SSH远程免密登入

环境:两台centos虚拟机,一台为192.168.134.129(用作远程主机),另一台为192.168.134.130.

先是查看一下两台linux的ip地址:

[root@promote ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.134.129  netmask 255.255.255.0  broadcast 192.168.134.255
        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:eb:2d:01  txqueuelen 1000  (Ethernet)
        RX packets 145  bytes 18326 (17.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 144  bytes 23724 (23.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 64  bytes 5696 (5.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64  bytes 5696 (5.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

再来看一下其余一台:

[root@machine1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.134.130  netmask 255.255.255.0  broadcast 192.168.134.255
        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::134a:dd7d:6b15:96ea  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:42:f7:1d  txqueuelen 1000  (Ethernet)
        RX packets 127  bytes 15748 (15.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 134  bytes 21258 (20.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 64  bytes 5696 (5.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64  bytes 5696 (5.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

先在192.168.134.130上远程登入192.168.134.129Ubuntu下SSH无密码验证配置的方法步骤,详解SSH怎么样配置key免密码登录。试试。

[root@machine1 ~]# ssh 192.168.134.129
The authenticity of host '192.168.134.129 (192.168.134.129)' can't be established.
ECDSA key fingerprint is SHA256:JqAC8jcLCLobvRy0wzY9VGBNuZU3EydpO8n2fEtQ178.
ECDSA key fingerprint is MD5:5d:26:a1:60:c3:eb:02:e9:97:7a:bb:7a:49:8a:14:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.134.129' (ECDSA) to the list of known hosts.
root@192.168.134.129's password:

意识是要输入密码本领够登入的。
当今来落到实处免密登入。
首先在192.168.134.130上生成公钥。

[root@machine1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pRHW15F3aA7esrPe39CEchPqzPCKAIKd/+4liaigyzo root@machine1
The key's randomart image is:
+---[RSA 2048]----+
|        o.   ..+ |
|       . .. o = o|
|        . .o =...|
| o .     +  o.oo |
|. + .   S . oo+ .|
|   + o .   *oo + |
|. . o + .   =o. .|
|E.   . + . ... ..|
|*+   o+ . ... ..o|
+----[SHA256]-----+

随之将此公钥发送到远程主机192.168.134.129

[root@machine1 ~]# ssh-copy-id 192.168.134.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.134.129's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.134.129'"
and check to make sure that only the key(s) you wanted were added.

传递完毕之后,到长途主机192.168.134.129上修改ssh的布局文件/etc/ssh/sshd_config.
修改以下两条:PubkeyAuthentication yesPasswordAuthentication no,即密钥登入改为yes,密码登入改为no.
澳门金沙国际 1
紧接重视启一下sshd服务

[root@machine1 ~]# systemctl restart sshd

然后到192.168.134.130上长途免密登6192.168.134.129试试。

[root@machine1 ~]# ssh 192.168.134.129
Last login: Thu Jul 12 00:01:07 2018 from 192.168.134.1
[root@promote ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.134.129  netmask 255.255.255.0  broadcast 192.168.134.255
        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:eb:2d:01  txqueuelen 1000  (Ethernet)
        RX packets 1927  bytes 207095 (202.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1693  bytes 174581 (170.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 64  bytes 5696 (5.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64  bytes 5696 (5.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

免密登陆成功!

什么样使用

前言

老左在前面包车型大巴大多篇章中1度享受过在centos只怕在debian环境下安装lnmp和llsmp的教程,老左用人格担保肯定是一蹴而就的,因为作者都以在实战操作后截图及写下去的篇章。能够让VPS初学者手把手的读书如何在Linux
VPS上安装系统及树立网址。老左第二次选取VPS不会安装环境,准备请1个网络好友安装,还准备收取报酬50元,鉴于此作者就自学。

直接钦定ip然后-i 钦定key文件,然后钦命用户

SSH为Secure Shell
的缩写,是最近较可信,专为远程登6会话和任何网络服务提供安全性的磋商。越来越多的同伴们利用远程登陆,而ssh安全性无疑是异常高的,那么大家现在来探视怎么着落到实处ssh无密码验证配置。

