- client ---> server
客户端发起对服务器的连接,登录服务器。
- 须在客户端生成密钥对
注意:
公钥加密私钥解;私钥加密公钥解。
可以发布公钥,但私钥是不能出本机的。
把公钥给谁就授信谁,信任谁的身份。
$ ssh-keygen -t rsa
不需要给passphrase,同时初次会在用户家目录下生成.ssh/,且生成id_rsa和id_rsa.pub两个文件。
也可以使用如下命令
$ ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
- 将客户端的公钥复制到服务器端
$ scp .ssh/id_rsa.pub [email protected]:~/.ssh/
这里192.168.0.11是服务器,user是服务器上的用户。
- 服务器上的操作
$ cat id_rsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
.ssh/需要700权限
上述3和4步可以合成如下一步完成:
$ ssh-copy-id 192.168.0.11
或者
$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
最后服务器上配置 /etc/ssh/sshd_config 并重启服务:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
关于兼容性:
- 对于错误
Unable to negotiate with legacyhost: no matching key exchange method found.
Their offer: diffie-hellman-group1-sha1
使用如下命令设置
ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
或者修改配置文件 ~/.ssh/config
Host somehost.example.org (域名或IP)
KexAlgorithms +diffie-hellman-group1-sha1
- 对于错误
Unable to negotiate with legacyhost: no matching host key type found. Their offer: ssh-dss
使用如下命令设置
ssh -oHostKeyAlgorithms=+ssh-dss [email protected]
或者修改配置文件 ~/.ssh/config
Host somehost.example.org (域名或IP)
HostKeyAlgorithms +ssh-dss
- 查询ssh支持的算法
ssh -Q cipher # List supported ciphers
ssh -Q mac # List supported MACs
ssh -Q key # List supported public key types
ssh -Q kex # List supported key exchange algorithms
- 查询连接特定主机时所使用的配置
ssh -G [email protected]
- ssh登陆兼容性问题处理实例
$ ssh [email protected]
Unable to negotiate with 192.168.1.10 port 22: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 [email protected]
Unable to negotiate with 192.168.1.10 port 22: no matching cipher found. Their offer: aes256-cbc,aes128-cbc,3des-cbc,des-cbc
$ ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
[email protected]
aes128-ctr
aes192-ctr
aes256-ctr
[email protected]
[email protected]om
[email protected]
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes128-cbc [email protected]
debug:
$ ssh -vvvv -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc [email protected]
配置文件 ~/.ssh/config
Host 192.168.1.10 example.org
user someone
KexAlgorithms diffie-hellman-group1-sha1
Cipher 3des-cbc
原文地址:https://www.cnblogs.com/cerana/p/11179649.html
时间: 2024-08-29 22:44:13