实现Linux双机互信
客户机A:192.168.220.113
服务机B:192.168.220.111
1.在客户端A机上生成公私钥
命令:ssh-keygen -t rsa
一直回车生成无密码证书
[root@client01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QdeAHKe23MW647SxcnuF25O+CNwpn+WKq9L1ZFvk0J4 root@client01
The key's randomart image is:
+---[RSA 2048]----+
| .oo+o |
| .o+ .. |
| + o. |
| o + o. o |
| S o * . |
| ..o+.E |
| . .O+o*.. |
| . oo.X==+ |
| ..+B+=o+o |
+----[SHA256]-----+
查看生成的证书
上述命令将生成私钥证书id_rsa和公钥证书id_rsa.pub,存放在用户家目录的.ssh子目录中。
命令:ll ~/.ssh
[root@client01 ~]# ll ~/.ssh
total 8
-rw-------. 1 root root 1679 Jan 23 02:55 id_rsa
-rw-r--r--. 1 root root 395 Jan 23 02:55 id_rsa.pub
2.客户端A对服务端B建立信任关系
将公钥证书id_rsa.pub复制到主机B的root家目录的.ssh子目录中,同时将文件名更换为authorized_keys。建立了客户端到服务器端的信任关系后,客户端就可以不用再输入密码,从服务器端拷贝数据。
命令:scp -r .ssh/id_rsa.pub 192.168.220.111:/root/.ssh/authorized_keys
[root@client01 ~]# scp -r .ssh/id_rsa.pub 192.168.220.111:/root/.ssh/authorized_keys
root@192.168.220.111's password:
id_rsa.pub 100% 395 569.2KB/s 00:00
3.在服务端B中生成公私钥并发给客户机A
[root@server01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3kuNYOGJY4x9wL/3WAzsNPQazAumZ5qxoGNunLvz6XE root@server01
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| o . . |
| + = B . |
| . * S O . |
| . B B X |
| . .o E = O + |
| B. = B o = |
| +=B+ + o . |
+----[SHA256]-----+
[root@server01 ~]# scp -r .ssh/id_rsa.pub 192.168.220.113:/root/.ssh/authorized_keys
The authenticity of host '192.168.220.113 (192.168.220.113)' can't be established.
ECDSA key fingerprint is SHA256:I7T7xJV57ZivzK0kB8qPRU+m1hhHMb14OLJMn230thw.
ECDSA key fingerprint is MD5:f9:bd:d4:56:48:48:76:2c:df:42:1c:94:44:62:b9:ed.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.220.113' (ECDSA) to the list of known hosts.
root@192.168.220.113's password:
id_rsa.pub 100% 395 277.7KB/s 00:00
测试
从客户机A拷贝文件到服务器B上
[root@client01 ~]# scp -r Client01 192.168.220.111:/tmp/sshtrust
Client01 100% 36 42.0KB/s 00:00
查看服务机B
[root@server01 ~]# ll /tmp/sshtrust/
total 4
-rw-r--r--. 1 root root 36 Jan 23 03:28 Client01
从服务器B拷贝文件到客户机A上
[root@server01 ~]# scp -r /tmp 192.168.220.113:/tmp/sshtrust/
yum.log 100% 0 0.0KB/s 00:00
ks-script-B9dwfn 100% 836 2.6KB/s 00:00
Client01 100% 36 39.5KB/s 00:00
查看客户机A
[root@client01 ~]# ll /tmp/sshtrust
total 0
drwxr-xr-x. 2 root root 22 Jan 23 03:34 sshtrust
远程登录
命令:ssh 远程用户名@远程主机IP地址 [命令或脚本]
从客户机A登录服务机B
[root@client01 ~]# ssh root@192.168.220.111
Last login: Sat Jan 23 02:52:55 2021 from 192.168.220.1
[root@server01 ~]#
[root@server01 ~]#
从服务机B查询客户机A的ip地址
[root@server01 ~]# ssh root@192.168.220.113 'ifconfig'
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.220.113 netmask 255.255.255.0 broadcast 192.168.220.255
inet6 fe80::20c:29ff:fe32:3367 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:32:33:67 txqueuelen 1000 (Ethernet)
RX packets 16619 bytes 20887195 (19.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4008 bytes 504484 (492.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
浙公网安备 33010602011771号