linux 远程连接管理

雨点打透心脏的1/2处 2022-04-16 00:15 253阅读 0赞

1.Openssh服务  
S以在本地主机和远程服务器之间进行加密地传输数据，实现数据的安全。OpenSSH是SSH协议的免费开源实现  
当主机开启了openssh服务就意味着开启了远程连接的接口

SSH的工作原理  
SSH是由服务端和客户端组成，服务端是一个守护进程，它在后台运行并响应来自客户端的连接请求  
openssh服务的服务端是 sshd  
openssh服务的客户端是ssh  
实验准备  
打开两台虚拟机分别配置IP为192.168.0.155/192.168.0.131只要不同即可

服务端：  
hostnamectl set-hostname [service.com][] 更改名字方便区分  
\[root@service ~\]\# ifconfig 查看IP 192.168.0.155  
客户端：  
hostnamectl set-hostname [client.com][] 更改名字方便区分  
\[root@client ~\]ifconfig 查看IP 192.168.0.131  
客户端连接需要密码:  
\[root@client ~\]\# rm -fr /root/.ssh/ 删除.ssh目录

[root@client ~]# ssh root@192.168.0.155  连接服务端，目录会自动生成
    The authenticity of host ' 192.168.0.155 ( 192.168.0.155)' can't be established.
    ECDSA key fingerprint is b1:05:1c:1c:99:8d:fd:26:e7:d9:62:3c:32:4d:91:66.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ' 192.168.0.155' (ECDSA) to the list of known hosts.
    root@ 192.168.0.155's password: 
    Last login: Thu Jun 14 08:33:55 2018 from  192.168.0.155

\[root@service ~\]\# exit  
logout  
Connection to 192.168.0.155 closed.  
\[root@client ~\]\# cd /root/.ssh/ 切换到.ssh路径  
\[root@client .ssh\]\# ls 查看已经有了连接  
known\_hosts

在服务端：  
\[root@service ~\]\# rm -fr /root/.ssh/ 删除.ssh目录

[root@service ~]# ssh root@ 192.168.0.131  连接客户端生成目录
    The authenticity of host '  192.168.0.131( 192.168.0.131)' can't be established.
    ECDSA key fingerprint is 1c:8a:8c:8e:fe:33:f3:7a:9d:70:11:f9:9a:57:6c:23.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added ' 192.168.0.131' (ECDSA) to the list of known hosts.
    root@172.25.254.221's password: 
    Last login: Thu Jun 14 08:21:20 2018 from 172.25.254.84
    [root@client ~]# exit
    logout
    Connection to  192.168.0.131 closed.

\[root@service ~\]\# cd /root/.ssh/ 切换到.ssh路径  
\[root@service .ssh\]\# ls 已经有了连接  
known\_hosts

在服务端：  
生成锁和钥匙：  
\[root@service .ssh\]\# ssh-keygen 生成密钥的命令

Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 保存加密字符的文件用默认
    Enter passphrase (empty for no passphrase):  可以为空，如果不想为空必须大于4位
    Enter same passphrase again: 
    Your identification has been saved in /root/.ssh/id_rsa. 私钥
    Your public key has been saved in /root/.ssh/id_rsa.pub. 公钥
    The key fingerprint is:
    4c:ce:8b:d0:98:b5:c5:5c:e3:72:a9:11:9b:e0:b6:ce root@service.com
    The key's randomart image is:
    +--[ RSA 2048]----+
    |      . . o      |
    |     . + * o     |
    |      + X +      |
    |     * O =       |
    |    + + S        |
    |     + . .       |
    |      E .        |
    |                 |
    |                 |
    +-----------------+

\[root@service .ssh\]\# ls  
id\_rsa id\_rsa.pub known\_hosts

加密ssh用户的认证：  
\[root@service .ssh\]\# ssh-copy-id -i /root/.ssh/id\_rsa.pub [root@192.168.0.155][root_192.168.0.155] 对服务端进行加密  
ssh-copy-id 加密命令  
\-i 指定密钥  
/root/.ssh/id\_rsa.pub 密钥  
root 加密用户  
192.168.0.155 主机ip  
\[root@service .ssh\]\# ls 已经生成锁文件  
authorized\_keys id\_rsa id\_rsa.pub known\_hosts

