武安网站设计公司,网站备案后改域名,阿里云wordpress 备份数据,wordpress默认用户头像SSH#xff1a;安全外壳协议#xff0c;是一种在不安全网络上用于安全远程登录和其他安全网络服务的协议 SSH由三部分构成#xff1a; 1.传输层协议 [SSH-TRANS]#xff1a; 提供了服务器认证#xff0c;保密性及完整性。此外它有时还提供压缩功能。 SSH-TRANS 通常运行在… SSH安全外壳协议是一种在不安全网络上用于安全远程登录和其他安全网络服务的协议 SSH由三部分构成 1.传输层协议 [SSH-TRANS] 提供了服务器认证保密性及完整性。此外它有时还提供压缩功能。 SSH-TRANS 通常运行在TCP/IP连接上也可能用于其它可靠数据流上。 SSH-TRANS 提供了强力的加密技术、密码主机认证及完整性保护。该协议中的认证基于主机并且该协议不执行用户认证。更高层的用户认证协议可以设计为在此协议之上。 2.用户认证协议 [SSH-USERAUTH] 用于向服务器提供客户端用户鉴别功能。它运行在传输层协议 SSH-TRANS 上面。当SSH-USERAUTH 开始后它从低层协议那里接收会话标识符从第一次密钥交换中的交换哈希H 。会话标识符唯一标识此会话并且适用于标记以证明私钥的所有权。 SSH-USERAUTH 也需要知道低层协议是否提供保密性保护。 3.连接协议 [SSH-CONNECT] 将多个加密隧道分成逻辑通道。它运行在用户认证协议上。它提供了交互式登录话路、远程命令执行、转发 TCP/IP 连接和转发 X11 连接。 目录 密码登录
免密登录
密钥登录 密码登录
密码登录也叫本地登录即使用系统中有的用户进行登录
允许本地登录
vim /etc/ssh/sshd_config #编辑ssh配置文件Port 22 #端口
PermitRootLogin yes #允许root远程登录
#MaxAuthTries 6 #密码最多尝试次数
#MaxSessions 10 #最多登录数
#PermitEmptyPasswords no #禁止空密码
免密登录
指不用输入密码可直接进行登录这种方式较为不安全
先生成密钥在所有需要免密登录的服务器上执行
ssh-keygen #生成密钥在所有需要免密登录的主机上执行Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory /root/.ssh.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ph6xfXo7j7Vlez9FkxS28xo8u92AWxxaWbEaJTZgkQ rootlinux4
The keys randomart image is:
---[RSA 3072]----
| oEo.B..|
| . B X |
| o Oo|
| .oo|
| . S . |
| * . |
| . . . .o|
| . . ooo o*|
| . ..oo X|
----[SHA256]-----
选择一台根ssh复制私钥和发送密钥
ssh-copy-id linux3.skills.com #复制linux3 id在所有需要免密登录的主机上执行 linux3为选择其中一台作为ssh根服务器/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: /root/.ssh/id_rsa.pub
The authenticity of host linux3.skills.com (192.168.100.70) cant be established.
ECDSA key fingerprint is SHA256:PaZo5HAGzDRzwRAiEZGz4U7lrUXCuBXCPqaNyZlaO0M.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes #输入 yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
rootlinux3.skills.coms password: #输入密码Number of key(s) added: 1Now try logging into the machine, with: ssh linux3.skills.com
and check to make sure that only the key(s) you wanted were added.
cd ~/.ssh #切换目录
scp authorized_keys linux4.skills.com:~/.ssh #发送密钥在根ssh服务器上执行所有除自己的完全合格域名The authenticity of host linux4.skills.com (192.168.100.80) cant be established.
ECDSA key fingerprint is SHA256:eZTdD1yO5XNEVi0YY0ibebxDFIr/aoJLU5r4MjBZuKo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes #输入yes
Warning: Permanently added linux4.skills.com,192.168.100.80 (ECDSA) to the list of known hosts.
rootlinux4.skills.coms password: #输入免密
authorized_keys 100% 1130 118.9KB/s 00:00
密钥登录
使用公钥私钥认证的方式使用时较为安全
一般不使用root用户生成密钥对否则都要使用root操作
ssh-keygen #在要连接上的客户机生成密钥对Generating public/private rsa key pair.
Enter file in which to save the key (/home/chen/.ssh/id_rsa): #回车
/home/chen/.ssh/id_rsa already exists.
Overwrite (y/n)? y #覆盖原有密钥(已生成过)
Enter passphrase (empty for no passphrase): #输入密钥密码
Enter same passphrase again: #再次输入密钥密码
Your identification has been saved in /home/chen/.ssh/id_rsa
Your public key has been saved in /home/chen/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:eUpOqm172pMbETKWHxXYtpWwbUrUCGaftI08NeXjbms chenchen-HP-Pro-Tower-288-G9-PCI-Desktop-PC
The keys randomart image is:
---[RSA 3072]----
| *oo. |
| .*Oo |
| o.Xo o |
| . . . . |
| S o . |
| . |
| . . o |
| o... .E. |
| ..oo .. |
----[SHA256]-----
ssh-copy-id root10.1.220.100 #上传公钥到服务器/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root10.1.220.100s password: #输入服务器密码Number of key(s) added: 1Now try logging into the machine, with: ssh root10.1.220.100
and check to make sure that only the key(s) you wanted were added. 以上操作后执行ssh重启动即可
systemctl restart sshd #重启ssh服务
