登录方式:
linux:ssh root@ip/hostname (标准用法)
ssh ip (当前用户登录)
windows:ssh root@ip/hostname
Windows PowerShell:ssh root@ip/hostname
在xixi 里生成证书
[root@www ~]# ssh-keygen (全按回车)
[root@www ~]# ll .ssh/
total 8
-rw------- 1 root root 2602 Apr 26 21:56 id_rsa 公钥
-rw-r--r-- 1 root root 569 Apr 26 21:56 id_rsa.pub 私钥
连接 192.168.19.130
改名为xixi
[root@www ~]# hostnamectl set-hostname xixi
连接 192.168.19.141
改名为haha
[root@www ~]# hostnamectl set-hostname haha
在xixi 里生成证书
[root@www ~]# ssh-keygen (全按回车)
xixi登录到haha,将xixi公钥给haha(ssh登录对方时就不需要输入密码)
[root@xixi ~]# ssh-copy-id root@192.168.19.141
连接到haha时,就不需要输入密码
[root@xixi ~]# ssh root@192.168.19.141
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Wed Apr 27 21:58:23 2022 from 192.168.19.1
在haha 里生成证书
[root@www ~]# ssh-keygen (全按回车)
haha登录到xixi,将haha公钥给xixi(ssh登录对方时就不需要输入密码)
[root@haha ~]# ssh-copy-id root@192.168.19.130
连接到haha时,就不需要输入密码
[root@haha ~]# ssh root@192.168.19.130
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Wed Apr 27 22:00:18 2022 from 192.168.19.1
用证书登录,关闭密码登录
[root@haha ~]# vim /etc/ssh/sshd_config
将密码登录PasswordAuthentication yes 改为PasswordAuthentication no
重启服务
[root@haha ~]# systemctl restart sshd
连接
[root@haha ~]# exit
logout
Connection to 192.168.19.141 closed.
[root@xixi ~]# ssh root@192.168.19.141 不需要密码
xshell 登录也不需要输入密码
登录141时,无密码登录:
从130登录到141
[root@haha ~]# cd .ssh
[root@haha .ssh]# sz id_rsa 将id_rsa(私钥)保存到E盘
[root@haha .ssh]# cat id_rsa.pub >> authorized_keys 将id_rsa.pub 的内容追加到authorized_keys
验证
[C:~]$ ssh root@192.168.19.141
直接进入到 haha
登录到自己不需要密码
将自己的公钥给自己的文件名
[root@xixi .ssh]# ssh-copy-id root@192.168.19.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.19.130's password:
登录时就不再需要密码
[root@xixi .ssh]# ssh root@192.168.19.130
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last failed login: Sun May 8 01:49:31 CST 2022 from 192.168.19.130 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Sun May 8 01:38:11 2022 from 192.168.19.130
authorized_keys 所有来访证书登录的用户的公钥内容,每行一个
id_rsa 自己主机的私钥,禁止任何形式的分享
id_rsa.pub 自己主机的公钥,可以发送其他主机
known_hosts 谁可以免密登录
传出
在130下创建文件xia,然后传入到141下的root用户中
[root@xixi ~]# touch xia
[root@xixi ~]# scp xia root@192.168.19.141:/root
xia 100% 0 0.0KB/s 00:00
查看文件xia
[root@haha ~]# ll
total 0
-rw-r--r-- 1 root root 0 Apr 26 23:30 xia
收回
在130中删除文件xia,然后从141中将文件xia拿回来放到根目录下
[root@xixi ~]# rm -rf xia
[root@xixi ~]# scp root@192.168.19.130:/root/xia .
xia 100% 0 0.0KB/s 00:00
[root@xixi ~]# ll
total 0
-rw-r--r-- 1 root root 0 May 8 01:58 xia
免密登录
更改本地解析文件 hosts
[root@xixi ~]# cat /etc/hosts
添加:
192.168.19.130 xixi
192.168.19.141 haha
登录到haha 时,就不需要密码(首次登录时需要指纹认证)
[root@xixi ~]# ssh haha
[root@haha ~]#
从xixi 登录到 haha ,直接将haha 中的 hosts 文件传到xixi
[root@haha ~]# scp /etc/hosts 192.168.19.141:/etc/
