掌握ssh命令的使用

准备工作

系统版本 ip地址 主机名
CentOS7 172.20.3.7 node2
CentOS8 172.20.3.8 node3

1.ssh客户端连接服务器

在node2上使⽤root⽤户登录node3服务器
输⼊：ssh 172.20.3.8 默认是以ssh客户端发起者的root⽤户⾝份，登录远程node3的root⽤户

[root@centos7 ~]# ssh 172.20.3.8
The authenticity of host '172.20.3.8 (172.20.3.8)' can't be established.
ECDSA key fingerprint is SHA256:3rNeKB1lroMHCkCqY4sINNaTva4XyZhnQi3rcytyGF8.
ECDSA key fingerprint is MD5:67:cc:58:15:81:a0:e0:b4:bb:4f:15:56:63:41:0c:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.20.3.8' (ECDSA) to the list of known hosts.
root@172.20.3.8's password:
Activate the web console with: systemctl enable --now cockpit.socketLast failed login: Fri Nov  8 04:00:43 CST 2019 from 172.20.3.61 on ssh:notty
There were 18 failed login attempts since the last successful login.
Last login: Thu Nov  7 22:28:06 2019 from 172.20.1.11

ssh连接时还有其他选项，-v 显⽰详细登录信息， -p 指定主机的ssh服务端端⼝号 -b指定本地的ip址

[root@centos8 ~]# ssh -p 22 -b 172.20.3.7 root@172.20.3.8#输入密码登录即可

2.ssh基于公私钥验证是否 是特定客户端

使⽤node2登录node3的root⽤户是，第⼀次提⽰要确认对⽅是否是⾃⼰想要链接的主机，确认后输⼊yes，然后输⼊root的密码即可登录成功。登录成功后会在客户端的.ssh路径下创建⼀个
known_hosts⽂件，内部保存着远程主机的ip地址和对⽅ssh服务端的公钥信息

[root@centos8 ~]# cd .ssh/
[root@centos8 .ssh]# cat known_hosts
172.20.3.111 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAm3Wpcf5VVX4wW6XPR4LZrqCODHrLdf8UVNyQGT0Qor5ysMrO8zOECpQuX5T43h3KgsJCvf4nhC3Qp0FcegH246UgHdleOll1V3mWb7vg8HU38STqn2yYOHUObgy+cYBTa2gppYnEOmn/WnLJDh5qnzChKEUiv7Zd+/02ByjRo58BoG7gUf28q4KtI/7g+itIyQTEu5wqsFWjr+37oz7egIiboTVmlPGjS6CR5DgbUUztRRIfZxXd+o7SNDhQPfwJzVfDQUkd1Wz0Bld06KTBu7w2r+SgIU9vAX2dzBX1oDLfyBd8nMxnlU87k5vCVVK5M9m+/1aYEfai56l0sxnmNQ==

查看⼀下node3 sshd服务的公钥对⽐⼀下，应该是⼀样的

[root@centos7 ~]# cd .ssh/
[root@centos7 .ssh]# cat known_hosts
172.20.3.8 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDaVCBIUhvzZFxAoA0nZDJ9s2Dt+cey+TqH7T8CWetjdgwI321g+xfoWN738OOoqsbx54leEpG45lYbY2yEo2Gs=

[root@centos8 ~]# cat /etc/ssh/ssh_host_ecdsa_key.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDaVCBIUhvzZFxAoA0nZDJ9s2Dt+cey+TqH7T8CWetjdgwI321g+xfoWN738OOoqsbx54leEpG45lYbY2yEo2Gs=

3.开启服务器node1， 将node3的sshd服务对应的公私钥⽂件拷到node1节点，给node1添加⼀个node3的ip地址， 然后使⽤node2 链接node1，验证⼀下登录时是否有提⽰信息，是否需要输⼊yes

将node3的配置⽂件拷贝到node1的/data下，拷贝ecdsa_key 和ecdsa_key.pub就好，然后关闭node3服务器

[root@centos8 ~]# cd /etc/ssh/
[root@centos8 ~]# scp ssh_host_ecdsa_key 172.20.3.6:/data/
[root@centos8 ~]# scp ssh_host_ecdsa_key.pub 172.20.3.6:/data/
[root@centos8 ~]# init 0

将node1中/etc/ssh中对应的两个公私钥⽂件内容替换成/data路径下node3的对应⽂件，然后给node1添加原来node3的ip地址192.168.1.128*

