注:基於祕鑰的方式比基於口令的方式更加安全
ssh服務端需要有openssh-server軟件包
ssh客戶端需要有openssh-clients軟件包,裏面有很多命令,例如:sftp、ssh-copy-id等
第一個里程:在管理主機上創建密鑰對信息
ssh-keygen -t dsa <-- 創建密鑰對命令 -t dsa表示指定密鑰對加密類型
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): <-- 確認私鑰文件所保存的路徑
/root/.ssh/id_dsa already exists.
Overwrite (y/n)? y <-- 如果已經存在了密鑰對信息,是否進行覆蓋
Enter passphrase (empty for no passphrase): <-- 確認是否給私鑰設置密碼信息(一般爲空)
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
46:c8:21:b9:99:6e:0c:59:39:66:38:7a:97:29:51:76 root@m01
The key's randomart image is:
+--[ DSA 1024]----+
| o+oE |
| +.B+ o |
| . B Bo . |
|. = B . |
| . * S |
| + . |
| . |
| |
| |
+-----------------+
第二個里程:將管理主機上公鑰信息發送給被管理主機
ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.31(注:這裏的ip就是祕鑰登錄指定的ip)
/* ssh-copy-id -i /home/oldboy/.ssh/id_dsa.pub "-p52113 [email protected]"(要以oldboy身份登錄,並且指定端口號時,要用雙引號) */
[email protected]'s password:
Now try logging into the machine, with "ssh '172.16.1.31'", and check in:
.ssh/authorized_keys 注意:此文件就是管理服務器上的id_dsa.pub
to make sure we haven't added extra keys that you weren't expecting.
第三個里程:進行遠程管理測試(基於密鑰的方式進行遠程管理)
ssh 172.16.1.31 <-- 可以不用輸入密碼信息,就能登陸成功
ssh 172.16.1.31 uptime <-- 可以不用登陸到遠程主機,就可以直接查看遠程主機信息
注意:當服務端ssh端口改變: ssh -p52113 10.0.0.31
sftp服務器 sftp -oPort=22 [email protected]:/tmp
scp端口更改時 scp -P52113 -pr /etc/hosts [email protected]:/tmp