ssh公私钥在线生成 ssh公钥和私钥有什么用

转载

mob6454cc6eb555 2024-08-27 21:28:04

文章标签 ssh公私钥在线生成 rsync scp ssh 公钥 文章分类 运维

1.openssh
是一个提供远程访问控制的软件

2.ssh 远程主机用户@远程主机ip地址 

 ssh root@172.25.254.1 

 The authenticity of host '172.25.254.1 (172.25.254.1)' can't be established. 

 ECDSA key fingerprint is 55:dd:43:ce:bf:94:dd:91:49:e7:97:29:63:3d:02:02. 

 Are you sure you want to continue connecting (yes/no)? yes 
 ##建立安全传输key 

 root@172.25.254.1's password: 
 ##密码输入没有回显 

 Last failed login: Sun Oct 11 16:56:29 CST 2015 from 172.25.254.206 on ssh:notty 

 There was 1 failed login attempt since the last successful login. 

 Last login: Sun Oct 11 16:55:46 2015 from 172.25.254.206 

 [root@foundation1 ~]# 
 ###登陆成功 

 ctrl +d 
 |logout 
 ###退出 

 [root@foundation1 ~]# logout 

 Connection to 172.25.254.1 closed.

3.ssh的key认证

#######生成key########### 

 [test@foundation0 ~]$ ssh-keygen 
 ###生成公钥和私钥的工具 

 Generating public/private rsa key pair. 

 Enter file in which to save the key (/home/test/.ssh/id_rsa):『enter』 ###指定加密字符保存文件，使用默认 

 Created directory '/home/test/.ssh'. 

 Enter passphrase (empty for no passphrase): 
  ###密码，必须大于4位 

 Enter same passphrase again:  

 Your identification has been saved in /home/test/.ssh/id_rsa. 

 Your public key has been saved in /home/test/.ssh/id_rsa.pub. 
 ###确认密码 

 a5:4f:02:51:68:59:f4:e8:e3:c5:91:1f:6f:86:99:06 test@foundation0.ilt.example.com 

 key's randomart image is: 

 +--[ RSA 2048]----+ 

 |      .*+        | 

 |      +. o .     | 

 |     .. . E .    | 

 |       o + + *   | 

 |        S + * +  | 

 |       . * . o   | 

 |        . .      | 

 |                 | 

 +-----------------+

[test@foundation0 .ssh]$ pwd 

 /home/test/.ssh 
 ###生成密钥存放位置 

 [test@foundation0 .ssh]$ ls 
  

 id_rsa  id_rsa.pub 
 ####id_rsa位私钥，id_rsa.pub位公钥 



 #####################使用key加密目标主机的目标用户############ 

 [test@foundation0 ~]$  ssh-copy-id -i /home/test/.ssh/id_rsa.pub westos@172.25.254.100 



 The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established. 

 ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08. 

 Are you sure you want to continue connecting (yes/no)? yes 

 /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed 

 /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys 

 westos@172.25.254.100's password:  



 Number of key(s) added: 1 



 Now try logging into the machine, with:   "ssh 'westos@172.25.254.100'" 

 and check to make sure that only the key(s) you wanted were added.

ssh-copy-id ####上传key的工具

-i 
 ####指定使用的公钥 

 /home/test/.ssh/id_rsa.pub 
 #####使用公钥的名称 

 westos 
 ####被管理的目标用户 

 172.25.254.100 
 ####被管理用户所在主机的ip 

 authorized_keys 
 ###此文件在目标用户加目录的.ssh中，这个文件就是目标用户被加密的标识，文件内容位公钥内容。 



 然后如果指定让哪个主机的哪个用户登录，就将 id_rsa（私钥，钥匙）传给那个主机的用户的.ssh下（前提是已经存在这个目录了） 

 scp id_rsa student@172.25.254.101:/home/student/.ssh/,之后[test@foundation0 .ssh]$ pwd 

 /home/test/.ssh 
 ###生成密钥存放位置 

 [test@foundation0 .ssh]$ ls 
  

 id_rsa  id_rsa.pub 
 ####id_rsa位私钥，id_rsa.pub位公钥

#####################使用key加密目标主机的目标用户############ 

 [test@foundation0 ~]$  ssh-copy-id -i /home/test/.ssh/id_rsa.pub westos@172.25.254.100 



 The authenticity of host '172.25.254.100 (172.25.254.100)' can't be established. 

 ECDSA key fingerprint is eb:24:0e:07:96:26:b1:04:c2:37:0c:78:2d:bc:b0:08. 

 Are you sure you want to continue connecting (yes/no)? yes 

 /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed 

 /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys 

 westos@172.25.254.100's password:  



 Number of key(s) added: 1 



 Now try logging into the machine, with:   "ssh 'westos@172.25.254.100'" 

 and check to make sure that only the key(s) you wanted were added.

ssh-copy-id ####上传key的工具
-i ####指定使用的公钥
/home/test/.ssh/id_rsa.pub #####使用公钥的名称
westos ####被管理的目标用户
172.25.254.100 ####被管理用户所在主机的ip
authorized_keys ###此文件在目标用户加目录的.ssh中，这个文件就是目标用户被加密的标识，文件内容位公钥内容。
vimdiff authorized_keys id_rsa.pub 比较这两个文件有什么不同

如果让指定的某台主机能访问将id_rsa文件发送到给该主机的家目录的.ssh下就好：
scp id_rsa student@172.25.254.101:/home/student/Desktop
然后172.25.254.101这台主机的student用户就可以访问被加密的用户了
生成密钥的用户不一定是被加密的用户，可以在客户端生成公私钥远程给某个用户加密上锁

sshd服务的简单配置
vim /etc/ssh/sshd_config ###sshd服务的配置文件

48 PermitRootLogin yes|no ###是否允许root用户通过sshd的认证
78 PasswordAuthentication yes|no ###开启或关闭用户密码认证
AllowUsers student westos ###用户白名单，只允许在名单中出现的用户使用sshd服务
systemctl restart sshd ###从新加载配置
在服务端更改/etc/ssh/sshd_config可以禁止root登录，可以配置可登录的用户westos，然后在有密钥的客户端必须用ssh westos@172..... 才能登录，是敲的命令必须是westos@。。。

######################远程文件传输#####################

scp 
 ##远程复制 

 scp 
 file 
  user@ip:/directory 
 ##上传文件 

 scp -r 
 dir 
  user@ip:/directory 
 ##长传目录 

 scp 
 user@ip:/filename 
 /direcotry 
 ##下载文件 

 scp -r 
 user@ip:/directory 
 /direcotry 
 ##下载目录

rsync 
 ###远程同步（把文件归档，传输速度更快） 

 rsync file|direcotry user@ip:/directory 

 rsync user@ip:/directory /directory 

-r 
 ##同步目录 

-l 
 ##不忽略链接 

-p 
 ##不忽略特殊权限 

-t 
 ##不忽略时间戳 

-g 
 ##不忽略组信息 

-o 
 ##不忽略用户信息 

-D 
 ##不忽略设备文件 

注意传输的原目录后如果不带/，是传输复制该目录下的子目录和文件不包含目录本身， 

带/，则包含目录下的子文件与目录 

 sftp

本文章为转载内容，我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题，欢迎原作者联系我们进行内容更正或删除文章。