[root@centos6 gnupg.dir]# cat /data/gnupg.dir/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key
[root@centos6 gnupg.dir]# cat /data/gnupg.dir/ssh_host_ecdsa_key.pub > /etc/ssh/ssh_host_ecdsa_key.pub
[root@centos6 gnupg.dir]# ip a a 172.20.3.8 dev eth0

现在使⽤node2主机连接192.168.1.128 查看是否学员验证信息，输⼊yes？没有提⽰输⼊yes，仿造node3节点成功

[root@centos7 .ssh]# ssh 172.20.3.8
Hello Nanjing_Bokebi!!!
root@172.20.3.8's password:
Last login: Thu Nov  7 21:59:14 2019 from 172.20.3.7
[root@centos6 ~]#

4.SSH X 转发

准备两台图形界⾯的服务器

操作系统版本 Ip地址 主机名
CentOS6 192.168.26.7 node1
CentOS7 192.168.26.8 node2

在node1上使⽤终端连接node2，连接成功后执⾏gedit命令，报错打不开

[root@centos7 ~]# ssh 192.168.26.8
The authenticity of host '192.168.26.8 (192.168.26.8)' can't be established.
ECDSA key fingerprint is SHA256:3rNeKB1lroMHCkCqY4sINNaTva4XyZhnQi3rcytyGF8.
ECDSA key fingerprint is MD5:67:cc:58:15:81:a0:e0:b4:bb:4f:15:56:63:41:0c:7a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.26.8' (ECDSA) to the list of known hosts.
root@192.168.26.8's password:
Activate the web console with: systemctl enable --now cockpit.socketLast login: Sat Nov  9 17:26:49 2019 from 192.168.26.1
[root@centos8 ~]# gedit
Unable to init server: Could not connect: Connection refused(gedit:1733): Gtk-WARNING **: 17:39:49.381: cannot open display:
[root@centos8 ~]#

在node1上使⽤终端 加上-X 选项 连接node2(将node2进入init3模式)
再次执⾏gedit命令，成功打开node2的图形化界⾯gedit程
序

使⽤windows中xmanager打开node2的桌⾯系统
打开xmanager中的xstart，输⼊node2的ip地址，选择ssh协议，填⼊root⽤户名

如果连接centos7
可以先进行以下设置
--------------------------------------------------
安装包：yum groupinstall "X Window System" -y
--------------------------------------------------
安装 lightdm：#增加epel 源
yum install epel-release
yum install  lightdm
--------------------------------------------------
编辑配置文件：vim /etc/lightdm/lightdm.conf
[XDMCPServer]
enabled=true
port=177
--------------------------------------------------
安装 xfce 或者 kde ：#推荐安装kde，界面比xfce好看
# kde
sudo yum group install "KDE Plasma Workspaces"
# xfce
sudo yum group install xfce
--------------------------------------------------
将Display Manager 切换为 lightdm：sudo systemctl disable gdm
sudo systemctl enable lightdm
sudo systemctl start lightdm
--------------------------------------------------
关闭防火墙 sudo systemctl stop firewalld.service ：systemctl stop firewalld.service
--------------------------------------------------
xshell启动#启动xfce4-session
startxfce4
#启动kde
startkde
--------------------------------------------------
在Xstart配置中，命令(C) 的配置如下:# xfce
DISPLAY=$DISPLAY; /usr/bin/xfce4-session
# kde
DISPLAY=$DISPLAY; /usr/bin/startkde

连接成功，可以远程图形界⾯操作node2了

5.ssh跳转操作

实验准备

操作系统 id地址 主机名
CentOS6 192.168.26.6 node1
CentOS7 192.168.26.7 node2
CentOS8 192.168.26.8 node3

在node3的主机上添加防⽕墙规则，禁⽌node1的ssh访问

[root@centos8 bin]# iptables -F
[root@centos8 bin]# iptables -A INPUT -s 192.168.26.6 -j REJECT
[root@centos8 bin]# iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         0     0 REJECT     all  --  *      *       192.168.26.6         0.0.0.0/0            reject-with icmp-port-unreachableChain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination         Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)pkts bytes target     prot opt in     out     source               destination

