SSHÃÜÔ¿¶ÔÔÚLinux SysOpsÖеÄÉèÖÃÓëÖÎÀíÒªÁì
SSHÃÜÔ¿¶ÔÔÚLinux SysOpsÖеÄÉèÖÃÓëÖÎÀíÒªÁì
ÔÚLinuxϵͳÔËά£¨SysOps£©ÖУ¬SSH£¨Secure Shell£©ÊÇÒ»ÖÖ³£ÓõÄÔ¶³ÌµÇ¼ºÍÖÎÀí¹¤¾ß¡£¶øSSHÃÜÔ¿¶ÔµÄÉèÖÃÓëÖÎÀíÊÇ°ü¹ÜÅþÁ¬Çå¾²ÐԺͼò»¯µÇ¼Àú³ÌµÄÖ÷ÒªÒ»»·¡£±¾ÎĽ«ÏÈÈÝSSHÃÜÔ¿¶ÔµÄÉèÖÃÓëÖÎÀíÒªÁ죬²¢ÌṩÏêϸµÄ´úÂëʾÀý¡£
SSHÃÜÔ¿¶Ôͨ³£Óɹ«Ô¿£¨public key£©ºÍ˽Կ£¨private key£©×é³É¡£¹«Ô¿ÓÃÓÚ¼ÓÃÜÊý¾Ý£¬Ë½Ô¿ÔòÓÃÓÚ½âÃÜ¡£ÃÜÔ¿¶ÔµÄÌìÉúºÍÉèÖ÷ÖΪÈçϼ¸¸ö°ì·¨£º
ÌìÉúÃÜÔ¿¶Ô
Ê×ÏÈ£¬ÔÚLinuxµÄÖÕ¶ËÖÐÖ´ÐÐÒÔÏÂÏÂÁîÌìÉúÃÜÔ¿¶Ô£º
$ ssh-keygen -t rsa -b 4096
µÇ¼ºó¸´ÖÆ
¸ÃÏÂÁÌìÉúÒ»¸ö4096λµÄRSAÃÜÔ¿¶Ô£¬²¢½«¹«Ô¿ºÍ˽Կ»®·ÖÉúÑÄÔÚ~/.ssh/id_rsa.pubºÍ~/.ssh/id_rsaÎļþÖС£
ÉèÖÃÃÜÔ¿¶Ô
½ÓÏÂÀ´£¬½«ÌìÉúµÄ¹«Ô¿ÄÚÈݸ´ÖƵ½Ä¿µÄЧÀÍÆ÷µÄ~/.ssh/authorized_keysÎļþÖУ¬ÒÔʵÏÖ¹«Ô¿ÈÏÖ¤¡£¿ÉÒÔʹÓÃÒÔÏÂÏÂÁ¹«Ô¿¸´ÖƵ½Ä¿µÄЧÀÍÆ÷£º
$ ssh-copy-id user@host
µÇ¼ºó¸´ÖÆ
ÆäÖУ¬userÊÇÄ¿µÄЧÀÍÆ÷µÄÓû§Ãû£¬hostÊÇÄ¿µÄЧÀÍÆ÷µÄIPµØµã»òÓòÃû¡£
ÐÞ¸ÄSSHÉèÖÃ
ΪÁËÈ·±£SSHÃÜÔ¿¶ÔµÄÇå¾²ÐÔ£¬ÐèÒªÐÞ¸ÄSSHЧÀÍÆ÷µÄÉèÖá£ÔÚÄ¿µÄЧÀÍÆ÷Éϱà¼/etc/ssh/sshd_configÎļþ£¬½«ÒÔϲÎÊýÉèÖÃΪ¶ÔÓ¦µÄÖµ£º
PubkeyAuthentication yes PasswordAuthentication no PermitRootLogin no
µÇ¼ºó¸´ÖÆ
½«PubkeyAuthenticationÉèÖÃΪyes£¬ÆôÓù«Ô¿ÈÏÖ¤£»½«PasswordAuthenticationÉèÖÃΪno£¬½ûÓÃÃÜÂëÈÏÖ¤£»½«PermitRootLoginÉèÖÃΪno£¬Õ¥È¡ÒÔrootÓû§µÇ¼¡£
ÖØмÓÔØSSHЧÀÍ
ÔÚÄ¿µÄЧÀÍÆ÷ÉÏÖ´ÐÐÒÔÏÂÏÂÁÖØмÓÔØSSHЧÀÍ£¬Ê¹ÉèÖÃÉúЧ£º
$ systemctl reload sshd
µÇ¼ºó¸´ÖÆ
ÏÖÔÚ£¬SSHÃÜÔ¿¶ÔµÄÉèÖÃÓëÖÎÀíÒѾÍê³É¡£¿ÉÒÔͨ¹ýÒÔÏÂÏÂÁî²âÊÔ£º
$ ssh user@host
µÇ¼ºó¸´ÖÆ
ÆäÖУ¬userÊÇÄ¿µÄЧÀÍÆ÷µÄÓû§Ãû£¬hostÊÇÄ¿µÄЧÀÍÆ÷µÄIPµØµã»òÓòÃû¡£
×ܽ᣺
ͨ¹ýÒÔÉϵİ취£¬ÎÒÃÇÀֳɵØÉèÖÃÁËSSHÃÜÔ¿¶Ô£¬²¢ÊµÏÖÁËÔ½·¢Çå¾²ºÍÀû±ãµÄÔ¶³ÌÅþÁ¬¡£SSHÃÜÔ¿¶ÔµÄÖÎÀíÒ²°üÀ¨°´ÆÚÌæ»»ºÍ±¸·Ý£¬ÒÔ¼°Ê¹ÓÃÃÜÂë¿â¶Ô˽Կ¾ÙÐмÓÃܱ£»¤µÈ¡£Ï£Íû±¾ÎĵÄÄÚÈݹØÓÚLinux SysOpsÖ°Ô±ÌṩÁËÓÐÓõÄÖ¸µ¼ºÍ²Î¿¼¡£
£¨×¢£º±¾ÎĵĴúÂëʾÀý»ùÓÚLinuxϵͳ£¬Õë¶ÔÆäËû²Ù×÷ϵͳ»ò²î±ð°æ±¾µÄLinux¿ÉÄÜ»áÓÐËù²î±ð£¬Çëƾ֤ÏÖÕæÏàÐξÙÐе÷½â¡££©
ÒÔÉϾÍÊÇSSHÃÜÔ¿¶ÔÔÚLinux SysOpsÖеÄÉèÖÃÓëÖÎÀíÒªÁìµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