ssh远程管理命令

基于秘钥登录方式部署流程

1)在管理主机上创建秘钥对信息

 ssh-keygen -t dsa    <<---- 创建秘钥对命令 -t dsa表示确定秘钥对加密类型
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): <<-- 确认私钥文件保存路径

Overwrite(y/n)y        <<--确认如果存在秘钥对信息,是否进行覆盖
Enter passphrase (empty for no passphrase):    <<--确认是否给秘钥设置密码信息(一般为空)
Enter same passphrase again:  
Your identification has been saved in /root/.ssh/id_dsa.   <<--私钥地址

Your public key has been saved in /root/.ssh/id_dsa.pub.  <<--公钥地址
The key fingerprint is:
SHA256:VNv//X+GL8J/VyE+C5KCugmfjyHTDc1dciluM3DNsf4 root@nfs01
The key's randomart image is:
+---[DSA 1024]----+
| .. |
| o.+o |
| . +.B. . |
| o =.* o . |
| . o.*S.. . o .|
| . o...oo.. o .o|
| + o.. . .E. o.+|
| =.= o.o *|
| *o. o.=B|
+----[SHA256]-----+

2).j将管理主机上的公钥信息发送给被管理的主机

ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.31
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host '172.16.1.31 (172.16.1.31)' can't be established.
ECDSA key fingerprint is SHA256:YCp8YoyYHMdeP9hlikze2pjPvUmdh0/obsL36cLdq70.
ECDSA key fingerprint is MD5:0e:30:bb:cf:a5:19:2f:0c:9d:ba:89:88:b9:49:5d:9f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.31's password:
Permission denied, please try again.
root@172.16.1.31's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '172.16.1.31'"
and check to make sure that only the key(s) you wanted were added.

3).进行远程管理测试(基于秘钥的方式进行远程管理)

ssh  <<---直接使用命令登录(免密登录)

ssh x.x.x.x ls <<--可以直接使用远程主机命令

 SSH服务端配置文件信息说明(/etc/ssh/sshd_config)

#Port 22        <<--修改端口号信息

#ListenAddress 0.0.0.0       <<--主要作用提升网络连接安全性

 

 

注:监听地址只能配置为服务器网卡上拥有的地址

#PermitRootLogin no    <<--是否允许root用户远程登录

#PermitEmptyPasswords no  <<--是否允许空密码登录

UseDNS yes        <<--是否进行DNS反向解析(提升ssh远程连接效率)

GSSAPIAuthentication no   <<--是否进行远程GSSAPI认证(提升ssh远程连接效率)

#sftp常用操作命令总结

bys      Quit  sftp               <<--退出sftp传输模式

cd  path         Change remote directory to 'path'  <<--改变远程目录信息

pwd                     Display remote working directory  <<--显示远程主机当前目录信息

lcd path               Change local directory to 'path'   <<--改变本地目录的路径信息

lpwd                    Print local working directory      <<--输出本地目录路径信息

get    [-afPpRr] remote [local]       Download file  <<--下载文件命令

put    [-afPpRr] local [remote]       Upload file     <<--上传文件命令

posted @ 2021-04-13 00:38  弓长虎三  阅读(311)  评论(0)    收藏  举报