2013年3月5日 星期二 2013年3月10日整理筆記
SSH
一、遠端虛拟機
1、SSH IP
[root@desktop7 Desktop]# ssh 192.168.0.230
The authenticity of host '192.168.0.230 (192.168.0.230)' can't be established.
RSA key fingerprint is aa:78:bb:61:60:62:27:4d:5c:57:ba:a1:3b:78:c6:44.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.230' (RSA) to the list of known hosts.
[email protected]'s password:
Last login: Tue Mar 5 01:22:27 2013
[root@localhost ~]#
2、檢視遠端結果
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 52:54:00:00:00:6B
inet addr:192.168.0.230 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe00:6b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1870 errors:0 dropped:0 overruns:0 frame:0
TX packets:262 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:238319 (232.7 KiB) TX bytes:28695 (28.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1395 errors:0 dropped:0 overruns:0 frame:0
TX packets:1395 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4655520 (4.4 MiB) TX bytes:4655520 (4.4 MiB)
3、退出
[root@localhost ~]# exit
logout
Connection to 192.168.0.230 closed.
[root@desktop7 Desktop]# ifconfig
br0 Link encap:Ethernet HWaddr 50:46:5D:71:C2:F1
inet addr:192.168.0.7 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::5246:5dff:fe71:c2f1/64 Scope:Link
RX packets:23119 errors:0 dropped:0 overruns:0 frame:0
TX packets:4392 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:30279359 (28.8 MiB) TX bytes:363885 (355.3 KiB)
4、遠端CMD
[root@desktop7 Desktop]# ssh 192.168.0.230 'mkdir abc'
5、驗證
Last login: Tue Mar 5 02:17:04 2013 from desktop7.example.com
[root@localhost ~]# ls
abc anaconda-ks.cfg Desktop install.log install.log.syslog
6、退出
二、編輯公私鑰配置檔案
1、删除私鑰
(1)遠端
[root@desktop7 ~]# ssh 192.168.0.230
Last login: Tue Mar 5 02:24:36 2013 from desktop7.example.com
(2)删除私鑰
[root@localhost ~]# cd /etc/ssh
[root@localhost ssh]# ls
moduli ssh_host_dsa_key ssh_host_key.pub
ssh_config ssh_host_dsa_key.pub ssh_host_rsa_key
sshd_config ssh_host_key ssh_host_rsa_key.pub
[root@localhost ssh]# rm -rf /etc/ssh/*key*
[root@localhost ssh]#
(3)檢視删除情況
moduli ssh_config sshd_config
(4)重新開機SSH服務
[root@localhost ssh]# service sshd restart
Stopping sshd: [ OK ]
Generating SSH1 RSA host key: [ OK ]
Generating SSH2 RSA host key: [ OK ]
Generating SSH2 DSA host key: [ OK ]
Starting sshd: [ OK ]
自動重新生成配置檔案
(5)退出
[root@localhost ssh]# exit
[root@desktop7 ~]#
(6)驗證
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
66:7d:db:45:37:9c:b2:b5:77:30:e0:14:26:1b:ac:6e.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:2
RSA host key for 192.168.0.230 has changed and you have requested strict checking.
Host key verification failed.
秘鑰已經改變
2、修改本機公鑰
(1)查找本機公鑰
[root@desktop7 ssh]# find / -name known_hosts
/root/.ssh/known_hosts
/tmp/root/.ssh/known_hosts
編輯
[root@desktop7 ssh]# vim ~/.ssh/known_hosts
(原公鑰檔案内容)
192.168.0.230 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvTVJOt0+yhMn4v3MktKfoRjSON0SOnit3ekl23JaYVLcfkb75w5PwOO8c+d2stVoz+kM2ujn2ehNd4wm9zXyEtZb+sJwVzWTFw512Ax2/5eUz+0cheUQx64C+seefamKUxQNpBBCDeBn+ZquXRkl6n1CK3RM4Oga7YRj5hH512llUcm/q/iXQ1jtLqzqY9w5TdfomJZ5EhIuqaOqxb/s323rgHvjYO3SuldHtWZ+0qtY+I7lN03AhwuIhr5f2Fz5jVz539SweXR5px+6sQkiqL5EYda956AD76rpd9yV3k+flRWNIUSPrC66Pm+9aESDPq6VTwhG9sNABifCzXiyEQ==
(删除連接配接失敗的記錄)
再連接配接,正常進行
Last login: Tue Mar 5 03:43:46 2013 from desktop7.example.com
RX packets:6207 errors:0 dropped:0 overruns:0 frame:0
TX packets:3506 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:646379 (631.2 KiB) TX bytes:446810 (436.3 KiB)
RX packets:1419 errors:0 dropped:0 overruns:0 frame:0
TX packets:1419 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:4658880 (4.4 MiB) TX bytes:4658880 (4.4 MiB)
三、不需密碼遠端對方主機
1、産生秘鑰對
[root@desktop7 ssh]# ssh-keygen #生成秘鑰
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): #輸入空密碼
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
f1:f6:0c:b7:87:af:dd:b4:c8:d6:18:89:c3:c2:5f:43 [email protected]
[root@desktop7 ssh]#
2、将秘鑰對拷貝給對方
兩種情況
未删除authorized_keys檔案時可自動補全
删除authorized_keys檔案後不能補全
[root@desktop7 .ssh]# scp id_rsa.pub 192.168.0.230:/root/.ssh/authorized_keys
RSA key fingerprint is 66:7d:db:45:37:9c:b2:b5:77:30:e0:14:26:1b:ac:6e.
[email protected]'s password: #輸入密碼确認
id_rsa.pub 100% 407 0.4KB/s 00:00
3、遠端主機