</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><strong>目录</strong></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">LINUX SSH免密登录</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">即看即用</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">详细说明</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">免密登录原理</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">Secure Shell 免密认证登录</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">linux 生成密钥</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">windows 生成密钥</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><hr style="background-color: rgb(232, 232, 232); border: 1px solid transparent; margin: 18px 0px;"><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><br></p>LINUX SSH免密登录<p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">Server A 要免密登录Server B (192.168.254.129)</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">在Server A 上</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">1、生成公钥,一路enter选择默认</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">ssh-keygen -t rsa </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">2、公钥拷贝到Server B(192.168.254.129)上并授权</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">ssh-copy-id 192.168.254.129 </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">3、确认能免密登录</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">ssh 192.168.254.129</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">退出:logout或exit</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><strong>ssh 重启命令</strong></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">systemctl restart sshd.service</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><strong>ssh-copy-id 卡住问题:</strong></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">解决方法:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">重新打开SSH窗口</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"></p>免密登录原理<p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><img src="https://s2.51cto.com/images/blog//27/0ad8a6245e5e6b67c7f47.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_30,g_se,x_10,y_10,shadow_20,type_ZmFuZ3poZW5naGVpdGk=/resize,m_fixed,w_1184" alt='【SSH】SSH 免密码登录配置|Secure Shell 免密认证登录|linux 生成密钥ssh-copy-id 卡住问题:_linux' title="这里写图片描述" style="width: 674px; height: 345px; visibility: visible;"></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p>Secure Shell 免密认证登录<p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">ssh Secure shell 免密码登录简单教程:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 1.ssh软件界面:选择 Edit->settings->user authentication > Keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 2. 点击“Generate New”,下一步,可选择 rsa dsa两种加密方式(选择rsa)下一步</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 3. 点击下一步,输入生成Key的文件名(如4251)和注释,打算使用空密码登录则Passphrase中不输入密码,下一步</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 4. 完成</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 5. 登录SSH Server,再到Edit->Settings->key下,点选刚才生成的key (4251),选择”upload”,destination的 .ssh2 改为.ssh ,下一步,选择”upload” (找不到就手动上传)</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 这时候,key已经传到了linux远程主机的~/.ssh 目录下,在linux上,进入到~/.ssh 目录,看到刚才传上来的4251.pub</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 6. 因为SSH Server是Linux,而SSH Secure Shell Client客户端上Windows,所以密钥4251.pub需要进行格式转换同时加入到authorized_keys文件中</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> cd ~/.ssh/</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> ssh-keygen -i -f xxx.pub >> authorized_keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 7. 修改sshd_config</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> sudo vi /etc/ssh/sshd_config</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 让这几项生效:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> RSAAuthentication yes</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> PubkeyAuthentication yes</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> AuthorizedKeysFile %h/.ssh/authorized_keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 可选择关闭输入pasword认证:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> PasswordAuthentication no</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 8. 重启sshd服务 sudo service ssh restart</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 9. 连接即可,自己生成的keys在c:Users<username>AppDataRoamingSSHUserKeys中</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 有时候权限太开放,被拒绝执行文件,则需要将文件的权限该为0600:chmod 0600 authorized_keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 如果客户端是linux,管理多个id_rsa,避免相互覆盖的方法是,在.ssh中创建一个config</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">里面写:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> Host 0251 </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> User root</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> HostName 192.168.0.251</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> Port 22</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> IdentityFile ~/.ssh/id_rsa0-251</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">Host 200</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> User root</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> HostName 120.25.206.200</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> Port 22</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> IdentityFile ~/.ssh/id_rsa200</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 以上管理了2个id_rsa,host 是别名,即登录时ssh 192.168.0.251 可以用别名代替 ssh 0251</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">v01 lcx 2017.09.20</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">===========================================================================================</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">ssh 简单教程:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 1.ssh软件界面:选择 Edit->settings->user authentication > Keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 2. 