首页 > 系统相关 >Linux快速入门(八)效率工具(SSH)

Linux快速入门(八)效率工具(SSH)

时间:2022-08-30 23:23:46浏览次数:61  
标签:入门 Linux SSH key ubuntu 10.211 root id ssh

环境

(1)Kali(源主机),IP:10.211.55.4/24
(2)Ubuntu(目标主机),IP:10.211.55.5/24

SSH

OpenSSH用于在远程系统上安全的运行Shell,假设现在需要在Kali机器上通过root用户远程登陆另一台机器Ubuntu,那么就可以使用SSH服务,但是使用SSH登录每次都需要输入密码,为了节省时间,可以配置SSH免密登陆。这样Kali这台机器就可以通过SSH直接登陆到Ubuntu

SSH免密登陆

主机连通性

首先使用ping命令确保两台主机的连通性。

┌──(root㉿kali-linux-2022-2)-[~]
└─# ping 10.211.55.5
PING 10.211.55.5 (10.211.55.5) 56(84) bytes of data.
64 bytes from 10.211.55.5: icmp_seq=1 ttl=64 time=0.928 ms
64 bytes from 10.211.55.5: icmp_seq=2 ttl=64 time=0.818 ms
64 bytes from 10.211.55.5: icmp_seq=3 ttl=64 time=0.832 ms
^C
--- 10.211.55.5 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2050ms
rtt min/avg/max/mdev = 0.818/0.859/0.928/0.048 ms

创建配置文件

Kali虚拟机虚拟机下创建SSH配置文件~/.ssh/config,先使用mkdir .ssh创建.ssh文件夹,然后进入.ssh文件夹通过touch config命令创建config文件,并在文件中配置以下按照格式配置以下信息:

Host 目标主机的别名
HostName 目标主机的IP或者域名
User 登陆目标主机使用的用户名

Kali上配置如下:

┌──(root㉿kali-linux-2022-2)-[~]
└─# cat ~/.ssh/config
Host ubuntu
HostName 10.211.55.5
User parallels

创建密钥

使用ssh-keygen命令创建密钥,所有的配置默认即可。

┌──(root㉿kali-linux-2022-2)-[~]
└─# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:b/TY2e8TfhNTQu+lx+cnstlRZAeKEICVgKyGc2DeWy8 root@kali-linux-2022-2
The key's randomart image is:
+---[RSA 3072]----+
| . ..+ooo.    .  |
|..o . .  . . ... |
|+o.       . .. .+|
|+o.. .        .o=|
|.o  o . S .    =+|
|   . E . o + o.==|
|      .   + + +o=|
|         .  .o.*+|
|            oo.oB|
+----[SHA256]-----+

创建完成之后,可以在.ssh文件下看到多出了两个文件:id_rsaid_rsa.pubid_rsa是私钥,
id_rsa.pub是公钥。

┌──(root㉿kali-linux-2022-2)-[~]
└─# ls .ssh 
config  id_rsa  id_rsa.pub

发送公钥

现在只要将公钥传给你需要登录的主机即可,在这里就是将公钥传给ubuntu虚拟机,可以直接使用ssh-copy-id ubuntu将密钥传过去,这里的ubuntu就是之前在config文件里设置的别名。这里只需要输入一次parallels用户登陆ubuntu时使用的密码,也就是在config文件里设置的用户名对应的密码。

┌──(root㉿kali-linux-2022-2)-[~/.ssh]
└─# ssh-copy-id ubuntu       
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.211.55.5 (10.211.55.5)' can't be established.
ED25519 key fingerprint is SHA256:lN78YGD118UAp/ZmzrtWnrqicHaFkJbs5pIZfTH06b0.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ubuntu'"
and check to make sure that only the key(s) you wanted were added.

第一次与陌生的主机建立连接之后会自动创建.ssh/know_hosts文件,这个文件中记录的是连接过的主机的信息

登录测试

完成上述步骤之后,通过ssh 主机别名的方式就可以实现免密登陆,退出时直接使用exit就可以退出。

┌──(root㉿kali-linux-2022-2)-[~/.ssh]
└─# ssh ubuntu               
Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-41-generic aarch64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

129 updates can be applied immediately.
32 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Last login: Mon Aug 29 22:20:01 2022 from 10.211.55.4
parallels@ubuntu:~$ 
parallels@ubuntu:~$ exit
logout
Connection to 10.211.55.5 closed.

ssh和sshd

sshOpenSSH的服务端,sshdOpenSSH的客户端。

配置文件

有关SSH的配置文件在/etc/ssh目录下

┌──(root㉿kali-linux-2022-2)-[~/.ssh]
└─# cd /etc/ssh 
                                                                             
┌──(root㉿kali-linux-2022-2)-[/etc/ssh]
└─# ls
moduli        sshd_config.d           ssh_host_ed25519_key.pub
ssh_config    ssh_host_ecdsa_key      ssh_host_rsa_key
ssh_config.d  ssh_host_ecdsa_key.pub  ssh_host_rsa_key.pub
sshd_config   ssh_host_ed25519_key

