SSH

2013年3月5日 星期二 2013年3月10日整理筆記

SSH

一、遠端虛拟機

1、SSH IP

[root@desktop7 Desktop]# ssh 192.168.0.230

The authenticity of host '192.168.0.230 (192.168.0.230)' can't be established.

RSA key fingerprint is aa:78:bb:61:60:62:27:4d:5c:57:ba:a1:3b:78:c6:44.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.0.230' (RSA) to the list of known hosts.

[email protected]'s password:

Last login: Tue Mar  5 01:22:27 2013

[root@localhost ~]#

2、檢視遠端結果

[root@localhost ~]# ifconfig

eth0      Link encap:Ethernet  HWaddr 52:54:00:00:00:6B  

          inet addr:192.168.0.230  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::5054:ff:fe00:6b/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:1870 errors:0 dropped:0 overruns:0 frame:0

          TX packets:262 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:238319 (232.7 KiB)  TX bytes:28695 (28.0 KiB)

lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:1395 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1395 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:4655520 (4.4 MiB)  TX bytes:4655520 (4.4 MiB)

3、退出

[root@localhost ~]# exit

logout

Connection to 192.168.0.230 closed.

[root@desktop7 Desktop]# ifconfig

br0       Link encap:Ethernet  HWaddr 50:46:5D:71:C2:F1  

          inet addr:192.168.0.7  Bcast:192.168.0.255  Mask:255.255.255.0

          inet6 addr: fe80::5246:5dff:fe71:c2f1/64 Scope:Link

          RX packets:23119 errors:0 dropped:0 overruns:0 frame:0

          TX packets:4392 errors:0 dropped:0 overruns:0 carrier:0

          RX bytes:30279359 (28.8 MiB)  TX bytes:363885 (355.3 KiB)

4、遠端CMD

[root@desktop7 Desktop]# ssh 192.168.0.230 'mkdir abc'

5、驗證

Last login: Tue Mar  5 02:17:04 2013 from desktop7.example.com

[root@localhost ~]# ls

abc  anaconda-ks.cfg  Desktop  install.log  install.log.syslog

6、退出

二、編輯公私鑰配置檔案

1、删除私鑰

（1）遠端

[root@desktop7 ~]# ssh 192.168.0.230

Last login: Tue Mar  5 02:24:36 2013 from desktop7.example.com

（2）删除私鑰

[root@localhost ~]# cd /etc/ssh

[root@localhost ssh]# ls

moduli       ssh_host_dsa_key      ssh_host_key.pub

ssh_config   ssh_host_dsa_key.pub  ssh_host_rsa_key

sshd_config  ssh_host_key          ssh_host_rsa_key.pub

[root@localhost ssh]# rm -rf /etc/ssh/*key*

[root@localhost ssh]#

（3）檢視删除情況

moduli  ssh_config  sshd_config

（4）重新開機SSH服務

[root@localhost ssh]# service sshd restart

Stopping sshd:                                             [  OK  ]

Generating SSH1 RSA host key:                              [  OK  ]

Generating SSH2 RSA host key:                              [  OK  ]

Generating SSH2 DSA host key:                              [  OK  ]

Starting sshd:                                             [  OK  ]

自動重新生成配置檔案

（5）退出

[root@localhost ssh]# exit

[root@desktop7 ~]#

（6）驗證

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that the RSA host key has just been changed.

The fingerprint for the RSA key sent by the remote host is

66:7d:db:45:37:9c:b2:b5:77:30:e0:14:26:1b:ac:6e.

Please contact your system administrator.

Add correct host key in /root/.ssh/known_hosts to get rid of this message.

Offending key in /root/.ssh/known_hosts:2

RSA host key for 192.168.0.230 has changed and you have requested strict checking.

Host key verification failed.

秘鑰已經改變

2、修改本機公鑰

（1）查找本機公鑰

[root@desktop7 ssh]# find / -name known_hosts

/root/.ssh/known_hosts

/tmp/root/.ssh/known_hosts

編輯

[root@desktop7 ssh]# vim ~/.ssh/known_hosts

（原公鑰檔案内容）

192.168.0.230 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvTVJOt0+yhMn4v3MktKfoRjSON0SOnit3ekl23JaYVLcfkb75w5PwOO8c+d2stVoz+kM2ujn2ehNd4wm9zXyEtZb+sJwVzWTFw512Ax2/5eUz+0cheUQx64C+seefamKUxQNpBBCDeBn+ZquXRkl6n1CK3RM4Oga7YRj5hH512llUcm/q/iXQ1jtLqzqY9w5TdfomJZ5EhIuqaOqxb/s323rgHvjYO3SuldHtWZ+0qtY+I7lN03AhwuIhr5f2Fz5jVz539SweXR5px+6sQkiqL5EYda956AD76rpd9yV3k+flRWNIUSPrC66Pm+9aESDPq6VTwhG9sNABifCzXiyEQ==

（删除連接配接失敗的記錄）

再連接配接，正常進行

Last login: Tue Mar  5 03:43:46 2013 from desktop7.example.com

          RX packets:6207 errors:0 dropped:0 overruns:0 frame:0

          TX packets:3506 errors:0 dropped:0 overruns:0 carrier:0

          RX bytes:646379 (631.2 KiB)  TX bytes:446810 (436.3 KiB)

          RX packets:1419 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1419 errors:0 dropped:0 overruns:0 carrier:0

          RX bytes:4658880 (4.4 MiB)  TX bytes:4658880 (4.4 MiB)

三、不需密碼遠端對方主機

1、産生秘鑰對

[root@desktop7 ssh]# ssh-keygen                           ＃生成秘鑰

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

/root/.ssh/id_rsa already exists.

Overwrite (y/n)? y

Enter passphrase (empty for no passphrase):               ＃輸入空密碼

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

f1:f6:0c:b7:87:af:dd:b4:c8:d6:18:89:c3:c2:5f:43 [email protected]

[root@desktop7 ssh]#

2、将秘鑰對拷貝給對方

兩種情況

未删除authorized_keys檔案時可自動補全

删除authorized_keys檔案後不能補全

[root@desktop7 .ssh]# scp id_rsa.pub 192.168.0.230:/root/.ssh/authorized_keys

RSA key fingerprint is 66:7d:db:45:37:9c:b2:b5:77:30:e0:14:26:1b:ac:6e.

[email protected]'s password:                                               ＃輸入密碼确認

id_rsa.pub                                    100%  407     0.4KB/s   00:00    

3、遠端主機