点击“Generate New”,下一步,可选择 rsa dsa两种加密方式(选择rsa)下一步</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 3. 点击下一步,输入生成Key的文件名(如4251)和注释,打算使用空密码登录则Passphrase中不输入密码,下一步</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 4. 完成</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 5. 登录SSH Server,再到Edit->Settings->key下,点选刚才生成的key (4251),选择”upload”,<strong>destination的 .ssh2 改为.ssh</strong> ,下一步,选择”upload”</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 这时候,key已经传到了linux远程主机的~/.ssh 目录下,在linux上,进入到~/.ssh 目录,看到刚才传上来的4251.pub</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 6. 因为SSH Server是Linux,而SSH Secure Shell Client客户端上Windows,所以密钥<strong>4251.pub需要进行格式转换同时加入到authorized_keys文件中</strong></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> cd ~/.ssh/</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> ssh-keygen -i -f xxx.pub >> authorized_keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> <strong>7. 修改sshd_config</strong></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><strong> sudo vi /etc/ssh/sshd_config<br> <br> 让这几项生效:<br> RSAAuthentication yes<br> PubkeyAuthentication yes</strong></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><strong> AuthorizedKeysFile %h/.ssh/authorized_keys</strong></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 可选择关闭输入pasword认证:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> PasswordAuthentication no</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 8. 重启sshd服务 sudo service ssh restart</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 9. 连接即可,自己生成的keys在c:Users\AppDataRoamingSSHUserKeys中</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 有时候权限太开放,被拒绝执行文件,则需要将文件的权限该为0600:chmod 0600 authorized_keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">如果客户端是linux机器,如何管理多个rsa ?</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">在.ssh 目录下 创建config文件,进行配置填写:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><div data-syntax="plain"></div><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><br></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">SSH Secure Shell Client用public key认证登录</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">依据secureCRT的经验,走了一段弯路,今天,在这里把操作流程分享一把,可能本篇看似过与简单,但如果想用这一工具的伙伴,还是值得一读的,嘿嘿…</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">启动:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">Edit->settings->Keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">点击“Generate New”->下一步->key类型和key长度可以选择默认->下一步(20秒左右)->下一步->(文件名:起一个你能知道干嘛的名字就可以喽,注释,密码)</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">下一步,完成。</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">在这里,我们先要用“密码认证方式登录一下”</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">登录后,再到Edit->Settings->key下,选择”upload”按钮</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">点击”upload”,再通过前面用密码登录的接口来看下,有没有上传成功,</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">OK,文件已经上传了。我们需要手工处理一下了。</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">window ssh 转换成openssh 认识的格式</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">ssh-keygen -i -f badboy.pub>> /root/.ssh/authorized_keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">重启下ssh吧,kill –HUP `cat /var/run/sshd.pid`</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">再Edit->Settings->Authenticactio,只选择下面两个,就可以了。</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">点击“ok”,进入主界面,点击“quick connect”</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">点击“connect”</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">输入key的密码后,便可以了。</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">注意,你应该在server的ssh开启public认证服务,关闭password认证服务</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">PubkeyAuthentication yes</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">AuthorizedKeysFile .ssh/authorized_keys</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">PasswordAuthentication no</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">这样,便可以了,大家有兴趣的测试下……</p>linux 生成密钥<p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">命令ssh-keygen –t rsa </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">私钥 id_rsa和公钥id_rsa.pub </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">获取本机的公钥 cat ~/.ssh/id_rsa.pub </p>windows 生成密钥<p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">在Windows下查看<strong>[c盘->用户->自己的用户名->.ssh]</strong>下是否有<em>"id_rsa、id_rsa.pub"</em>文件,如果没有需要从第一步开始手动生成,有的话直接跳到第二步。</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><div data-syntax="plain"></div><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><hr style="background-color: rgb(232, 232, 232); border: 1px solid transparent; margin: 18px 0px;"><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"><br></p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;">密钥类型可以用 -t 选项指定。如果没有指定则默认生成用于SSH-2的RSA密钥。这里使用的是rsa。</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 同时在密钥中有一个注释字段,用-C来指定所指定的注释,可以方便用户标识这个密钥,指出密钥的用途或其他有用的信息。所以在这里输入自己的邮箱或者其他都行,当然,如果不想要这些可以直接输入:</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><div data-syntax="plain"></div><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> 链接:https://www.jianshu.com/p/2790a860f151</p><p style="letter-spacing: 0.05em; outline-style: none; overflow-wrap: break-word;"> </p> 讯享网
版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容,请联系我们,一经查实,本站将立刻删除。
如需转载请保留出处:https://51itzy.com/kjqy/166045.html