openssh,
openssh,
- ssh常用命令
ssh -l dyl 192.168.0.2
-l后跟username,指定ssh账户连接,或者 ssh dyl@192.168.0.2
ssh -o StrictHostKeyChecking=no 192.168.0.2
不进行严格的密钥检查
ssh 192.168.0.3 'ifconfig'
ssh到主机并执行命令
ssh 192.168.0.3 -p 22
指定端口远程
- ssh基于密钥认证
ssh有两种认证方式,口令认证和密钥认证,口令认证即是常用的密码认证,但是每次输入密码也是头疼,并且不是很安全,并且在自动化运维路上也不太适合,于是乎还得用密钥认证,具体实现方式:
node1: 192.168.0.2
node2: 192.168.0.3
[root@node1 ~]# ssh-keygen -t ecdsa -P ''
Generating public/private ecdsa key pair.
Enter file in which to save the key (/root/.ssh/id_ecdsa):
Your identification has been saved in /root/.ssh/id_ecdsa.
Your public key has been saved in /root/.ssh/id_ecdsa.pub.
The key fingerprint is:
18:5b:07:d9:30:cd:5e:db:eb:dd:16:fa:5a:53:01:a9 root@node1
The key's randomart image is:
+--[ECDSA 256]---+
| +* .. |
| .o+ ... |
| . .....o . |
| = ..E. . .|
| o S ..|
| ...|
| ..+o|
| .o =|
| .oo |
+-----------------+
///说明:ssh-keygen是调用openssl库实现加密的,主要用rsa,dsa,ecdsa加密算法,生成密钥对,将公钥发往将要远程的主机,可以使用-f 选项指定密钥存放的路径,默认是放在家目录的 .ssh/ 目录下,
[root@node1 ~]# ssh-copy-id -i .ssh/id_ecdsa.pub dyl@192.168.0.3
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
dyl@192.168.0.3's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'dyl@192.168.0.3'"
and check to make sure that only the key(s) you wanted were added.
///说明:密钥的传输账号要指定,这里是指定的dyl账户,每传送一次,pubkey都会存放在被远程的主机上的.ssh/authorized_keys中
[root@node1 ~]# ssh dyl@192.168.0.3
Last failed login: Thu Feb 11 20:38:28 CST 2016 from 192.168.0.2 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Jan 28 15:21:38 2016
///说明:每次的认证信息都会存放在 认证的相关信息会记录到.ssh/known_hosts中
评论暂时关闭