我们在学会了VPS的装置和建站之后,肯定须求附带学习VPS的安康设置。因为VPS和主机差异,主机商或然会给我们备份,而且主机的安全性都有主机商承担。可是,借使明天大家在动用VPS,这VPS的安全性主机商是不担当的,既然大家挑选接纳VPS,就必然要搞好安全爱护。接下来几篇小说老左将分享两种相比较基础的Linux
VPS安全设置。后天先分享修改SSH端口。

ssh 1.1.1.1 -i Test1 -l userxxx

1. 预备干活

任凭大家的网址是还是不是一举成名,很多黑客选手大概同行都以用软件直接扫描网站VPS/主机端口的,壹般的门阀都清楚VPS端口为2贰,如若我们修改了端口至少先找不到端口,诸多时候由于我们的端口是暗许,尽管主机安全也会留下多量的日记文件。那个文件就是被高利润破解的荒唐记录。

不点名用户实际正是应用当前的本机登入的用户名去登录远端主机,比如当地用户是AAA,那么:

先是要力保您的linux系统中已经安装了ssh,对于ubuntu系统1般暗中认可只设置了ssh
client,所以还要求大家手动安装ssh server:

修改SSH端口的主意:登入SSH,然后经过 vi /etc/ssh/sshd_config
命令张开文件,修改个中的port前面包车型大巴数字。(vi
的核心使用应该会吗?:wq是保留退出的情趣,a
是编写的乐趣,esc是脱离当前的乐趣)

ssh 1.1.1.1 -i Test1
sudo apt-get install openssh-server

澳门金沙国际 2

等同于

2. SSH基本原理

最终一步正是重启ssh,供给小心的是centos和debian是不一致的授命,那也是众多菜鸟站长在玩VPS的时候出现的疑点。所以小编把那三种办法都说一下。

ssh 1.1.1.1 -i Test1 -l AAA

二.1 基本原理

复制代码 代码如下:

此处要专注,生成的key是和部分用户绑定的,生成key的用户以及存款和储蓄这么些key的公钥的远端主机的用户。ssh的规律正是,公钥给人家,本身留秘钥,远端主机的其余用户也是心有余而力不足看到这几个钦点的用户的接受到的公钥的,所以用户是10分的。

SSH之所以能够保险安全,原因在于它选用了公钥加密。进度如下:

CentOS 重启SSH : service sshd restart
DeBian重启SSH:service ssh restart

诸如小编在test-server
下面包车型大巴azuo122八生成key,然后拷贝到远端主机dest-server去使用,那么放在远端主机的哪些
用户home目录下边,对应的远端主机的这些用户才足以被无密码登入,并不等于对远端主机的其余用户也能免密码登录。

  1. 长途主机械收割到用户的记名请求,把温馨的公钥发给用户;
  2. 用户选取那几个公钥,将登入密码加密后,发送回来;
  3. 长途主机用本人的私钥,解密登入密码,假诺密码正确,就允许用户登六。

是还是不是改好,大家自身用PUTTY登录SSH试试。老左测试是修改成功的。

开始操作

二.一 基本用法

您可能感兴趣的篇章:

  • 详解虚拟机中CentOS 7互连网和ssh的陈设
  • CentOS 七 sshd
    链接被拒绝难点化解办法
  • Redhat 7/CentOS 柒 SSH
    免密登入的艺术
  • centos
    陆.5下修改SSH端口及禁止使用root远程登6的方式
  • docker centos7安装ssh具体步骤
  • CentOS
    六.5中SSH免密码登六配置教程
  • Centos六.五ssh配置与运用教程
  • CentOS下SSH无密码登陆的配置文件
  • CentOS SSH无密码登六的布置
  • 在CentOS / 景逸SUVHEL上设置 SSH
    免密码登入的法子

1.生成key:

SSH暗许端口号为:22,能够依照本身的内需修改暗中认可端口号为此外,并合作使用iptables过滤来界定远程SSH登入的ip。常用用法如下:

