linux中两台虚拟机实现ssh远程登录

实验要求

配置ssh远程连接
1.实现两台linux主机之间通过公钥验证能够互相实现免密登陆

首先我们先开启两台虚拟机,然后在客户端进行操作

1.在用户端生成密钥对

ssh-keygen -t rsa:(ssh-keygen为生成密钥的管理工具,rsa为非堆成密钥算法)
[root@node2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.(获取一个公钥和私钥文件)
Enter file in which to save the key (/root/.ssh/id_rsa(为私钥信息文件的保存信息)): 
Enter passphrase (empty for no passphrase): (我们这一步省略私钥的密码直接回车)
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub(生成公钥文件,这个文件就是我们稍后需要发送到服务器的文件)
The key fingerprint is:
SHA256:oPqCemcbB3B/3ADsMgAjVVcIw+DQJ1qHd/D0jvOXlzo root@node2
The key's randomart image is:
+---[RSA 3072]----+
|=+o==++o.        |
|.+* ==+o         |
| oo*.oo o        |
|.  ooo.= o       |
|    oo+ S .      |
|   . . +   . .   |
| .. . . . o o    |
|. o.oo   .Eo     |
|o. +o.    ..     |
+----[SHA256]-----+

我们在/root/.ssh下可以看到我们刚才所保存的.pub文件, 我们将此文件传输到服务器的/root/.ssh中

linux中两台虚拟机实现ssh远程登录_第1张图片

2.将公钥文件拷贝到服务端/root/.ssh/authorized_keys

[root@node2 ~]# ssh-copy-id [email protected](在命令后也可以加-i,但是需要添加认证文件的名字-/root/.ssh/id_rsa.pub)
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

这时我们可以进入到服务器进行查看

linux中两台虚拟机实现ssh远程登录_第2张图片

此文件即为客户机所发送的公钥文件,客户端连接服务器内部自动获得公钥进行验证从而连接到服务端。不需要做密码验证。

linux中两台虚拟机实现ssh远程登录_第3张图片

服务端发送公钥,连接时不需要再发送信息,而是将公钥文件记录在服务器的authorized_keys文件下,进入验证阶段,默认密码和公钥验证都开启,直接进入到公钥验证,成功后直接就可以登录到服务器主机。

你可能感兴趣的:(linux,ssh,服务器)