1. Describe the process of key authentication
Connect SSH service--ssh-keygen generate key (public key, private key)--ssh-copy-id transfer public key to remote server-access remote service side--SCP cross-host upload and copy download
After our user creates the key, transmits the public key to the other user, the other party will trust us, we can avoid the password access
2. Manually configure key Authentication login
Connect to SSH
[[email protected] ~]# ssh [email protected] //1号ssh登入2号(也可2号直接生成密钥)The authenticity of host ‘192.168.56.13 (192.168.56.13)‘ can‘t be established.ECDSA key fingerprint is SHA256:mew0e7pEB0HDYWtnCCYbYopmwO7dYS7T7oySpZ+cfqg.ECDSA key fingerprint is MD5:59:75:45:71:cd:34:a2:d3:df:5e:fc:cb:16:9a:04:53.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ‘192.168.56.13‘ (ECDSA) to the list of known hosts.[email protected]‘s password:Last login: Mon Jul 30 15:05:55 2018 from 192.168.56.1
Generate key
[[email protected] ~]# ssh-keygen -t rsa //生成密钥Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Created directory ‘/root/.ssh‘.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:iEujOIJR4THdKHLM5L1XD6aUYF2rKxwPKPgFMyPCaEc [email protected]The key‘s randomart image is:+---[RSA 2048]----+| +=Eo+ .. ||+o**o.o. . ||+=Oo. o = ||+o.* + * o ||+ . O = S . ||.= = B . ||= o + o ||.. . || |+----[SHA256]-----+[[email protected] ~]# ls .ssh/ //查看隐藏中的sshid_rsa id_rsa.pub
Ssh-copy-id transferring the public key to the client to be accessed
[[email protected] ~]# ssh-copy-id-i ~/.ssh/id_rsa.pub [email protected]//The public key created at login 2nd is transferred to number 1th /usr/bin/ssh-copy-id:info:source of key (s) to be installed: "/root/.ssh/id_rsa.pub" the authenticity of host ' 192.168.56. One (192.168.56.11) ' can ' t be established. ECDSA key fingerprint is SHA256:mFtHEvI1K3YUxeD7NAkROmKmlWRdR1iNOxgUI4lLFhM.ECDSA key fingerprint is md5:37:2c:a4:4c: E6:25:20:21:e4:07:e4:87:50:cc:69:05.are you sure do want to continue connecting (yes/no)? Yes/usr/bin/ssh-copy-id:info:1 key (s) remain to being installed--if you are prompted now it's to install the new Keys[em Ail protected] ' s password:permission denied, please try again. [email protected] ' s password:number of key (s) Added:1now try logging into the machine, with: "SSH" [Email pro Tected] ' and check to make sure that is only the key (s) wanted were added. [[email protected] ~]# exit//Logout No. 2nd [[email protected] ~]#SSH [email protected]//Return 1th # [email protected] ' s password:last login:mon Jul 30 14:52:50 20 From 192.168.56.1[[email protected] ~]# ls-a//Public key has arrived. . bash_history. Cache. Esd_auth. redhat. test.sh.swp Template Download: . bash_logout. config. iceauthority. ssh. Viminfo Video Music 123. Bash_profile. CSHRC initial-setup-ks.cfg. TCSHRC . xauths1suwn picture Desktop anaconda-ks.cfg. bashrc. Dbus. Local test.sh public documents [[Email pro Tected] ~]# ssh [email protected]//number 2nd visit 1th last Login:mon Jul 16:12:37 2018 from 192.168.56 .11//No Password required
Number 2nd now transmits the public key to number 1th, so no password is required for number 2nd access 1th, but access number 1th still requires a password.
At this point, number 1th needs to create the key, and then transfer the public key to number 2nd can be password-free login number 2nd
SCP upload and replication across hosts
Currently only demo number 2nd
Transfer Demo
[[email protected] ~]# scp 123123.sh [email protected]:/ //使用scp命令传送至根目录下123123.sh 100% 0 0.0KB/s 00:00 [[email protected] ~]# ls /123123.sh boot etc lib media opt root sbin sys tmp varbin dev home lib64 mnt proc run srv test.sh usr
Download Demo
[[email protected] ~]# ls /root //查看1号root目录123 anaconda-ks.cfg initial-setup-ks.cfg test.sh 公共 模板 视频 图片 文档 下载 音乐 桌面[[email protected] ~]# scp [email protected]:/root/test.sh . //2号将1号目录下的root目录下的test.sh复制到2号当前目录下,与传输不同,文件及路径在ip后方test.sh 100% 505 220.2KB/s 00:00
LINUX--SSH remote access, key generation and use of public keys, uploading and downloading