Board logo

标题: Linux之间的密钥对验证(一) [打印本页]
作者: admin    时间: 2019-9-23 22:29     标题: Linux之间的密钥对验证(一)

SSH远程管理的端口为 TCP 22 SSH(Secure Shell)是一种安全通道协议,主要用来实现字符界面的远程登录、远程复制等功能。SSH协议对通信双方的数据都进行了加密处理,其中包括用户登录时输入的口令。 实验机的系统版本: 图片1.png 图片2.png 使用ssh远程登录,需要输入目标主机用户的密码 (退出的命令为 exit ) 下面是从192.168.168.130访问192.168.168.135 [root@localhost ~]# ssh root@192.168.168.135 The authenticity of host '192.168.168.135 (192.168.168.135)' can't be established. RSA key fingerprint is e5:fc:28:be:3b:10:54:1c:85:a7:b0:31:3f:d7:93:26. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.168.135' (RSA) to the list of known hosts. root@192.168.168.135's password: Last login: Mon Aug 12 05:41:47 2019 from 192.168.168.159 [root@oracle-linux6 ~]# [root@oracle-linux6 ~]# whoami root [root@oracle-linux6 ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:01:1A:AF inet addr:192.168.168.135 Bcast:192.168.168.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe01:1aaf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:571 errors:0 dropped:0 overruns:0 frame:0 TX packets:115 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:57368 (56.0 KiB) TX bytes:15836 (15.4 KiB) [root@oracle-linux6 ~]# exit logout Connection to 192.168.168.135 closed. [root@localhost ~]# [root@localhost ~]# whoami root [root@localhost ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:2B:17:3A inet addr:192.168.168.130 Bcast:192.168.168.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe2b:173a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:715 errors:0 dropped:0 overruns:0 frame:0 TX packets:383 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:67871 (66.2 KiB) TX bytes:44203 (43.1 KiB) ### 下面是从192.168.168.135访问192.168.168.130 [root@oracle-linux6 ~]# ssh 192.168.168.130 -bash: ssh: command not found 解决方法: [root@oracle-linux6 ~]# yum -y install openssh-clients 注释:默认目标用户就是 root [root@oracle-linux6 ~]# ssh 192.168.168.130 The authenticity of host '192.168.168.130 (192.168.168.130)' can't be established. RSA key fingerprint is ec:65:c4:90:15:02:d1:6b:f3:8e:28:c5:21:3a:9b:2b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.168.130' (RSA) to the list of known hosts. root@192.168.168.130's password: Last login: Tue Jun 23 02:39:44 2020 from 192.168.168.159 [root@localhost ~]# whoami root [root@localhost ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:2B:17:3A inet addr:192.168.168.130 Bcast:192.168.168.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe2b:173a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:886 errors:0 dropped:0 overruns:0 frame:0 TX packets:423 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:82188 (80.2 KiB) TX bytes:51140 (49.9 KiB) [root@localhost ~]# exit logout Connection to 192.168.168.130 closed. [root@oracle-linux6 ~]# [root@oracle-linux6 ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:01:1A:AF inet addr:192.168.168.135 Bcast:192.168.168.