SSH 阿里云服务器

时间 2019-11-19

原文原文链接

1.在服务机上操做

建立要远程登陆的用户和密码html

sudo adduser username

　　正在添加用户“username”...node

正在添加新组“username”(1001)...bash

正在添加新用户“username”(1001)到组“username”...服务器

建立主目录“/home/username”...dom

正在从“/etc、skel”复制文件...ssh

输入新的 UNIX 口令：(此处你们注意，不是输入你当前用户的密码，而是输入你要建立新用户的密码)ide

从新输入新的 UNIX 口令：(再输一次便可)测试

passwd：已成功更新密码阿里云

Changing the user information for usernamespa

Enter the new value, or press ENTER for the default

Full Name []: yangyang (输入新用户的名称)

Room Number []:

Work Phone []:

Home Phone []:

Other []:

　　这个信息是否正确? [Y/n] y

2.在客户机上操做（其余机器也行，主要是用来建立密钥对）

2.1.建立ssh-key

[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:W05lCKLqZ8FWTyAwTsUrBzg7HRzZfZ8ZbacHg/Wnf6c root@node1
The key's randomart image is:
+---[RSA 2048]----+
| o=Bo.o .  +.    |
|oo=.oo.o..o.=..  |
| +.o.......=o=. .|
|o ooo. o  +o. .o |
| ..o+   S o  ..  |
| . . .   =     . |
|  . o   . .     +|
|   o           .o|
|              E  |
+----[SHA256]-----+

2.2.把生成的的秘钥拷贝到服务器，

两种可选方式

方式一：能够手动拷贝

手动拷贝刚刚生成的公钥id_rsa.pub（在当前用户家目录的.ssh/id_rsa.pub），将里面的内容追加到要登陆的服务器的目标用户家目录下的.ssh/ authorized_keys中，这里是/home/jundong.ssh/ authorized_keys

方式二：直接用命令拷贝

ssh-copy-id能够方便快捷地把公钥追加到到服务端的authorized_keys文件中,注意用户名，输入密码

ssh-copy-id jundong@120.78.150.47

个人操做

[root@node1 ~]# ssh-copy-id jundong@120.78.150.47
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '120.78.150.47 (120.78.150.47)' can't be established.
ECDSA key fingerprint is SHA256:KwfKwzN4xqw7/VxoVw5IoTi0NhUPZ+h2fSQXi3zgXXY.
ECDSA key fingerprint is MD5:22:b0:8e:c0:21:e6:96:b1:de:bd:bd:c4:08:d9:bf:4d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
jundong@120.78.150.47's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'jundong@120.78.150.47'"
and check to make sure that only the key(s) you wanted were added.

方式三：在阿里云控制台导入

【在控制台导入证书，阿里云作的事是：将公钥追加到/root/.ssh/authorized_keys中；修改/etc/ssh/sshd_config,把PasswordAuthentication改为no】

1.这种方式会默认把密码登陆禁用，只能使用秘钥登陆，能够本身手动打开（修改/etc/ssh/sshd_config,把PasswordAuthentication改为yes）

2.这种方式只能使用root用户登陆，其余用户不能使用这种方式导入，由于控制台导入只会导入到/root/.ssh/authorized_keys，不会导入到其余用户目录

复制刚刚生成的公钥id_rsa.pub（在当前用户家目录的.ssh/id_rsa.pub），这里是/home/jundong.ssh/ authorized_keys，粘贴到控制台的文本框肯定便可，再将密钥对绑定到指定服务器

参考连接：https://help.aliyun.com/document_detail/51794.html?spm=5176.doc51793.6.707.1A6GMv

3.测试

3.1在生成秘钥那台客户机上

[root@node1 ~]# ssh jundong@120.78.150.47 Welcome to Alibaba Cloud Elastic Compute Service ! [jundong@izwz97s23bov6qmem6poj8z ~]$