因为SSH受版权和加密算法的限制,现在很多人都转而使用OpenSSH。OpenSSH(Open Secure Shell,开放安全Shell)是SSH的替代软件,而且是免费的。OpenSSH默认使用RSA密钥,它采用安全、加密的网络连接工具代替telnet、ftp、rlogin、rsh和rcp工具。
1、安装
1.1 服务器端安装
需要安装的软件:
openssh-server:服务器端
openssh:服务器端与客户端核心文件
1.2 客户端安装
需要安装的软件:
openssh:服务器端与客户端核心文件
openssh-clients : 客户端
可通过如下命令找到上述软件:
[root@localhost ~]# yum search openssh
openssh.x86_64 : An open source implementation of SSH protocol versions 1 and 2
openssh-clients.x86_64 : An open source SSH client applications
openssh-server.x86_64 : An open source SSH server daemon然后采用如下命令安装相关软件:
[root@localhost ~]# yum install openssh.x86_64注意:如果一台机器既要做客户端又要做服务器端,就需要在该系统中安装上述三个软件包;CentOS 7中默认已安装好上述三个软件包。
2、使用
2.1 远程登陆主机
1、远程主机登陆(首次登陆)
[hadoop@localhost ~]$ ssh 192.168.112.130
The authenticity of host '192.168.112.130 (192.168.112.130)' can't be established.
ECDSA key fingerprint is ff:7b:94:49:f5:2d:d3:59:23:c7:a8:cf:b0:d6:e4:b9.
Are you sure you want to continue connecting (yes/no)? yes # 再次登陆不会有这个提示
Warning: Permanently added '192.168.112.130' (ECDSA) to the list of known hosts.
hadoop@192.168.112.130's password: 2、指定用户名登陆
[hadoop@localhost home]$ ssh -l root 192.168.112.130
root@192.168.112.130's password:
Last login: Sat Jun 9 15:18:44 2018 from 192.168.112.1312.2 远程拷贝
1、本地文件拷贝到远程主机
[root@localhost ~]# scp anaconda-ks.cfg [email protected]:/tmp
root@192.168.112.131's password:
anaconda-ks.cfg 100% 1704 1.7KB/s 00:002、远程主机文件拷贝到本地
[root@localhost ~]# scp [email protected]:/tmp/anaconda-ks.cfg /root
root@192.168.112.130's password:
anaconda-ks.cfg 100% 1704 1.7KB/s 00:00 3、免密远程登陆及免密远程拷贝设置
为什么设置免密登录及远程拷贝?
- 方便操作,处理快速;
- 计算机集群中机器之间有频繁的数据交换需求。
设置方法:(假设A、B计算机要进行加密通信)
- A计算机root用户的命令行输入ssh-keygen –t rsa,生成密钥对;
- 若B计算机授权给A免密钥登录B,则将A计算机的公钥放入B计算机的authorized_keys文件中。
通俗理解设置:将计算机的信任关系与人之间的信任关系作类比。张三若信任李四,则表示李四在张三的受信任名单的列表中(类比A计算机的公钥放到B计算机的authorized_keys文件中)。
具体操作如下:
A计算机中运行:
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): [回车]
Enter passphrase (empty for no passphrase):
Enter same passphrase again: 【回车】
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:【回车】
SHA256:ZZX5VDHOPcyyXq74ogpPKDea2FThfQxqWaSL0g0QUZc [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| ++. ... .o +o|
…
| . o . . . o |
| o = . . . |
| + = = .. . |
| . + o....oo |
+----[SHA256]-----+
[root@localhost ~]# cd ~/.ssh/
[root@localhost .ssh]# cat id_rsa.pub >>authorized_keys
[root@localhost .ssh]# chmod 600 authorized_keys
[root@localhost .ssh]# scp authorized_keys [email protected]:/root/.ssh
root@192.168.112.131's password:
authorized_keys 100% 408 23.2KB/s 00:00
[root@localhost .ssh]# ssh 192.168.112.131
Last login: Fri Jun 8 21:56:46 2018