openssh，

openssh，

• ssh常用命令

 ssh -l dyl 192.168.0.2

-l后跟username，指定ssh账户连接，或者 ssh dyl@192.168.0.2

ssh -o StrictHostKeyChecking=no 192.168.0.2

不进行严格的密钥检查

ssh 192.168.0.3 'ifconfig'

ssh到主机并执行命令
ssh 192.168.0.3 -p 22

指定端口远程

• ssh基于密钥认证

ssh有两种认证方式，口令认证和密钥认证，口令认证即是常用的密码认证，但是每次输入密码也是头疼，并且不是很安全，并且在自动化运维路上也不太适合，于是乎还得用密钥认证，具体实现方式：

node1: 192.168.0.2

node2: 192.168.0.3

[root@node1 ~]# ssh-keygen  -t  ecdsa  -P ''
Generating public/private ecdsa key pair.
Enter file in which to save the key (/root/.ssh/id_ecdsa): 
Your identification has been saved in /root/.ssh/id_ecdsa.
Your public key has been saved in /root/.ssh/id_ecdsa.pub.
The key fingerprint is:
18:5b:07:d9:30:cd:5e:db:eb:dd:16:fa:5a:53:01:a9 root@node1
The key's randomart image is:
+--[ECDSA  256]---+
|        +*   ..  |
|        .o+ ...  |
|      . .....o . |
|       = ..E. . .|
|      o S      ..|
|              ...|
|             ..+o|
|             .o =|
|             .oo |
+-----------------+


///说明：ssh-keygen是调用openssl库实现加密的，主要用rsa，dsa，ecdsa加密算法，生成密钥对，将公钥发往将要远程的主机，可以使用-f 选项指定密钥存放的路径，默认是放在家目录的  .ssh/  目录下，

[root@node1 ~]# ssh-copy-id -i .ssh/id_ecdsa.pub dyl@192.168.0.3
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
dyl@192.168.0.3's password: 


Number of key(s) added: 1


Now try logging into the machine, with:   "ssh 'dyl@192.168.0.3'"
and check to make sure that only the key(s) you wanted were added.


///说明：密钥的传输账号要指定，这里是指定的dyl账户，每传送一次，pubkey都会存放在被远程的主机上的.ssh/authorized_keys中

[root@node1 ~]# ssh dyl@192.168.0.3
Last failed login: Thu Feb 11 20:38:28 CST 2016 from 192.168.0.2 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu Jan 28 15:21:38 2016

///说明：每次的认证信息都会存放在 认证的相关信息会记录到.ssh/known_hosts中