ssh远程连接分为五个阶段
- 版本号协商阶段
- 密钥和算法协商阶段
- 认证阶段
- 会话请求阶段
- 交互会话阶段
而上图的SessionKey即是在阶段2:密钥和算法协商阶段,服务器端和客户端利用DH交换(Diffie-Hellman Exchange)算法、主机密钥对等参数,生成的会话密钥
远程免密登录需要在客户端生成一对密钥,将公钥上传至服务器,即可完成免密登录
准备
客户端:192.168.220.220
服务器:192.168.220.131
方法一
#客户端
[root@localhost ~]# ssh-keygen -t rsa -b 2048 -f /root/.ssh/id_rsa -P ""
#-t 生成密钥算法 -b 密钥大小 -f 生成文件路径 -P 密码
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:ZMk7stzSEooEsLPQj1HDwludO02dccu0gHQ5liCIo4g root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|.. ooo.oo++=o |
|.o=.+.ooooB= o |
|B.o= +=. .+ |
|E+.+ oo.. |
|. o . o.S |
| . . o * . |
| . . = o |
| o |
| |
+----[SHA256]-----+
[root@localhost ~]# ll /root/.ssh/
total 16
-rw------- 1 root root 1831 May 6 17:07 id_rsa
-rw-r--r-- 1 root root 408 May 6 17:07 id_rsa.pub
-rw-------. 1 root root 1686 Apr 18 11:48 known_hosts
-rw-------. 1 root root 940 Apr 18 11:48 known_hosts.old
[root@localhost ~]# scp /root/.ssh/id_rsa.pub 192.168.220.131:/root/.ssh/
root@192.168.220.131's password:
id_rsa.pub 100% 408 854.8KB/s 00:00
[root@localhost ~]# ssh 192.168.220.131
#服务端
[root@rhce ~]# cd /root/.ssh/
[root@rhce .ssh]# cat id_rsa.pub >> authorized_keys
#验证
[root@localhost ~]# ssh 192.168.220.131
Activate the web console with: systemctl enable --now cockpit.socketRegister this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon May 6 16:31:16 2024 from 192.168.220.131
方法二
#方法二全在客户端上操作
[root@localhost .ssh]# ssh-keygen -t rsa -b 2048 -f /root/.ssh/id_rsa -P "" -q
#-t 生成密钥算法 -b 密钥大小 -f 生成文件路径 -P 密码 -q 没有反馈
[root@localhost .ssh]# ll
total 16
-rw------- 1 root root 1831 May 6 17:28 id_rsa
-rw-r--r-- 1 root root 408 May 6 17:28 id_rsa.pub
-rw-------. 1 root root 1686 Apr 18 11:48 known_hosts
-rw-------. 1 root root 940 Apr 18 11:48 known_hosts.old
[root@localhost .ssh]# ssh-copy-id root@192.168.220.131
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.220.131's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.220.131'"
and check to make sure that only the key(s) you wanted were added.[root@localhost .ssh]# ssh 192.168.220.131
Activate the web console with: systemctl enable --now cockpit.socketRegister this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon May 6 17:09:54 2024 from 192.168.220.220