其中,ssh_config的配置是针对ssh的,sshd_config的配置是针对sshd的,这两个文件根据当前机器是用作客户端还是服务端对应修改的,配置文件中的具体内容在后面用到时再详解解释。

root用户远程登录

root用户默认是不允许远程登录的,如果想要开启root用户远程登录,需要在ubuntu上找到/etc/ssh中的配置文件sshd_config,然后将这个文件的权限改为读写:

parallels@ubuntu:~$ cd /etc/ssh/
parallels@ubuntu:/etc/ssh$ sudo chmod 666 sshd_config

接着在这个文件末尾添加PermitRootLogin yes,最后使用service ssh restart命令重启SSH服务。
这时,在Kali上,将~/.ssh/config中的User改为root

Host ubuntu
HostName 10.211.55.5
User root

通过ssh-copy-id ubuntu将密钥传过去:

┌──(root㉿kali-linux-2022-2)-[~]
└─# ssh-copy-id ubuntu  
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ubuntu'"
and check to make sure that only the key(s) you wanted were added.

这样就可以实现root用户的免密登录:

┌──(root㉿kali-linux-2022-2)-[~]
└─# ssh ubuntu        
Welcome to Ubuntu 22.04 LTS (GNU/Linux 5.15.0-41-generic aarch64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

129 updates can be applied immediately.
32 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

root@ubuntu:~# who am i
root     pts/1        2022-08-29 23:02 (10.211.55.4)
root@ubuntu:~# exit
logout
Connection to 10.211.55.5 closed.

标签:入门,Linux,SSH,key,ubuntu,10.211,root,id,ssh
From: https://www.cnblogs.com/Timesi/p/16637680.html

相关文章

  • Linux操作系统中修改putty工具的ssh端口号(22)
    Linux服务器为了保证安全,需修改putty远程的默认端口22,具体操作步骤:1.在Linux服务器中登录用户名和密码(用root用户登录);2.输入vim /etc/ssh/sshd_config3.上下箭头移动......
  • JAVA入门基础_从零开始的培训_MYSQL基础
    目录1、数据库概述与MYSQL5.7、MYSQL8.0安装篇(基于Windows)MYSQL是什么,为什么要使用MYSQLMYSQL的四个版本MYSQL环境搭建MYSQL的安装与卸载Windows10下安装MYSQL8.26版......
  • JAVA入门基础_从零开始的培训_MYSQL高级
    目录第1章Linux下MySQL的安装与使用Linux下MYSQL的卸载安装MYSQL之前的准备步骤正式安装检查/tmp临时目录权限安装前检查依赖并卸载mariadb按照顺序依次安装MYSQL服务的初......
  • Centos7 离线升级SSH9.0
    前两天也是看到园里大佬的在线升级SSH的脚本,所以利用晚上的时候把离线包下载下来,做成可离线升级的包。百度网盘地址:链接:https://pan.baidu.com/s/15oW9K-hQ8ZITIbYKJ4TVD......
  • Linux的简单使用(2)
    文件目录指令:pwd:显示当前工作目录的绝对路径ls指令:基本语法:ls选项目录或是文件 -a:显示当前目录所有文件和目录,包括隐藏的 -l:以列表的方式显示信息cd指令:基本语法:c......
  • linux-常用的软件安装方式
    yum命令yum命令是在Fedora和RedHat以及SUSE中基于rpm的软件包管理器,它可以使系统管理人员交互和自动化地更细与管理RPM软件包,能够从指定的服务器自动下载RPM包并且安装,可......
  • Linux系统应用实验一:Linux系统安装与桌面环境使用
    说明:本文结尾提供了本文所有资料下载的链接供读者下载!实验指导书:实验报告:简要的说明和概述一下centos7系统根目录下各个文件目录:bin目录:bin是Bin......
  • 手机播放linux PulseAudio 声音 rtp推流
    https://www.freedesktop.org/wiki/Software/PulseAudio/Documentation/User/Network/RTP/#howtolistentothepulseaudiortpstreamhttps://www.freedesktop.org/wiki/Softw......
  • linux-防火墙
    防火墙常用命令安装Firewall命令:yuminstallfirewalldfirewalld-configFirewall开启常见端口命令:firewall-cmd–zone=public–add-port=80/tcp–permanentfire......
  • Linux查看连接数,并发数
    Linux查看连接数,并发数_minigpsnet的博客-CSDN博客 https://blog.csdn.net/echo3/article/details/10312133Linux查看连接数,并发数内容来自于网络,非本人原创。1、查看......