SSH是什么？

一、SSH是什么？

SSH（secure shell）是一种网络协议，用于不同主机之间的加密通信。在1995年被设计出来，现已成为Linux系统的标准配置。

SSH作为一种协议，有多种实现，OpenSSH是其中的开源实现。

命令格式为：ssh 用户名@ip addr

linux@linux:/$ ssh linux@30.0.1.43
The authenticity of host '30.0.1.43 (30.0.1.43)' can't be established.
ECDSA key fingerprint is SHA256:THHVZ1IfwqJk0YpV7Qk/a+ZvMds4phRQJEbrJIJFagg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '30.0.1.43' (ECDSA) to the list of known hosts.
linux@30.0.1.43's password: 
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-122-generic x86_64)
......
linux@linux:~$ exit
logout
Connection to 30.0.1.43 closed.

英文的解释为：无法确定主机“30.0.1.43 (30.0.1.43)”的真实性。现知道ECDSA key fingerprint，确认要连接吗？

输入yes,则给出提示：“警告：将“30.0.1.43”（ECDSA）永久添加到已知主机列表中。”

同时，要求输入目标主机的密码，便登录成功。

远程连接后，并实施操作后，输入exit退出。

这里说明一下：

ECDSA是什么？

椭圆曲线数字签名算法（ECDSA）是使用椭圆曲线密码（ECC）对数字签名算法（DSA）的模拟

将“30.0.1.43”（ECDSA）永久添加到已知主机列表中。存在什么地方？

linux@linux:~$ cat ~/.ssh/known_hosts 
|1|tl/qb7M5czlKxx/K92mH+LvhzLg=|SBrV7zopc4QRmxrJMnas5fglLWs= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFW6biQLrJ+0KwI1ODyN0iunhGqNahQE2smmawJEcwjdWg90AGPnpEc1T5EH9cZFRt9wfhq7AzpW0l5akYqdws0=

二、SSH的免密登录

每次都输入密码，显然是不友好的，如何做到免密登录呢？可以使用公钥的方式。

1.使用ssh-keygen创建密钥对

ssh-keygen命令用来生成、创建和管理SSH认证用的公私钥。

执行ssh-keygen命令，中间遇到输入的内容，可以一路回车

linux@linux:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/linux/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/linux/.ssh/id_rsa.
Your public key has been saved in /home/linux/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bZX4G8qB+xcrrqutb4/9C//l6Wq6wCWk4k8yOtezuXQ linux@linux
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|           . .   |
|         .. o    |
|        oo o     |
|     . .S.+.o    |
|    . . .+oo.o   |
|     +.o.E+ .o  .|
|   ...*+++ooo. o.|
|   .o oXX==*B++o.|
+----[SHA256]-----+

查看生成的公钥id_rsa.pub和私钥id_rsa

linux@linux:~$ cd ~/.ssh/
linux@linux:~/.ssh$ ls
id_rsa  id_rsa.pub  known_hosts

2.将生成id_rsa.pub拷贝到目标主机上

linux@linux:~/.ssh$ scp id_rsa.pub root@30.0.1.43:/tmp
root@30.0.1.43's password: 
id_rsa.pub                                                                                                               100%  397   535.9KB/s   00:00

3.SSH到目标主机，并将id_rsa.pub添加到目标主机的authorized_keys

linux@linux:~/.ssh$ ssh root@30.0.1.43
root@30.0.1.43's password: 
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-122-generic x86_64)
......




root@linux:/tmp# cat id_rsa.pub >> ~/.ssh/authorized_keys

查看authorized_keys文件内容

root@linux:/tmp# cat ~/.ssh/authorized_keys
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".';echo;sleep 10" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6FbeqPRLroVf57dgljfOUR6VV5BlCDB97kkmfS8meBP0BlOGspWFcroojP74RBBm2ChzoifufsI0huEm7M2oW76+DpteEgDXiFkT7A/U16+crgOsqtnG3tnHYIml+JlbT7Cq65YxnbZWA5MK3cDaQPBajb+jyqfnh2pmhbicjxATkub0CxGRvbkrnUIpzTqkDeXWmQc5E26QFaWfuuZQ/JQZ035oQhT0Kjh5l/7MeImFC++zJRr22anpy3xTM09w7o136C4hCvDpUAYtc2TfizrQP0c/DbE2W1TkgSQ0T8Pw9wht5zcX7Lk13r+HPiG4wXoZtWNVNeiyTc5doLpDt Generated-by-Nova
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDm/MEB2Qw4tN3z18Lkhjq84oluP/3zDnNGF64kdh+23KPKm2m5ev4kpXyC1/uNMfRYpYMhCYeLiFgOEdTINnBuXXDyJ4aohi0TeJPzWUwxtK6opUmeR82V5HBxE0eScEG+KlV5//CjPlbEJvB1x0zeYa6p/1icjWmkNTBnI3rEPPX+vFFQC0PrdibBXWWzRg3/h51YG4asNqp391t9sj+ZWCAbUZ1+zRBB8zYlgAnYhRahxVnjim4gicwM3+staaCqiQeaYODZu8DbmGxuWEUiZN4NfXl8Yej/tZH7cKfHgW+r2gXemiNH2FlHhnf5fi/OxsZQ+8XG7WrEOB+mKD7l linux@linux

说明：可以使用ssh-copy-id命令将id_rsa.pub拷贝到目标主机的 ~/.ssh/authorized_keys文件中，并给目标主机相应目录适当的的权限。

ssh-copy-id -i ~/.ssh/id_rsa.pub 30.0.1.43

4. 修改sshd_config配置文件

vim /etc/ssh/sshd_config

修改口令登录：yes为no

PasswordAuthentication yes

去掉注释，允许公钥登录

#PubkeyAuthentication yes
PubkeyAuthentication yes

添加：

RSAAuthentication yes

修改authorized_keys文件权限

root@linux:~# chmod 700 .ssh/
root@linux:~# chmod 600 ~/.ssh/authorized_keys

重启sshd服务

root@linux:~# service sshd restart

5. 使用id_rsa登录目录主机

linux@linux:~/.ssh$ ssh -i id_rsa root@30.0.1.43
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-122-generic x86_64)
......