测试⼀下node1是否可以ping通node3， 是否可以ssh链接的node3

[root@centos6 ~]# ping 192.168.26.8
PING 192.168.26.8 (192.168.26.8) 56(84) bytes of data.
From 192.168.26.8 icmp_seq=1 Destination Port Unreachable
From 192.168.26.8 icmp_seq=2 Destination Port Unreachable
From 192.168.26.8 icmp_seq=3 Destination Port Unreachable
From 192.168.26.8 icmp_seq=4 Destination Port Unreachable
^C
--- 192.168.26.8 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3041ms[root@centos6 ~]# ssh 192.168.26.8
ssh: connect to host 192.168.26.8 port 22: Connection refused

使⽤node1 链接node2，然后再⽤node2链接node3 达到从node1访问node3的⽬的

[root@centos6 ~]# ssh 192.168.26.7
root@192.168.26.7's password:
Last login: Sat Nov  9 11:59:52 2019 from 192.168.26.6
[root@centos7 ~]# ssh 192.168.26.8
root@192.168.26.8's password:
Activate the web console with: systemctl enable --now cockpit.socketLast login: Sat Nov  9 18:51:02 2019 from 192.168.26.1
[root@centos8 ~]#

直接在node1上执⾏ssh命令也可以实现通过node2链接node3，如图：
分别输⼊node2，和node3的密码即可成功登录node3服务器

[root@centos6 ~]# ssh -t 192.168.26.7 ssh 192.168.26.8
root@192.168.26.7's password:  #输入26.7
root@192.168.26.8's password:  #输入26.8
Activate the web console with: systemctl enable --now cockpit.socketLast login: Sat Nov  9 20:00:20 2019 from 192.168.26.7
[root@centos8 ~]#

6.使⽤ssh命令在远程主机上执⾏单条命令后返回结果，然后退出:

使⽤上个试验的node1主机通过ssh在node2上执⾏⼀个ip a 的命令，然后退出，如图:

[root@centos6 ~]# ssh -t 192.168.26.7 'ip a'
root@192.168.26.7's password:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:79:c6:ce brd ff:ff:ff:ff:ff:ffinet 172.20.3.107/16 brd 172.20.255.255 scope global noprefixroute dynamic eth0valid_lft 2590623sec preferred_lft 2590623secinet6 fe80::7a63:4abc:9540:e640/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:79:c6:d8 brd ff:ff:ff:ff:ff:ffinet 192.168.26.7/24 brd 192.168.26.255 scope global noprefixroute eth1valid_lft forever preferred_lft foreverinet6 fe80::20c:29ff:fe79:c6d8/64 scope link valid_lft forever preferred_lft forever
Connection to 192.168.26.7 closed.

7.SSH基于密码的验证，登录对⽅主机时需要输⼊对⽅对应⽤户的密码才可登录

实验准备

操作系统 id地址 主机名
CentOS6 192.168.26.6 node1
CentOS7 192.168.26.7 node2
CentOS8 192.168.26.8 node3

实现基于密码的登录验证⽅式，简单的说就是使⽤对⽅主机⽤户名和密码进⾏登录
使⽤node1 登录node2的root账户，输⼊密码后，即可登录node2服务器的root

[root@centos6 ~]# ssh root@192.168.26.7
root@192.168.26.7's password:
Last failed login: Sat Nov  9 13:17:35 CST 2019 from 172.20.1.9 on ssh:notty
There were 3 failed login attempts since the last successful login.
Last login: Sat Nov  9 12:07:53 2019 from 192.168.26.6
[root@centos7 ~]#

8.SSH基于公钥验证，实现免密登录远程主机

在node1主机上⽣成公私钥对，将⽣成的公钥拷贝到node2主机上，让后通过node1；ssh链接node2的对应账户，将不需
要输⼊对⽅的密码就可登录。使⽤主机环境同上。

在node1主机上使⽤ssh-keygen -t rsa ⽣成公私钥对，执⾏过程中直接按回车键使⽤默认选项即可。然后再
~/.ssh⽂件夹中查看对应的公钥⽂件

#生成秘钥对
[root@centos6 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
95:f2:6e:53:b1:01:fe:40:d1:23:36:61:fc:fe:b0:5a root@centos6.magedu.sun.com
The key's randomart image is:
+--[ RSA 2048]----+
|         .*+     |
|         +=oo    |
|        ..=+o.   |
|         + o.+   |
|        S ..+    |
|         . .o    |
|          + E+   |
|         . o. .  |
|          ..     |
+-----------------+

使⽤ssh-copy-id 命令将node1的公钥传送到node2的~/.ssh/authorized_keys⽂件中

[root@centos6 .ssh]# ssh-copy-id 192.168.26.7
root@192.168.26.7's password:
Now try logging into the machine, with "ssh '192.168.26.7'", and check in:.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.

