c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:591 errors:0 dropped:0 overruns:0 frame:0
TX packets:330 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:63923 (62.4 Kb) TX bytes:57765 (56.4 Kb)
Linux-145:~ # ssh root@192.168.72.144 "但是145想要进入到144的心,就需要验证密码,单向奔赴,总是让人心疼"
The authenticity of host '192.168.72.144 (192.168.72.144)' can't be established.
ECDSA key fingerprint is SHA256:r+MDt63O2buie+vek5ysFZ5wbxd+QolySolYxn6JMCU.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.72.144' (ECDSA) to the list of known hosts.
Password:
Last login: Tue Jan 19 06:36:12 2021 from 192.168.72.1
2.4、双向奔赴,才有意义(利用authorized_keys文件)
- 当用户向自己使用
ssh-copy-id user@ip(ip为本机ip) 时,会在 ~/.ssh 目录下,产生 authorized_keys 文件
- 当用户向远程用户使用
ssh-copy-id -i user@ip(远程端用户的ip) 时,远程用户的 ~/.ssh 目录下,会产生 authorized_keys 文件
Linux-144:~ # ssh-copy-id root@192.168.72.144
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.72.144 (192.168.72.144)' can't be established.
ECDSA key fingerprint is SHA256:r+MDt63O2buie+vek5ysFZ5wbxd+QolySolYxn6JMCU.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.72.144'"
and check to make sure that only the key(s) you wanted were added.
Linux-144:~ # ll ~/.ssh/
total 16
-rw------- 1 root root 396 Jan 19 06:58 authorized_keys
-rw------- 1 root root 1675 Jan 19 06:39 id_rsa
-rw-r--r-- 1 root root 396 Jan 19 06:39 id_rsa.pub
-rw-r--r-- 1 root root 352 Jan 19 06:58 known_hosts
- 远程用户生成自己的公钥和秘钥,也对自己使用
ssh-copy-id -i user@ip(ip为本机ip) ,以此来产生 authorized_keys 文件
Linux-145:~ # ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:YRqMQywB7FBPve9XxBvCwG9mKkLuw/bBgc15HN4JjNs root@Linux-145
The key's randomart image is:
+---[RSA 2048]----+
|ooooo. . |
|...+.o.oo |
|o .+ +.*+ . |
| . .=.X =B.+ |
| o. B.E=oo o |
| o..oo o |
| o .oo . |
| = .. . |
| . o. . |
+----[SHA256]-----+
Linux-145:~ # ssh-copy-id -i root@192.168.72.145
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.72.145 (192.168.72.145)' can't be established.
ECDSA key fingerprint is SHA256:r+MDt63O2buie+vek5ysFZ5wbxd+QolySolYxn6JMCU.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.72.145'"
and check to make sure that only the key(s) you wanted were added.
Linux-145:~ # ll ~/.ssh
total 16
-rw------- 1 root root 792 Jan 19 07:03 authorized_keys
-rw------- 1 root root 1679 Jan 19 07:02 id_rsa
-rw-r--r-- 1 root root 396 Jan 19 07:02 id_rsa.pub
-rw-r--r-- 1 root root 352 Jan 19 07:02 known_hosts
- 将其他主机的
authorized_keys 文件内的内容,复制到一台总的主机 authorized_keys 文件内,以此来达到多主机免密互信的效果
Linux-144:~ # cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMOdv/YkDbYwHRCo0ddj5IqiwLsLY8GkDUTh4yq9ypsyeIzcZvdrLWZ0ZJfFGdtX0RqeYOzbRyWbJZFGt64dZABoVedk429/fT92d1WoKMEfzek9u5uzxQIVKjJe5VaHj04ZW+snY2tsSJrKsCEe+NwaqrjnmU0I7fgSVXJgAiLwIp3yWMqj3nrV58FONaxcwzEkQ6o3Fz3jyqeXdy4vo/FoyT/dMBj4UK0xwKz3fy5h3k9Aarl7FjS3mBv7Tn0Q/zAGRJVSRc/M24tXiaqhBnh9MWxdZdxAwN76MaOOF0AcCE8oEHflZGByWwT7mQrnKP8ADerJqoE2BYpRhMHZvj root@Linux-144
