- 1服务器模拟互联网服务_使用ispsrv.chinaskills.global站点模拟互联网检测服务器。
- 2Ubuntu环境配置命令备查(Ubuntu 20.04LTS、CUDA12.2、cudnn)_ubuntu 安装 cuda 12.2
- 3图像截切显示python实现_python全屏截图并用cv2显示出来
- 4要开家花店,该如何选择花艺培训机构?
- 5vscode搭建Django环境五:vscode配置react开发环境_react开发工具vscode
- 6UE5【UMG】 - Simple Menu UI v3 学习笔记_ue5 umg
- 7基于X86的运算板卡加速边缘智能应用_x86 som
- 8Chromedriver最新驱动下载,解决selenium版本不匹配问题_谷歌selenium驱动
- 9深度学习基础之《TensorFlow框架(2)—图》
- 10Unity Shader - Creating and Using Materials - 创建与使用材质_unity 从 shader创建material
配置ssh密钥对认证及scp、ftp等文件传输_密钥ftp
赞
踩
目录
linux主机之间
telnet 192.168.1.120 ssh #测试对方的ssh 服务是否开启
#按Ctrl + ] 会呼出telnet的命令行
ssh密钥配对认证
- openssh 连接
- [root@localhost ~]# ping ton.tom -c2 //没ping通主机名在/etc/hosts下添加 或者直接ping对方ip
- PING ton.tom (192.168.1.111) 56(84) bytes of data.
- 64 bytes from ton.tom (192.168.1.111): icmp_seq=1 ttl=64 time=1.03 ms
- 64 bytes from ton.tom (192.168.1.111): icmp_seq=2 ttl=64 time=0.883 ms
-
- --- ton.tom ping statistics ---
- 2 packets transmitted, 2 received, 0% packet loss, time 3ms
- rtt min/avg/max/mdev = 0.883/0.954/1.025/0.071 ms
- [root@localhost ~]#
- [root@localhost .ssh]# ssh ton.tom
- The authenticity of host 'ton.tom (192.168.1.111)' can't be established.
- RSA key fingerprint is SHA256:7oVlQO5rj8RWD0uXREAYX1Z/YSgSpKg0YMUywjTnHrA.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added 'ton.tom' (RSA) to the list of known hosts.
- root@ton.tom's password:
- Last login: Sun Jul 26 04:23:39 2020 from 192.168.1.120
- [root@ton ~]#
- [root@ton ~]# ls
- anaconda-ks.cfg file_creat.c linux-2.6.28.10.tar.gz
- [root@ton ~]# exit
- logout
- Connection to ton.tom closed.
- [root@localhost ~]#
- 添加key认证,免密码登陆
- [server@localhost ~]$ ssh-keygen #生成密钥对
-
- Generating public/private rsa key pair.
- Enter file in which to save the key (/home/server/.ssh/id_rsa):
- Created directory '/home/server/.ssh'.
- Enter passphrase (empty for no passphrase): #直接回车不添加
- Enter same passphrase again:
- Your identification has been saved in /home/server/.ssh/id_rsa.
- Your public key has been saved in /home/server/.ssh/id_rsa.pub.
- The key fingerprint is:
- SHA256:CwLPbgDUDAliuAiFe69bEWJN2raeyw5Qc1GaUr+Ocj0 server@localhost
- The key's randomart image is:
- +---[RSA 2048]----+
- |=** +.. |
- |B. O = |
- |+oO O . |
- |++.X o . |
- |....* o S |
- | . +.B . . |
- | o.O E . |
- | .B . . |
- | .o+ |
- +----[SHA256]-----+
- [server@localhost ~]$ ssh-copy-id yonghu@192.168.1.111 #把公钥文件上传到对应用户
- /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/server/.ssh/id_rsa.pub"
- The authenticity of host '192.168.1.111 (192.168.1.111)' can't be established.
- RSA key fingerprint is SHA256:7oVlQO5rj8RWD0uXREAYX1Z/YSgSpKg0YMUywjTnHrA.
- Are you sure you want to continue connecting (yes/no)? yes
- /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
- /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
- yonghu@192.168.1.111's password:
- Number of key(s) added: 1
- Now try logging into the machine, with: "ssh 'yonghu@192.168.1.111'"
- and check to make sure that only the key(s) you wanted were added.