查看⼀下node2的对应⽂件重的内容是否为node1刚⽣产的公钥信息，内容应该包含node1的公钥。
在node1上使⽤ssh链接node2主机的root账户。如图，不需要输⼊密码直接登录成功，ssh基于公钥验证的实验
完成

[root@centos6 .ssh]# ssh 192.168.26.7
Last login: Sat Nov  9 13:20:43 2019 from 192.168.26.6
[root@centos7 ~]# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArJM297neqsI7ZO0pEeoH0lJo8MbjJ5SssAOahnHF7fPZp8lZRR59UPGw7TYVEoskdu+NN2MowIlEQGC8HVsA5NL1cFMs/riCY8fCLs9aJpC3VwSJ9s7qNG13J/IHvO7eOTgrq86j4vgRiOZYMENRqBWOFXmWoK2D7zGoKcgqa+RFTvuVwbY7nc/LOz10LuCaQab8zCom6PPvgf7XPs5+awkXhcex6GBxAfnhNg6CXh6B+0UkJIOAvz3RW9HJK9S0ThZv6wqJ5zU7gPHCd1pw/pV8J2xMZ3xL1fICL69ZxcuTiXmiTaQqELQUiAPJfQLx7R7SXGXDYGgzKGG4KdCmMw== root@centos6.magedu.sun.com

将node2中的~/.ssh/authorized_keys⽂件清空后，ssh⼜恢复到基于密码验证。
在node2中清空对应⽂件：

#清除密码
[root@centos7 ~]# cd .ssh
[root@centos7 .ssh]# ll
total 8
-rw------- 1 root root 409 Nov  9 13:52 authorized_keys
-rw-r--r-- 1 root root 174 Nov  9 09:39 known_hosts
[root@centos7 .ssh]# echo > authorized_keys #清除公钥后登录，显示要输入密码登录
[root@centos6 ~]# ssh 192.168.26.7
root@192.168.26.7's password:
Last login: Sat Nov  9 13:56:26 2019 from 192.168.26.6
[root@centos7 ~]#

某些业务场景将，需要多的服务器之间相互免密登录，则需要分别拷贝⾃⼰的公钥到对⽅主机的授权⽂件中，实现 起来相对繁琐。这⾥我们可以让所有的服务器使⽤相同的公私钥，这样既可以减少相互拷贝公钥的⼯作量。
在node1上使⽤ssh-keygen -t rsa⽣成公私钥，让后拷贝⾃⼰的公钥到⾃⼰的authorized_keys中，最后将整个~/.shh ⽂件夹拷贝到node2和node3中。

#在node1上使用ssh -keygen -t rsa生成公私钥
[root@centos7 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:KWaZqx66lfCDEcgicQfFTW6daPUBlo2rsorqQYPyAuQ root@centos7
The key's randomart image is:
+---[RSA 2048]----+
|. o+oo. +=.      |
|.+ ....=oo..     |
|+o.   = o..      |
|*  . o o..       |
|+Eo   *.S        |
|+..=.+.o         |
|..o *o.          |
| o.o.+           |
|=.++o            |
+----[SHA256]-----+

在node1上使⽤ssh-copy-id将公钥拷贝到⾃⼰的authorized_keys中：

[root@centos6 .ssh]# ssh-copy-id root@192.168.26.6
The authenticity of host '192.168.26.6 (192.168.26.6)' can't be established.
RSA key fingerprint is 36:2c:35:3f:46:df:69:f2:9a:b3:32:24:ef:cd:e7:bf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.26.6' (RSA) to the list of known hosts.
root@192.168.26.6's password:
Now try logging into the machine, with "ssh 'root@192.168.26.6'", and check in:.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.[root@centos6 .ssh]#