Linux-145:~ # cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMOdv/YkDbYwHRCo0ddj5IqiwLsLY8GkDUTh4yq9ypsyeIzcZvdrLWZ0ZJfFGdtX0RqeYOzbRyWbJZFGt64dZABoVedk429/fT92d1WoKMEfzek9u5uzxQIVKjJe5VaHj04ZW+snY2tsSJrKsCEe+NwaqrjnmU0I7fgSVXJgAiLwIp3yWMqj3nrV58FONaxcwzEkQ6o3Fz3jyqeXdy4vo/FoyT/dMBj4UK0xwKz3fy5h3k9Aarl7FjS3mBv7Tn0Q/zAGRJVSRc/M24tXiaqhBnh9MWxdZdxAwN76MaOOF0AcCE8oEHflZGByWwT7mQrnKP8ADerJqoE2BYpRhMHZvj root@Linux-144
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqQQdDVXdaKvWSNucbOv69V4GKeU8Yi9A+9oDsWCgvN/BSVTATAHSxRNE5JSy+jnwb3EDqpDHxTuFgbLp6I91J4vc4Cj3ek75TbsFsrKmk3aIJF6DxCLzY0t9rySbeO7wCW8PffgtUSgtwrjL9m/ipqMmTjQsPRLoo8TCIYrnfvA/HJklS7gPXrWFquf0iaDjMMZpPhGkEU0wcHFbh4V73g4TsIpQ/fjnZfLmSxKN1UnNf8OGgf/Cq8kB7x3W3eduK9sZt28d2IwcPLXOvfbquZV98O8jonV2MOIYdIbKZiKa/fMeExhEO1LrvdnZINeSHNbXqIVhdRnbM9i5Sm+OZ root@Linux-145
Linux-145:~ # ssh root@192.168.72.144
Password:
"可以看到,144主机上,没有145主机的认证信息,因此,145主机通过ssh连接144主机的时候,需要提供密码"
"此时,我们将145机器上 authorized_keys 文件内,将第二段内容,复制到144机器上的 authorized_keys 文件内"
Linux-144:~ # cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMOdv/YkDbYwHRCo0ddj5IqiwLsLY8GkDUTh4yq9ypsyeIzcZvdrLWZ0ZJfFGdtX0RqeYOzbRyWbJZFGt64dZABoVedk429/fT92d1WoKMEfzek9u5uzxQIVKjJe5VaHj04ZW+snY2tsSJrKsCEe+NwaqrjnmU0I7fgSVXJgAiLwIp3yWMqj3nrV58FONaxcwzEkQ6o3Fz3jyqeXdy4vo/FoyT/dMBj4UK0xwKz3fy5h3k9Aarl7FjS3mBv7Tn0Q/zAGRJVSRc/M24tXiaqhBnh9MWxdZdxAwN76MaOOF0AcCE8oEHflZGByWwT7mQrnKP8ADerJqoE2BYpRhMHZvj root@Linux-144
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqQQdDVXdaKvWSNucbOv69V4GKeU8Yi9A+9oDsWCgvN/BSVTATAHSxRNE5JSy+jnwb3EDqpDHxTuFgbLp6I91J4vc4Cj3ek75TbsFsrKmk3aIJF6DxCLzY0t9rySbeO7wCW8PffgtUSgtwrjL9m/ipqMmTjQsPRLoo8TCIYrnfvA/HJklS7gPXrWFquf0iaDjMMZpPhGkEU0wcHFbh4V73g4TsIpQ/fjnZfLmSxKN1UnNf8OGgf/Cq8kB7x3W3eduK9sZt28d2IwcPLXOvfbquZV98O8jonV2MOIYdIbKZiKa/fMeExhEO1LrvdnZINeSHNbXqIVhdRnbM9i5Sm+OZ root@Linux-145
- 此时,我们在145机器上,通过ssh远程访问144机器来测试
Linux-145:~ # ssh root@192.168.72.144
Last login: Tue Jan 19 07:06:44 2021 from 192.168.72.145
Linux-144:~ # ssh root@192.168.72.145
Last login: Tue Jan 19 06:55:00 2021 from 192.168.72.144
Linux-145:~ # ssh root@192.168.72.144
Last login: Tue Jan 19 07:10:20 2021 from 192.168.72.145
Linux-144:~ # ssh root@192.168.72.145
Last login: Tue Jan 19 07:10:30 2021 from 192.168.72.144
Linux-145:~ # ssh root@192.168.72.144
Last login: Tue Jan 19 07:10:42 2021 from 192.168.72.145
Linux-144:~ # ssh root@192.168.72.145
Last login: Tue Jan 19 07:10:46 2021 from 192.168.72.144
- 这个时候,我们就可以看到,两台主机之间,已经可以双向畅通无阻的访问彼此的内心了
3、谢幕
- 彼此间的
交心,需要双向奔赴,只是其中一方赤露敞开,依旧无法解决问题
- 然而人却无法像机器一样这么单纯,人类似乎就是一个
矛盾体,越神秘的,越好奇;越容易得到的,越不珍惜
- 人类情感太复杂了,还是和机器过一辈子吧,毕竟
机器不会骗人,昂昂昂~~~