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe01:1aaf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1079 errors:0 dropped:0 overruns:0 frame:0 TX packets:548 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:99400 (97.0 KiB) TX bytes:70389 (68.7 KiB)s ###### ###### 构建密钥对验证的SSH体系(Linux对Linux) SSH客户端:192.168.168.130   用户:zhuohua_0 SSH服务端:192.168.168.135   用户:zhuohua_1 笺注: 在SSH客户端创建密钥对,私钥自己留着,公钥发给SSH服务端。 在SSH服务端新建用户: [root@oracle-linux6 ~]# useradd zhuohua_1 [root@oracle-linux6 ~]# echo '111' |passwd --stdin zhuohua_1 更改用户 zhuohua_1 的密码 。 passwd: 所有的身份验证令牌已经成功更新。 ### 在SSH客户端创建对应的用户: [root@localhost ~]# adduser zhuohua_0 [root@localhost ~]# echo '000' |passwd --stdin zhuohua_0 更改用户 zhuohua_0 的密码 。 passwd: 所有的身份验证令牌已经成功更新。 生成zhuohua_0的密钥对:(先切换用户) [root@localhost ~]# su - zhuohua_0 [zhuohua_0@localhost ~]$ ssh-keygen -t rsa 注释:下面全部按回车键即可 ^_^ Generating public/private rsa key pair. Enter file in which to save the key (/home/zhuohua_0/.ssh/id_rsa): Created directory '/home/zhuohua_0/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/zhuohua_0/.ssh/id_rsa. Your public key has been saved in /home/zhuohua_0/.ssh/id_rsa.pub. The key fingerprint is: 78:56:cc:dd:3e:f6:be:15:a5:80:83:04:90:ea:ac:7a zhuohua_0@localhost.localdomain The key's randomart image is: +--[ RSA 2048]----+ | .o... | | . . + o . | | . . * o . .| | . . . . o ..| | o . S =. | | o o . o.| | . o| |. E ..| |o. .o| +-----------------+ 会给用户zhuohua_0生成一个文件夹: [zhuohua_0@localhost ~]$ ls -alh 总用量 28K drwx------ 4 zhuohua_0 zhuohua_0 4.0K 6月 23 02:46 . drwxr-xr-x. 6 root root 4.0K 6月 23 02:46 .. -rw-r--r-- 1 zhuohua_0 zhuohua_0 18 3月 23 2017 .bash_logout -rw-r--r-- 1 zhuohua_0 zhuohua_0 176 3月 23 2017 .bash_profile -rw-r--r-- 1 zhuohua_0 zhuohua_0 124 3月 23 2017 .bashrc drwxr-xr-x 2 zhuohua_0 zhuohua_0 4.0K 11月 12 2010 .gnome2 drwx------ 2 zhuohua_0 zhuohua_0 4.0K 6月 23 02:46 .ssh [zhuohua_0@localhost ~]$ cd .ssh/ [zhuohua_0@localhost .ssh]$ pwd /home/zhuohua_0/.ssh [zhuohua_0@localhost .ssh]$ ll 总用量 8 -rw------- 1 zhuohua_0 zhuohua_0 1675 6月 23 02:46 id_rsa -rw-r--r-- 1 zhuohua_0 zhuohua_0 413 6月 23 02:46 id_rsa.pub 私钥文件的内容:(每次生成的内容都不一样的) [zhuohua_0@localhost .ssh]$ cat id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAuyrCs/F0fOG5LGB9k8kQHEOG86cofhO+rzy9oBGALVSRl3bo nRppc7whuIEIv/2WeRFEQaoO54tU7GwU9ilKA/7pswIoyYpC9kHuD+o7eWvKJK8V 8iAT8LTWmPXx7n4J8a0FDzhRjwHyGQ9GYytcKt7nb2nAfLXZOkKy/0ogdvSHTL5l miM+xN7/IxfUJ9xfZeGCJFd03QojlhWkIQ6wn6TNb/L9L5/1wRq4gZWdDoHyThIq 0imw9jrJ6/hMEIZb2B0JzgRGp3iN3A0BkOE395WC9z108IU547CdVtuqYwLnYmTU wIXkngMPXMGIdBiRHKjFA3p8fWiB+tw9uY+mvwIBIwKCAQEAtdHEdEmkXA55Xk8a 51Wanx0GwM5El7tox3zVduxt4uRwLLyndAsHWnw+A7CMKDgrxhDF9qUzDNB+YgKY BRIqpMu+c2Eu76rh9okwZztPt8fLrpt0Z4zgK6hbcATcZAVovuKXM1tH6gHj3dRT AUAQZCj+FHVb5tyJ4NMUSHPlBdXvs1WIho2OI4fZIZCJ/QMC9pux+4cGrIDnujjn QistJqD9sJ/5k+0TAZly+eK1MoD9PB6UuQAbMjJhFkJDftcVUw5LvNVnR1TeG/7v KXniJPvtlUByU/J7furRJif9ePJWUJg1ewXItLbsp6+69EilU+dbyy9vq4IIkr6K eUFs2wKBgQDki3Zb+qF3KDPirASbBlUVvYK5TpTj20Pl9uRdVcmQ856dhScE9AIu B+1VWtkkbW3xzyp1SUt4/hsDo6mNlYs4HjDhExhS9ED9D6oo7O6C1Lf/6lsqatwQ GjbpCpDDsMBKYNHqA9sVww4eiV0GxNkVwMeeefVim8cpoGR27sF1mwKBgQDRpspX b1l5Dq5TiTqrFYu3jGQoNLeRqozWm7p22fqPT42jPIGkfbFDN4flQ55jv+mSZqoc