查看⼀下node1的公钥和authorized_keys内容是否⼀样。

[root@centos6 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArJM297neqsI7ZO0pEeoH0lJo8MbjJ5SssAOahnHF7fPZp8lZRR59UPGw7TYVEoskdu+NN2MowIlEQGC8HVsA5NL1cFMs/riCY8fCLs9aJpC3VwSJ9s7qNG13J/IHvO7eOTgrq86j4vgRiOZYMENRqBWOFXmWoK2D7zGoKcgqa+RFTvuVwbY7nc/LOz10LuCaQab8zCom6PPvgf7XPs5+awkXhcex6GBxAfnhNg6CXh6B+0UkJIOAvz3RW9HJK9S0ThZv6wqJ5zU7gPHCd1pw/pV8J2xMZ3xL1fICL69ZxcuTiXmiTaQqELQUiAPJfQLx7R7SXGXDYGgzKGG4KdCmMw== root@centos6.magedu.sun.com
[root@centos6 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArJM297neqsI7ZO0pEeoH0lJo8MbjJ5SssAOahnHF7fPZp8lZRR59UPGw7TYVEoskdu+NN2MowIlEQGC8HVsA5NL1cFMs/riCY8fCLs9aJpC3VwSJ9s7qNG13J/IHvO7eOTgrq86j4vgRiOZYMENRqBWOFXmWoK2D7zGoKcgqa+RFTvuVwbY7nc/LOz10LuCaQab8zCom6PPvgf7XPs5+awkXhcex6GBxAfnhNg6CXh6B+0UkJIOAvz3RW9HJK9S0ThZv6wqJ5zU7gPHCd1pw/pV8J2xMZ3xL1fICL69ZxcuTiXmiTaQqELQUiAPJfQLx7R7SXGXDYGgzKGG4KdCmMw== root@centos6.magedu.sun.com

删除node2和node3中的.ssh ⽂件夹：

[root@centos7 ~]# rm -rf .ssh[root@centos8 ~]# rm -rf .ssh

拷贝node1的.ssh⽂件到node2和node3的对应位置:

[root@centos6 ~]# scp -pr .ssh root@192.168.26.7:/root
root@192.168.26.7's password:
id_rsa.pub                  100%  409     0.4KB/s   00:00
known_hosts                 100%  788     0.8KB/s   00:00
authorized_keys             100%  409     0.4KB/s   00:00
id_rsa                      100% 1675     1.6KB/s   00:00    [root@centos6 ~]# scp -pr .ssh root@192.168.26.8:/root
root@192.168.26.8's password:
id_rsa.pub                  100%  409     0.4KB/s   00:00
known_hosts                 100% 1182     1.2KB/s   00:00
authorized_keys             100%  409     0.4KB/s   00:00
id_rsa                      100% 1675     1.6KB/s   00:00

使⽤node1，node2和node3的root分别登录其他两个服务器root账户，分别登录成功:

------------------------------------------------------
#在node1上
[root@centos6 ~]# ssh 192.168.26.7
Last login: Sat Nov  9 14:28:00 2019 from 192.168.26.6
[root@centos7 ~]#
[root@centos6 ~]# ssh 192.168.26.8
Last login: Sat Nov  9 22:28:11 2019 from 192.168.26.7
[root@centos8 ~]# ------------------------------------------------------
#在node2上
[root@centos7 ~]# ssh 192.168.26.6
Last login: Sat Nov  9 14:20:54 2019 from 172.20.1.9
[root@centos6 ~]#
[root@centos7 ~]# ssh 192.168.26.8
Last login: Sat Nov  9 22:28:41 2019 from 192.168.26.6
[root@centos8 ~]# ------------------------------------------------------
#在node3上
[root@centos8 bin]# ssh 192.168.26.6
Last login: Sat Nov  9 14:28:39 2019 from 192.168.26.7
[root@centos6 ~]#
[root@centos8 bin]# ssh 192.168.26.7
Last login: Sat Nov  9 14:28:31 2019 from 192.168.26.6
[root@centos7 ~]#

9.由于ssh基于公钥验证的⽅式依赖于公私钥，因此私钥的安全性需要的到保障，可以通过加密私钥的⽅法提⾼安全性

对已⽣成的私钥进⾏加密，使⽤ssh-keygen -p 实现。删除node2的.ssh⽬录，重新拷贝node1的公钥到node2的 authorized_keys 中，然后使⽤node1登录node2时，需要输⼊node1私钥的密码才能登录