[azuo1228@test-server ~]$ ssh-keygen
# 使用默认的22端口
ssh root@192.168.0.1
# 若修改过SSH默认端口号(例如:修改为了1000),则登陆时需要指定端口号10000
ssh root@192.168.0.1 -p 10000

此地一向敲回车就好

三. 配置SSH无密登录

Generating public/private rsa key pair.
Enter file in which to save the key (/home/azuo1228/.ssh/id_rsa):
Created directory '/home/azuo1228/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/azuo1228/.ssh/id_rsa.
Your public key has been saved in /home/azuo1228/.ssh/id_rsa.pub.
The key fingerprint is:
d2:33:66:86:0a:b4:27:a9:86:92:24:ff:13:63:96:15 azuo1228@test-server
The key's randomart image is:
+--[ RSA 2048]----+
|   |
| E  |
| . .  |
| . o .o  |
|..= .oo S |
|++ +*. = o |
|=..o.o  |
|o ..  |
| ..  |
+-----------------+
[azuo1228@test-server ~]$ cd .ssh/
[azuo1228@test-server .ssh]$ dir
id_rsa id_rsa.pub

三.1 重要用与Hadoop集群配置中:

翻开生产结果

Hadoop运转进度中须要管住远端Hadoop守护进度,在Hadoop运行之后,NameNode是经过SSH(Secure
Shell)来运行和甘休各种DataNode上的各样护理进度的。那就必须在节点之间进行命令的时候是不须要输入密码的花样,故大家须求布置SSH运用无密码公钥认证的款型,那样NameNode使用SSH无密码登六并运营DataName进程,同样原理,DataNode上也能运用SSH无密码登陆到
NameNode。

[azuo1228@test-server .ssh]$ ll
total 8
-rw------- 1 azuo1228 administrator 1675 Dec 21 18:11 id_rsa
-rw------- 1 azuo1228 administrator 403 Dec 21 18:11 id_rsa.pub
[azuo1228@test-server .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUf
mZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server
  1. 先是,运营 ssh localhost 来发生 /home/用户名/.ssh
    目录,然后实施上边发号施令,将转移的 “ id_rsa.pub ”
    追加(那里切记是增加,不是覆盖)到授权的key里面去。那样的效应是落实了方今用户无密SSH登录到温馨:

二.拷贝到远端主机钦命用户的home下边

 cd ~/.ssh  # 如果找不到这个文件夹,先执行一下 "ssh localhost"
 ssh-keygen -t rsa
 # 将id_rsa.pub追加到authorized_keys
 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

能够看看此番依然要输密码的

  1. 如若要贯彻无密登录到此外的主机,只需将生成的 “ id_rsa.pub ”
    追加到任何主机的 ” ~/.ssh/authorized_keys “
    中去。那里大家应用的章程是先将本机的 ” ~/.ssh/id_rsa.pub “
    拷贝到你想无密登入的主机上,再在对应的主机上使用 ” cat ” 命令将”
    ~/.ssh/id_rsa.pub “ 追加到该主机的 ” ~/.ssh/authorized_keys “ 中。
[azuo1228@test-server .ssh]$ scp id_rsa.pub azuo1228@10.148.167.106:/home/azuo1228
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
azuo1228@10.148.167.106's password:
id_rsa.pub 100% 403 0.4KB/s 00:00
# 假设我们的主机名为:A,用户名:hadoop,ip:192.168.0.1
# 想要无密SSH登陆的主机名为:B, 用户名:hadoop,ip:192.168.0.2

# 首先,我们使用A中的hadoop用户拷贝 " ~/.ssh/id_rsa.pub " 到B的 " /home/hadoop/tmp/ " 目录下
scp ~/.ssh/id_rsa.pub hadoop@192.168.0.2:/home/hadoop/tmp
# 这里的ip也可以换为主机名

# 然后,ssh登陆B,将 " /home/hadoop/tmp/id_rsa.pub " 追加到 " ~/.ssh/authorized_keys " 中去。
cat /home/hadoop/tmp/id_rsa.pub >> ~/.ssh/authorized_keys

