SSH-2
目前提供了2
种常用的客户端认证方式。
1、基于密码
的客户端认证,使用账号和密码认证
2、基于密钥
的客户端认证,免密码认证
SSH-2
默认会优先尝试密钥认证
, 如果认证失败,才会尝试密码认证
。- 如何做
免密码认证登录
?流程图:
操作流程简单介绍:在客户端生成公私钥,然后将公钥追加到服务器授权文件尾部,为什么是追加到尾部呢?因为这个授权文件里面会存放很多的授权公钥或者别的验证数据,自然是不能覆盖的,只能追加。
操作流程
1、生成公私钥,输入命令之后一路回车即可
$ ssh-keygen
dengzemiaodeMacBook-Pro:~ dengzemiao$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/Users/dengzemiao/.ssh/id_rsa): /Users/dengzemiao/.ssh/id_rsa already exists. // 如果之前有创建,这里会询问是否覆盖,根据自己情况决定,如果不想覆盖修改一下上面的路径即可 Overwrite (y/n)?
2、查看公私钥,并找到该目录
$ cd ~/.ssh
dengzemiaodeMacBook-Pro:~ dengzemiao$ cd ~/.ssh dengzemiaodeMacBook-Pro:.ssh dengzemiao$ ls id_rsa id_rsa.pub known_hosts // id_rsa:私钥文件 // id_rsa.pub:公钥文件 // 查看一下公钥 dengzemiaodeMacBook-Pro:.ssh dengzemiao$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjVE65ziQ/cAyjwS2+zcqGip6jzndh4dYKUsop0kYAfMSnKF3do1fbU903JB4jzbyICuF5oGCLknB2uIvxp/uk2BdrtstFNuiRqTyY4c/i0ZxsWkGhTOfbuWFzHBpZGuCFKEO4/y2BwDss7R5nlwcQ1tNaB9I5Ck8Uf3d85oqJKBRkVjxGUQz15AQtzvvQf9RIhWtefLJAvqWfZKS/5TAcsd9nyznLSAAbHMf/KlmbZ7ifE1QccCZNIAD7fw9WHYNVnNjRDDItoAhRsIm4bSdAWHW++wmUsVoJ6pt0D8fySqnhLLfSYBuEn16KQxooB1dBx4g7Rk5Ju90C5gtC1T95 dengzemiaovip@163.com
3、将公钥发送到服务端(手机)存储
$ ssh-copy-id root@10.0.89.184
dengzemiaodeMacBook-Pro:~ dengzemiao$ cd ~/.ssh dengzemiaodeMacBook-Pro:.ssh dengzemiao$ ls id_rsa id_rsa.pub known_hosts dengzemiaodeMacBook-Pro:.ssh dengzemiao$ ssh-copy-id root@10.0.89.184 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/dengzemiao/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys // 这里需要输入手机端 root 账户的密码确认 root@10.0.89.184's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.0.89.184'" and check to make sure that only the key(s) you wanted were added.
4、然后我们设置输入之前的登录命令,就不需要在输入密码直接进入到服务端(手机)里面了。这里有个细节:就是我们在发送公钥的时候我们用的是 root
这个账户,那么另外一个 mobile
账户如果登录还是需要输入密码的,因为只配置了 root
账户,但是我们只需要用到 root
账户就够了。
$ ssh root@10.0.89.184
dengzemiaodeMacBook-Pro:~ dengzemiao$ ssh root@10.0.89.184 iPhone:~ root#
5、查看我们发送到服务端(手机)的公钥,命令行按上面链接进入手机,查看到公钥之后可以跟上面客户端的进行对比。
$ cd ~/.ssh
dengzemiaodeMacBook-Pro:~ dengzemiao$ ssh root@10.0.89.184 iPhone:~ root# cd ~/.ssh iPhone:~/.ssh root# ls authorized_keys iPhone:~/.ssh root# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjVE65ziQ/cAyjwS2+zcqGip6jzndh4dYKUsop0kYAfMSnKF3do1fbU903JB4jzbyICuF5oGCLknB2uIvxp/uk2BdrtstFNuiRqTyY4c/i0ZxsWkGhTOfbuWFzHBpZGuCFKEO4/y2BwDss7R5nlwcQ1tNaB9I5Ck8Uf3d85oqJKBRkVjxGUQz15AQtzvvQf9RIhWtefLJAvqWfZKS/5TAcsd9nyznLSAAbHMf/KlmbZ7ifE1QccCZNIAD7fw9WHYNVnNjRDDItoAhRsIm4bSdAWHW++wmUsVoJ6pt0D8fySqnhLLfSYBuEn16KQxooB1dBx4g7Rk5Ju90C5gtC1T95 dengzemiaovip@163.com
这一章是智能操作这些步骤,下一章将手动操作一下这些步骤,以及如何将本地公钥远程拷贝到服务端尾部,如果我们正常使用,这章就够了。
但是知道手动操作流程就好比知道智能操作的上一层做了哪些东西,思路大同小异,扩展学习一下。
也知道一下怎么通过 ssh
远程拷贝文件,以及怎么处理文件权限的问题。