------------------------------------------------------
#删除node2 .ssh目录
[root@centos7 ~]# rm -rf .ssh------------------------------------------------------
#在node1上使用ssh-keygen -p生成密钥对并加密，用ssh-copy-id 发送至node2
[root@centos6 ~]# ssh-keygen -p
Enter file in which the key is (/root/.ssh/id_rsa):
Key has comment '/root/.ssh/id_rsa'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
[root@centos6 ~]# ssh-copy-id 192.168.26.7
root@192.168.26.7's password:
Now try logging into the machine, with "ssh '192.168.26.7'", and check in:.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.-------------------------------------------------------
#使用node1连接node2，需要使用给密钥加密的密码
[root@centos6 ~]# ssh 192.168.26.7
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Sat Nov  9 14:31:35 2019 from 192.168.26.8
[root@centos7 ~]#

10.个实验总每次登录都需要输⼊私钥的密码，使⽤起来⽐较繁琐。我们可以使⽤ ssh-agent bash 和ssh-add 对私钥密码在本次回话中托管。减少输⼊私钥密码的次数

安装psmisc软件包，查看当前ssh回话状态

[root@centos6 ~]# yum - install psmisc
[root@centos6 ~]# pstree | grep bash|-sshd---sshd---bash-+-grep

然后使⽤ssh-agent bash 开启⼀个bash:

[root@centos6 ~]# ssh-agent bash[root@centos6 ~]# pstree | grep ssh|-sshd---sshd---bash---bash-+-grep|                           `-ssh-agent

在新开启的bash中执⾏ssh-add 并输⼊私钥密码。然后连接node2，成功连接不需要输⼊密码:

-------------------------------------------------------
[root@centos6 ~]# ssh-agent bash
[root@centos6 ~]# ssh-add
Enter passphrase for /root/.ssh/id_rsa:  #此处输入的是给秘钥加密的密码
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[root@centos6 ~]#--------------------------------------------------------
[root@centos6 ~]# ssh 192.168.26.7
Last login: Sat Nov  9 16:17:53 2019 from 192.168.26.6
[root@centos7 ~]#

11.基于公钥的登录⽅式在Xshell中实现

在windows中使⽤Xshell客户端⼯具⽣成公私钥对

点击xshell的⼯具，选择新建⽤户秘钥向导

在弹出的对话框中选择rsa加密算法和秘钥长度，点击下⼀步

成秘钥后点击下⼀步

给秘钥起⼀个名称，根据需要决定是否需要设置私钥密码。然后点击完成

点击xshell的⼯具，选择秘钥用户管理者

双击我们新生成的秘钥，单击公钥，复制所有公钥信息

然后将公钥写⼊到node1的authorized_keys中

#将公钥复制进去就可以了
[root@centos6 ~]# vim .ssh/authorized_keys

在Xshell中新建⼀个连接,填写对应的ip地址和端⼝号

选择⽤户⾝份验证，⽅法选择publickey，然后输⼊⽤户名，选择之前⽣成的⽤户密码，最后点击确定

⽣成会话后点击连接，测试⼀下是否不需要输⼊root密码即可登录成功

Xshell基于公钥验证的登录⽅式验证成功，直接登录上了， 不需要输⼊root密码

Connecting to 192.168.26.6:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.Last login: Sat Nov  9 17:29:43 2019 from 192.168.26.1
[root@centos6 ~]#

12.脚本实现拷贝公钥，登录主机

#存放除本机外要拷贝公钥的电脑ip
cat ip.txt
192.168.26.7
192.168.26.8

#!/bin/bashrpm -q expect &> /dev/null || yum -y install expect
ssh-keygen -P "" -f "/root/.ssh/id_rsa"
userpwd="123456"
while read ipaddr ; do
expect <<EOF
set timeout 10
spawn ssh-copy-id $ipaddr
expect {"yes/no" {send "yes\n";exp_continue}"password" {send "userpwd\n"}
}
expect eof
EOF
done < ip.txt

执⾏脚本 bash sshkeyau.sh

[root@centos6 ~]# rm -rf .ssh
[root@centos7 ~]# rm -rf .ssh
[root@centos8 ~]# rm -rf .ssh[root@centos6 ~]# bash sshkeyau.sh

使⽤node1 链接node2主机，验证脚本是否运⾏正常

[root@centos6 ~]# ssh 192.168.26.7
[root@centos7 ~]# exit

linux进阶-ssh命令的使用技巧全get相关推荐

1. Linux下SSH命令使用方法详解

   1.查看SSH客户端版本 有的时候需要确认一下SSH客户端及其相应的版本号.使用ssh -V命令可以得到版本号.需要注意的是,Linux一般自带的是OpenSSH: 下面的例子即表明该系统正在使用Op ...