在此测试登入 — 需求密码,还没免密码

现行反革命,大家就足以在A中央银行使SSH无密登入到B的hadoop用户了,同理假使想无密登录其余的主机都得以采用此格局。需求专注的是安顿hadoop集群时须求Master和Slave能够相互SSH无密登录。

[azuo1228@test-server .ssh]$ ssh azuo1228@10.148.167.106
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
azuo1228@10.148.167.106's password:
Last login: Wed Dec 21 18:07:21 2016 from shang1lu4gnl.ads.autodesk.com
Authorized uses only. All activity may be monitored and reported.
[azuo1228@dest-server ~]$

总结

不存在.ssh的话须要创立

上述就是那篇小说的全体内容了,希望本文的内容对大家的学习只怕办事能带来一定的推抢,假若有问号大家能够留言交换,感谢大家对剧本之家的协理。

[azuo1228@dest-server ~]$ mkdir .ssh
[azuo1228@dest-server ~]$ cd .ssh/
[azuo1228@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server
[azuo1228@dest-server .ssh]$ ll
total 4
-rw-r--r-- 1 azuo1228 administrator 403 Dec 21 20:33 authorized_keys

您或许感兴趣的篇章:

  • 选择ssh-keygen,完成免密码登入linux的艺术
  • Linux配置远程SSH无密码登六
  • linux远程登入ssh免密码配置格局
  • Linux下降成SSH免密码登入和促成秘钥的保管、分发、布署SHELL脚本分享
  • Linux
    VPS利用SSH重新恢复设置ROOT密码的措施
  • 澳门金沙国际 ,Linux使用ssh公钥完结免密码登录实例

亟需权限为600

[azuo1228@dest-server .ssh]$ chmod 600 authorized_keys

[azuo1228@test-server .ssh]$ ssh azuo1228@10.148.167.106
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
Last login: Wed Dec 21 20:32:08 2016 from c72
Authorized uses only. All activity may be monitored and reported.
[azuo1228@dest-server ~]$
[azuo1228@dest-server ~]$
[azuo1228@dest-server ~]$ exit
logout
Connection to 10.148.167.106 closed.

重复登录,就已经免密了

[azuo1228@test-server .ssh]$ ssh 10.148.167.106
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
Last login: Wed Dec 21 20:33:34 2016 from c72
Authorized uses only. All activity may be monitored and reported.

在尝试登入zhour用户,还是要密码,可知免密进程是一定的。

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhour
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
zhour@10.148.167.106's password:

拷贝公钥到另八个用户zhour

[azuo1228@test-server .ssh]$ scp id_rsa.pub zhour@10.148.167.106:/home/zhour

Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
zhour@10.148.167.106's password:
id_rsa.pub  100% 403 0.4KB/s 00:00

登入照旧供给密码

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhour
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
zhour@10.148.167.106's password:
Last login: Wed Dec 21 17:55:32 2016 from shang1lu4gnl.ads.autodesk.com
Authorized uses only. All activity may be monitored and reported.

加上公钥给zhour

[zhour@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server

这么就免密了

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhour
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
Last login: Wed Dec 21 20:34:49 2016 from c72
Authorized uses only. All activity may be monitored and reported.

注意

须要专注两点,如下:

免密之后,scp那种走ssh 通道的都会免密;

key拷贝到长途主机的钦赐用户home目录下,最终,免输入密码的时候是远端主机的钦点用户,非本地主机的用户

总结

上述便是那篇文章的全体内容了,希望本文的内容对我们的上学或许办事能带来一定的相助,假若有疑点大家能够留言调换,感激大家对剧本之家的帮忙。

您恐怕感兴趣的小说:

  • 浅谈SSH框架中spring的原理
  • SSH 使用原理 与解释
  • Linux使用ssh公钥达成免密码登入实例
  • centos
    陆.五下修改SSH端口及禁止使用root远程登入的秘技
  • linux系统下的ssh登六和安插格局
  • Hadoop
    SSH免密码登6以及战败消除方案
  • SSH原理及三种登陆方法图像和文字详解

相关文章