- [server@localhost ~]$ ssh yonghu@192.168.1.111 #这时就可以不用输入密码直接登入了
- [yonghu@ton ~]$ ls
- 涉及到的命令
- ssh-keygen -t rsa #生成密钥对
- ssh-keygen -t dsa # -t type #密钥类型
-
- ssh-copy-id -i ~/.ssh/id_rsa.pub root@ton.tom #-i identity_file 将本机的公钥复制到远程用户地址上
/etc/ssh/sshd_config需对应配置文件
- Port 22
- Protocol 2
-
- PermitRootLogin yes #允许root可以ssh登陆
- PubkeyAuthentication yes #设置密钥对的访问方式
- PasswordAuthentication yes
- AuthorizedKeysFile .ssh/authorized_keys
tips:
使用 ssh 加命令 的方式比较安全
同时为了连接方便可以使用alias
alias ton="ssh root@ton.tom " (hostname后面加多一个空格以免后面命令连接上来,同时可将alias写入~/.bashrc中)
执行时直接
ton "mkdir /tmp/test"
- [root@localhost ~]# ssh root@192.168.1.111 "ls /home"
- root@192.168.1.111's password:
- bincopy.sh
- initrd.img
- iso
- pub
- tom
- vmlinuz
- yonghu
- [root@localhost ~]#
- SecureCRT公钥连接主机(即crt与主机间的免密认证登陆)
tools -> create public key -> 选择加密算法
rsa 并且加密长度设置最长
保存成id_rsa
生成全局id_rsa.pub选择生成OpenSSH 密钥格式
拷贝其中公钥id_rsa.pub的内容到服务器上的.ssh文件夹下的authorized_keys文件中
authorized_keys 可直接手动创建
- #手动创建需如下
- -rw------- 1 tom tom 381 Jul 26 07:28 authorized_keys ----注意属组与权限600
- drwx------ 2 tom tom 4096 Jul 26 07:28 .ssh ----目录属组与权限700
文件传输
- 使用scp命令直接上传文件到ssh用户端
[server@localhost ~]$ scp tom.txt yonghu@192.168.1.111:/home/yonghu #上传
[server@localhost ~]$ scp yonghu@192.168.1.111:/tmp/3.txt ./ #下载到本地当前目录下
-p 保留文件的时间和权限 preserve
-r 递归 recursive
-C 压缩传输时的数据流
- 同步rsync
rsync -av root@192.168.1.111:/var/log /server/ 将服务器上的整个目录同步到当前 ./server目录下
scp拷贝比较生硬,没有分析文件不同,rsync则不同
rsync会比scp更好传输文件他会发送文件的时间,大小,和md5来判断文件是否需要重传
- sftp
- [server@localhost ~]$ sftp yonghu@192.168.1.111
- Connected to yonghu@192.168.1.111.
- sftp> put tom.txt #上传
- Uploading tom.txt to /home/yonghu/tom.txt
- tom.txt 100% 0 0.0KB/s 00:00
- sftp> get /tmp/3.txt #从服务器端下载
- Fetching /tmp/3.txt to 3.txt
- sftp> exit
如果遇到ftp connection refused,可以 service vsftpd restart
ftp遇到的错误
- ftp: root@192.168.3.139: Temporary failure in name resolution
-
- #网关配置问题
-
- ftp: root@192.168.3.139: Name or service not known
-
- sudo iptables -F #可关闭iptables
- lftp - Sophisticated file transfer program
mget *.iso 下载多个文件
lcd 切换本地下载目录
get [OPTS] <rfile> [-o <lfile>][root@localhost ~]# lftp -u root,123456 192.168.1.11 / user:passwd
lftp root@192.168.1.111:~> pwd 打印出一个ftp链接
ftp://root:123456@192.168.1.111/%2Froot可使用root去ftp
vsftpd/ user_list
vsftpd/ ftpusers
- nfs
NFS /etc/export配置
/var/ftp/pub 192.168.1.0/255.255.255.0(ro,async)
Centos8 重启网络service 命令
restart NetworkManager.serviceUbuntu16.04 重启网络service 命令
service networking restart
