【カリキュラムノート】Linuxを素早く使いこなす典型的な応用——慕課網(SSH)

13322 ワード

SSH紹介:
SSHの簡単な紹介1、安全シェルプロトコル;2、アプリケーション層に構築されたソフトウェア;3、プラットフォームにまたがる;4、安全;
1.1 CentosでのSSHサービスのインストール(デフォルト)
サービスを開始し、電源を入れてchkconfig sshd onを実行するように設定します.
1.2クライアントのSSHツール:
典型的なCSインタラクションモードでは、複数のSSHソフトウェア接続があります.Severのインストール時にクライアントをインストールしました.
1.3 SSHコマンドリンクサービスを使用する——コマンドライン
macOSでteminalを使用してSSHを接続する:コマンドは非常に簡単:ssh[username]@[domain_name]
Last login: Mon Apr 16 19:27:21 on ttys001
zhangyunchendeMacBook-Pro:~ zhangyunchen$ ssh
usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
           [-D [bind_address:]port] [-E log_file] [-e escape_char]
           [-F configfile] [-I pkcs11] [-i identity_file]
           [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
           [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
           [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
           [user@]hostname [command]
zhangyunchendeMacBook-Pro:~ zhangyunchen$ 
zhangyunchendeMacBook-Pro:~ zhangyunchen$ 
zhangyunchendeMacBook-Pro:~ zhangyunchen$ 
zhangyunchendeMacBook-Pro:~ zhangyunchen$ ssh root@192.168.0.114
The authenticity of host '192.168.0.114 (192.168.0.114)' can't be established.
ECDSA key fingerprint is SHA256:VoLf/WSoie6PfXjWGPGmkHnfTeiUDHMCizH+hj+il+Q.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.114' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Last login: Mon Apr 16 07:33:36 2018 from 192.168.0.155
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# exit
  
Connection to 192.168.0.114 closed.
zhangyunchendeMacBook-Pro:~ zhangyunchen$ exit
logout
Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.

1.4 SSH config説明
configを使用すると、複数のSSHを一括管理するのに使用でき、典型的なメンテナンスで習得するスキルです.一般的なconfigは~/.ssh/configに格納されます
configの構成構文
文法キーワード:HostName;Port; User; IdentityFile;鍵ファイルのパス
このSSH config私はとてもJSONファイルのフォーマットに似ていると感じます:host“centos”
        Hostname 192.168.0.114
        User root
        Port 22
        IdentityFile ~/.ssh/id_rsa.pub
        IndentitiesOnly yes

具体的な操作:
Last login: Mon Apr 16 19:36:20 on ttys001
zhangyunchendeMacBook-Pro:~ zhangyunchen$ ssh root@192.168.0.105
^Z
[1]+  Stopped                 ssh root@192.168.0.105
zhangyunchendeMacBook-Pro:~ zhangyunchen$ ssh root@192.168.0.114
root@192.168.0.114's password: 
Last login: Mon Apr 16 07:37:39 2018 from 192.168.0.155
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# 
[root@localhost ~]# exit
  
Connection to 192.168.0.114 closed.
zhangyunchendeMacBook-Pro:~ zhangyunchen$ cd ~/.ssh
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ls
known_hosts
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ touch config 
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ;s
-bash: syntax error near unexpected token `;'
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ls
config known_hosts
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ vim config
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ssh Centos
root@192.168.0.114's password: 
Last login: Mon Apr 16 07:45:40 2018 from 192.168.0.155
[root@localhost ~]# vim config

[1]+                    vim config
[root@localhost ~]# vim ~/.ssh/config

[2]+                    vim ~/.ssh/config
[root@localhost ~]# cd ~/.ssh
-bash: cd: /root/.ssh:          
[root@localhost ~]# cd ~/.ssh/
-bash: cd: /root/.ssh/:          
[root@localhost ~]# exit
  
      。
[root@localhost ~]# exit
  
Vim: Caught deadly signal TERM
Vim: Finished.
Vim: Caught deadly signal TERM
Vim: Finished.
Connection to 192.168.0.114 closed.
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ vim config

[2]+  Stopped                 vim config
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ 
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ 
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ 
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ cat config\
> 

host "Centos"
HostName 192.168.0.114
User root
Port 22

zhangyunchendeMacBook-Pro:.ssh zhangyunchen$  exit
logout
There are stopped jobs.
zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ exit
logout
Saving session...
...copying shared history...
...saving history...truncating history files...
...completed.


host "Centos"
        HostName 192.168.0.114
        User root
        Port 22

[     ]~          

1.5 SSHのパスワードフリーログイン——SSH KEY
  • 非対称暗号化方式を用いて公開鍵
  • を生成することが多い.
  • 秘密鍵は主にローカル~/.sshディレクトリ
  • に格納.
  • 公開鍵が公開され、サーバに置かれた~/.ssh/authorized_keys

  • Linuxでは,SSHに付属するssh-keygen-t rsa/dsaによりssh keyを生成する.
    Last login: Mon Apr 16 21:19:28 on ttys000
    zhangyunchendeMacBook-Pro:~ zhangyunchen$ cd ~/.ssh
    zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ssh-
    ssh-add      ssh-agent    ssh-copy-id  ssh-keygen   ssh-keyscan  
    zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ssh-
    ssh-add      ssh-agent    ssh-copy-id  ssh-keygen   ssh-keyscan  
    zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/Users/zhangyunchen/.ssh/id_rsa): cent_rsa
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in cent_rsa.
    Your public key has been saved in cent_rsa.pub.
    The key fingerprint is:
    SHA256:T/9j0NxcnE7Lzysf5aaI+ek/WCJyAp4u68kFsneK1Gc zhangyunchen@zhangyunchendeMacBook-Pro.local
    The key's randomart image is:
    +---[RSA 2048]----+
    |                 |
    |                 |
    |               ..|
    |      .        oo|
    |  . .. oS .  o+o+|
    |   + .o ooo.o +=+|
    |  o o.E  +...= o+|
    | . +.B.    o.=+o+|
    |  ..*o    oo=o*=.|
    +----[SHA256]-----+
    zhangyunchendeMacBook-Pro:.ssh zhangyunchen$ ls
    cent_rsa    cent_rsa.pub    config      known_hosts
    zhangyunchendeMacBook-Pro:.ssh zhangyunchen$