cBLQrdzaz4MAh3gVTdXp0uMYcVEkoIIPnuYuOQdZxhDj4/NQTlrN8E7pTFg1GAVK RY5EAs85chF9d4tJo6Ap7RCBR6qLw2hWXQrXrQKBgQCwTlP9z/jm5H/MHkyyGtPs MxuzhcNQsHY1DuquZsAQu+9jkppxiQj+8CwdRhU5W7s24aRpG0jZrhTW6/fTnz+D D/nSM01HTrXKiG1SxWeJf4ag2VxFSx7Kl+E3bozuu40GLW671xa5BC92pHr2l9qq YYQMiffPugAKK0Yv3MEgNQKBgE3e3XDu2BcFc/MkV56hmkt9ScXKcBGIfXRIeHVJ pjU6zjVQ/PP0K+XEKylFAFDvgqQXgQM/kfW866G6ykIGbm5QHEDn7fMixl4Pu0eh a3BBEVvb2mNGCeqgwqRDUIKKEiJZYQz1Q3hY0KBO8I2wDyn68li3I2M34EKKaJUb PoqfAoGAVRP+ca2ViHUN4LN60vvYS6QXMO1kgfiHPpWeoTigFZOHbxdRHGw+uk0C dbR/+6RSyc9cr9zgHENCsK0PJCMKbPMqGC+0LTOBQ1Y/WmIxHa9IbXvIaX6Tu5s1 Xu+ZNIGrFk0n3u4BTCZyiUo9s5o1sMYYskSuDH3i3eWdiXuIMD0= -----END RSA PRIVATE KEY----- 公钥文件的内容:(每次生成的内容都不一样的) [zhuohua_0@localhost .ssh]$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuyrCs/F0fOG5LGB9k8kQHEOG86cofhO+rzy9oBGALVSRl3bonRppc7whuIEIv/2WeRFEQaoO54tU7GwU9ilKA/7pswIoyYpC9kHuD+o7eWvKJK8V8iAT8LTWmPXx7n4J8a0FDzhRjwHyGQ9GYytcKt7nb2nAfLXZOkKy/0ogdvSHTL5lmiM+xN7/IxfUJ9xfZeGCJFd03QojlhWkIQ6wn6TNb/L9L5/1wRq4gZWdDoHyThIq0imw9jrJ6/hMEIZb2B0JzgRGp3iN3A0BkOE395WC9z108IU547CdVtuqYwLnYmTUwIXkngMPXMGIdBiRHKjFA3p8fWiB+tw9uY+mvw== zhuohua_0@localhost.localdomain 在SSH客户端将公钥文件传送至至SSH服务端的用户zhuohua_1的家目录: [zhuohua_0@localhost ~]$ ssh-copy-id zhuohua_1@192.168.168.135 The authenticity of host '192.168.168.135 (192.168.168.135)' can't be established. RSA key fingerprint is e5:fc:28:be:3b:10:54:1c:85:a7:b0:31:3f:d7:93:26. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.168.135' (RSA) to the list of known hosts. zhuohua_1@192.168.168.135's password: #要输入zhuohua_1的密码 Now try logging into the machine, with "ssh 'zhuohua_1@192.168.168.135'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. 在SSH服务端查看公钥文件: [root@oracle-linux6 ~]# su - zhuohua_1 [zhuohua_1@oracle-linux6 ~]$ ls -alh 总用量 28K drwx------. 4 zhuohua_1 zhuohua_1 4.0K 8月 12 05:53 . drwxr-xr-x. 4 root root 4.0K 8月 12 05:48 .. -rw-r--r--. 1 zhuohua_1 zhuohua_1 18 3月 22 2017 .bash_logout -rw-r--r--. 1 zhuohua_1 zhuohua_1 176 3月 22 2017 .bash_profile -rw-r--r--. 1 zhuohua_1 zhuohua_1 124 3月 22 2017 .bashrc drwxr-xr-x. 2 zhuohua_1 zhuohua_1 4.0K 11月 20 2010 .gnome2 drwx------. 2 zhuohua_1 zhuohua_1 4.0K 8月 12 05:53 .ssh 公钥文件的名称会自动改变,但内容是一样的: 笺注:注意文件的权限( 600 ) [zhuohua_1@oracle-linux6 ~]$ cd .ssh/ [zhuohua_1@oracle-linux6 .ssh]$ ll 总用量 4 -rw-------. 1 zhuohua_1 zhuohua_1 413 8月 12 05:53 authorized_keys [zhuohua_1@oracle-linux6 .ssh]$ cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuyrCs/F0fOG5LGB9k8kQHEOG86cofhO+rzy9oBGALVSRl3bonRppc7whuIEIv/2WeRFEQaoO54tU7GwU9ilKA/7pswIoyYpC9kHuD+o7eWvKJK8V8iAT8LTWmPXx7n4J8a0FDzhRjwHyGQ9GYytcKt7nb2nAfLXZOkKy/0ogdvSHTL5lmiM+xN7/IxfUJ9xfZeGCJFd03QojlhWkIQ6wn6TNb/L9L5/1wRq4gZWdDoHyThIq0imw9jrJ6/hMEIZb2B0JzgRGp3iN3A0BkOE395WC9z108IU547CdVtuqYwLnYmTUwIXkngMPXMGIdBiRHKjFA3p8fWiB+tw9uY+mvw== zhuohua_0@localhost.localdomain 在SSH服务端设置登录验证方式:(也可以进入文件里修改,命令本身是有的;要切换为用户root才有权限操作) // 禁止空密码用户远程登录 echo 'PermitEmptyPasswords no' >> /etc/ssh/sshd_config // 启用密钥对验证 echo 'PubkeyAuthentication yes' >> /etc/ssh/sshd_config // 指定公钥库数据文件 echo 