验证：

[root@service .ssh]# scp /root/.ssh/id_rsa root@ 192.168.0.131:/root/.ssh/
    root@ 192.168.0.131's password: 
    id_rsa                                        100% 1675     1.6KB/s   00:00      解密文件传输到客户端

在客户端：  
\[root@client .ssh\]\# ls 查看已经有了私钥  
id\_rsa known\_hosts  
\[root@client .ssh\]\# ssh root@ 192.168.0.155 可以免密连接  
Last login: Thu Jun 14 08:41:02 2018 from 192.168.0.131  
\[root@service ~\]\# exit 退出  
logout  
Connection to 192.168.0.155 closed.

在服务端：  
\[root@service .ssh\]\# rm -fr authorized\_keys 当此文件被删除，客户端解密文件失效  
\[root@service .ssh\]\# ls 查看已经被删除  
id\_rsa id\_rsa.pub known\_hosts

在客户端：  
\[root@client .ssh\]\# ssh root@ 192.168.0.155 连接需要密码  
root@ 192.168.0.155’s password:  
Last login: Thu Jun 14 08:49:10 2018 from 192.168.0.131  
\[root@service ~\]\# exit 退出  
logout  
Connection to 192.168.0.155 closed.

在服务端：  
\[root@service .ssh\]\# scp /root/.ssh/id\_rsa.pub /root/.ssh/authorized\_keys 从新生成锁文件，解密文件功能恢复  
\[root@service .ssh\]\# ls 查看已经生成锁文件  
authorized\_keys id\_rsa id\_rsa.pub known\_hosts

在客户端：  
\[root@client .ssh\]\# ssh root@ 192.168.0.155 可以免密连接  
Last login: Thu Jun 14 08:49:35 2018 from 192.168.0.131  
\[root@service ~\]\# exit 退出  
logout  
Connection to 192.168.0.155 closed.  
\[root@client .ssh\]\# rm -fr id\_rsa 在客户端删除私钥之后也没办法免密执行  
\[root@client .ssh\]\# ls 查看已经删除私钥  
known\_hosts  
\[root@client .ssh\]\# ssh root@ 192.168.0.155 连接需要密码  
root@ 192.168.0.155’s password:  
Last login: Thu Jun 14 08:50:10 2018 from 192.168.0.131  
\[root@service ~\]\# exit 退出  
logout  
Connection to 192.168.0.155 closed.

在服务端：

[root@service .ssh]# scp /root/.ssh/id_rsa root@ 192.168.0.131:/root/.ssh/  重新发送解密文件
    root@ 192.168.0.131's password: 
    id_rsa                                        100% 1675     1.6KB/s   00:00

在客户端：  
\[root@client .ssh\]\# ls 查看已经有了私钥  
id\_rsa known\_hosts  
\[root@client .ssh\]\# ssh root@ 192.168.0.155 可以免密连接  
Last login: Thu Jun 14 08:50:23 2018 from 192.168.0.131  
\[root@service ~\]\# exit 退出  
logout  
Connection to 192.168.0.155 closed.

文件传输·  
1.从服务器上下载文件

scp username@servername:/path/filename /var/www/local\_dir（本地目录）

2.上传本地文件到服务器

scp /path/filename username@servername:/path

3.从服务器下载整个目录

scp -r username@servername:/var/www/remote\_dir/（远程目录） /var/www/local\_dir（本地目录）

4.上传目录到服务器

scp -r local\_dir username@servername:remote\_dir

[service.com]: http://service.com
[client.com]: http://client.com
[root_192.168.0.155]: mailto:root@192.168.0.155