2. linux git ssh_Git年满13岁，可以了解Linux和SSH命令，Python编程等等

   linux git ssh Git在4月7日满13岁,我们用13个Git技巧庆祝. 继续阅读以获取4月2日至8日读者喜爱的完整清单: John SJ Anderson 撰写的Git 13岁生日的13个 ...

3. linux如何解压.z文件,linux文件解压缩命令(史上最全教程)

   1. 前言 本文主要讲解linux文件解压缩命令,史上最全总结. 2. Linux如何打包目录和解包: tar cvf FileName.tar DirName 解包tar文件: tar xvf Fi ...

4. linux的ssh命令

   转自:http://man.linuxde.net/ssh ssh命令 网络安全 ssh命令是openssh套件中的客户端连接工具,可以给予ssh加密协议实现安全的远程登录服务器. 语法 ssh(选项 ...

5. linux启用SSH命令

   启动SSH命令 service sshd start 查看SSH 状态命令 systemctl status sshd.service 允许外部以Root角色接入22端口 vim /etc/ssh/s ...

6. linux进阶-scp命令及相关传输命令全get

   本章内容:scp命令.rsync命令.sftp命令.pssh命令.pslurp命令 大家好,我们又见面了! 文章目录 本章内容:scp命令.rsync命令.sftp命令.pssh命令.pslurp命令 ...

7. linux 网络下载命令 wget 使用技巧

   wget 是一个命令行的下载工具.对于我们这些 Linux 用户来说,几乎每天都在使用它.下面为大家介绍几个有用的 wget 小技巧,可以让你更加高效而灵活的使用 wget. $ wget -r -n ...

8. linux之ssh命令

   一.简介: ssh相当于windows上的远程桌面连接,但没有桌面,只有文字终端.ssh是许多Linux使用者入门时必学的一个命令.借助ssh,开发人员可以很方便地连接远程或是局域网的其他电脑,直接在 ...

9. linux vim 剪切命令,vim使用技巧（插入，删除，查找，复制，粘贴，剪切）

   编程人员很喜欢的编辑器:vim 先搞清楚vim的三种模式: 1.命令模式:在Linux终端中输入"vim 文件名"就进入了命令模式,但不能输入文字. 2.编辑模式:在命令模式下按i ...

最新文章

1. 白领们注意啦:“过劳死”27个危险信号!
2. 一文让你完全弄懂逻辑回归和分类问题实战《繁凡的深度学习笔记》第 3 章 分类问题与信息论基础（上）（DL笔记整理系列）
3. leaflets + heatmap 加载地图
4. Redis基础知识总结概述
5. 把第三方jar包放入本地私服
6. tensorflow学习笔记：tf.control_dependencies，tf.GraphKeys.UPDATE_OPS，tf.get_collection
7. 文献记录(part102)--Two-phase clustering process for outliers detection
8. 【Modern OpenGL】纹理 Textures
9. 利用CloudIDE当做简单linux环境，执行简单python工程任务
10. webpack devserver配置_在webpack中使用babel
11. E72上安装fring使用skypeout拨打电话
12. 1180魔方阵（每日学习）宁波大学OJ
13. fork()和多线程
14. 用matplotlib画sigmoid函数
15. 修改U盘、移动硬盘时提示目标文件夹访问被拒绝的问题解决思路
16. 敏捷开发培训部分讲义内容
17. bzoj 3653 [湖南集训]谈笑风生
18. R语言第十讲 逻辑斯蒂回归
19. 小甲鱼python入门014课后题_小甲鱼零基础入门学习Python-014
20. CentOS 修改源为163和指定epel源和Docker安装

热门文章

1. python 实现扫描器，arp欺骗，数据包分析。
2. 5G时代来临，电影行业面临的机遇与挑战
3. UART/USB UART/USB你必须知道的
4. visual studio code下载慢解决办法
5. 网络平台运行计算机终端,Terminal是什么意思？Mac如何打开终端Terminal？
6. MDK 出现#68-D: integer conversion resulted in a change of sign
7. 全局热键给截图自动加水印并win10系统通知
8. 上报下单行为 腾讯广告 微信 公众号 PHP
9. 使用python制作爬虫_使用Python的urllib和urllib2模块制作爬虫的实例教程
10. Java快速入门到精通—大数字运算（BigDecimal 类）