'AuthorizedKeysFile .ssh/authorized_keys' >> /etc/ssh/sshd_config // 禁止root用户远程登录(可选) echo 'PermitRootLogin no' >> /etc/ssh/sshd_config // 禁止密码验证(可选) sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config 重启sshd服务: [root@oracle-linux6 ~]# service sshd restart 停止 sshd:[确定] 正在启动 sshd:[确定] ###### 此后,SSH客户端就可以通过密钥对访问SSH服务端了(反之还是要密码验证) [zhuohua_0@localhost ~]$ ssh zhuohua_1@192.168.168.135 [zhuohua_1@oracle-linux6 ~]$ whoami zhuohua_1 [zhuohua_1@oracle-linux6 ~]$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:01:1A:AF inet addr:192.168.168.135 Bcast:192.168.168.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe01:1aaf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1010 errors:0 dropped:0 overruns:0 frame:0 TX packets:733 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:105957 (103.4 KiB) TX bytes:95217 (92.9 KiB) # 可以切换为 root@192.168.168.135 [zhuohua_1@oracle-linux6 ~]$ su - root 密码: #要输入root@192.168.168.135的密码 [root@oracle-linux6 ~]# [root@oracle-linux6 ~]# whoami root [root@oracle-linux6 ~]# [root@oracle-linux6 ~]# exit logout [zhuohua_1@oracle-linux6 ~]$ whoami zhuohua_1 [zhuohua_1@oracle-linux6 ~]$ exit logout Connection to 192.168.168.135 closed. [zhuohua_0@localhost ~]$ ### 在SSH客户端上传文件、文件夹到SSH服务端:( 不需要输入密码的 ) [zhuohua_0@localhost ~]$ pwd /home/zhuohua_0 [zhuohua_0@localhost ~]$ ls 1.txt dir1 [zhuohua_0@localhost ~]$ scp -rp ~/1.txt zhuohua_1@192.168.168.135:/home/zhuohua_1 1.txt 100% 4 0.0KB/s 00:00 [zhuohua_0@localhost ~]$ scp -rp dir1 zhuohua_1@192.168.168.135:/home/zhuohua_1 11.txt 100% 5 0.0KB/s 00:00 SSH服务端收到的文件、文件夹: [zhuohua_1@oracle-linux6 ~]$ pwd /home/zhuohua_1 [zhuohua_1@oracle-linux6 ~]$ ll 总用量 8 -rw-rw-r--. 1 zhuohua_1 zhuohua_1 4 6月 23 2020 1.txt drwxrwxr-x. 2 zhuohua_1 zhuohua_1 4096 6月 23 2020 dir1 [zhuohua_1@oracle-linux6 ~]$ cd dir1/ [zhuohua_1@oracle-linux6 dir1]$ ll 总用量 4 -rw-rw-r--. 1 zhuohua_1 zhuohua_1 5 6月 23 2020 11.txt ### 在SSH客户端下载SSH服务端的文件、文件夹:( 也不需要输入密码的 ) [zhuohua_0@localhost ~]$ scp -rp zhuohua_1@192.168.168.135:/home/zhuohua_1/2.txt ./ 2.txt 100% 4 0.0KB/s 00:00 [zhuohua_0@localhost ~]$ scp -rp zhuohua_1@192.168.168.135:/home/zhuohua_1/dir2 ./ 22.txt 100% 5 0.0KB/s 00:00 下载下来的文件和文件夹: [zhuohua_0@localhost ~]$ pwd /home/zhuohua_0 [zhuohua_0@localhost ~]$ ll 总用量 16 -rw-rw-r-- 1 zhuohua_0 zhuohua_0 4 6月 23 03:01 1.txt -rw-rw-r-- 1 zhuohua_0 zhuohua_0 4 8月 12 2019 2.txt drwxrwxr-x 2 zhuohua_0 zhuohua_0 4096 6月 23 03:05 dir1 drwxrwxr-x 2 zhuohua_0 zhuohua_0 4096 8月 12 2019 dir2 [zhuohua_0@localhost ~]$ [zhuohua_0@localhost ~]$ cd dir2 [zhuohua_0@localhost dir2]$ ll 总用量 4 -rw-rw-r-- 1 zhuohua_0 zhuohua_0 5 8月 12 2019 22.txt 相关文章: Linux之间的密钥对验证(二) rsync远程同步目录树 MySQL5.6主从/主主同步 SecureCRT+密钥对验证 SecureCRT远程管理Linux(一) ################################# ################################# 亲,学习研究也要劳逸结合哦,来我微店逛逛,买点东西好好犒劳犒劳自己和家人吧^_^^_^ 休闲零食传承世家风干牛肉干 手撕风干牛肉四川特产【非偏远地区满79包邮】 niur.png 长虹办公室鼠标加热保暖桌垫毯电脑暖手桌面发热板电热台板写字台 dianzi.png 飞科电熨斗蒸汽家用熨斗家用电烫斗蒸气手持迷你电熨斗FI9308包邮 weidou.png 新款男长款拉链潮男士钱包男士手拿包 商务皮夹钱夹-JKPJ1806 nanbao.png 韩版定型斜挎单肩手提包SN-两层活动女包8874 nvbao.png

图片附件: niur.png (2019-10-4 15:48, 571.82 KB) / 下载次数 63
http://blog.zhuohua.store/attachment.php?aid=2137&k=b5a76b63512f9b4db5581da1fb80c3e9&t=1714328034&sid=vzwVp5



图片附件: dianzi.png (2019-10-4 15:50, 642.61 KB) / 下载次数 59
http://blog.zhuohua.store/attachment.php?aid=2138&k=a8b94b20fabdcfbc71df2ab1a1cdf303&t=1714328034&sid=vzwVp5



图片附件: weidou.png (2019-10-4 15:51, 338.72 KB) / 下载次数 68
http://blog.zhuohua.store/attachment.php?aid=2139&k=2e0dfa5aef81f4c9cc3c8eb2ad0ce4b3&t=1714328034&sid=vzwVp5



图片附件: nanbao.png (2019-10-4 15:54, 598.85 KB) / 下载次数 73
http://blog.zhuohua.store/attachment.php?aid=2140&k=25e551fc7cc730229b1afd2d5cbaa11b&t=1714328034&sid=vzwVp5



图片附件: nvbao.png (2019-10-4 15:56, 484.55 KB) / 下载次数 62
http://blog.zhuohua.store/attachment.php?aid=2141&k=a5fcc1a3f64bb23bb517d4db3cc7c9e9&t=1714328034&sid=vzwVp5



图片附件: 图片1.png (2020-9-9 10:03, 31.07 KB) / 下载次数 212
http://blog.zhuohua.store/attachment.php?aid=11151&k=6133cf6d1088ae5254b5d478dec16523&t=1714328034&sid=vzwVp5



图片附件: 图片2.png (2020-9-9 10:03, 28.84 KB) / 下载次数 219
http://blog.zhuohua.store/attachment.php?aid=11152&k=b14118ee63b95fc33dfd8e5c3f515c41&t=1714328034&sid=vzwVp5





欢迎光临 blog.zhuohua.store (http://blog.zhuohua.store/) Powered by Discuz! 7.2