SSH 阿里雲服務器

1.在服務機上操做

建立要遠程登陸的用戶和密碼

sudo adduser username

　　   正在添加用戶「username」...

           正在添加新組「username」(1001)...

           正在添加新用戶「username」(1001)到組「username」...

           建立主目錄「/home/username」...

            正在從「/etc、skel」複製文件...

            輸入新的 UNIX 口令：(此處你們注意，不是輸入你當前用戶的密碼，而是輸入你要建立新用戶的密碼)

            從新輸入新的 UNIX 口令：(再輸一次便可)

            passwd：已成功更新密碼

            Changing the user information for username

            Enter the new value, or press ENTER for the default

            Full Name []: yangyang (輸入新用戶的名稱)

            Room Number []:

            Work Phone []:

            Home Phone []:

            Other []:

　　    這個信息是否正確? [Y/n] y

 

2.在客戶機上操做（其餘機器也行，主要是用來建立密鑰對）

2.1.建立ssh-key

[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:W05lCKLqZ8FWTyAwTsUrBzg7HRzZfZ8ZbacHg/Wnf6c root@node1
The key's randomart image is:
+---[RSA 2048]----+
| o=Bo.o .  +.    |
|oo=.oo.o..o.=..  |
| +.o.......=o=. .|
|o ooo. o  +o. .o |
| ..o+   S o  ..  |
| . . .   =     . |
|  . o   . .     +|
|   o           .o|
|              E  |
+----[SHA256]-----+

 

2.2.把生成的的祕鑰拷貝到服務器，

兩種可選方式

方式一：能夠手動拷貝

手動拷貝剛剛生成的公鑰id_rsa.pub（在當前用戶家目錄的.ssh/id_rsa.pub），將裏面的內容追加到要登陸的服務器的目標用戶家目錄下的.ssh/ authorized_keys中，這裏是/home/jundong.ssh/ authorized_keys

方式二：直接用命令拷貝

ssh-copy-id能夠方便快捷地把公鑰追加到到服務端的authorized_keys文件中,注意用戶名，輸入密碼

ssh-copy-id jundong@120.78.150.47

個人操做

[root@node1 ~]# ssh-copy-id jundong@120.78.150.47
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '120.78.150.47 (120.78.150.47)' can't be established.
ECDSA key fingerprint is SHA256:KwfKwzN4xqw7/VxoVw5IoTi0NhUPZ+h2fSQXi3zgXXY.
ECDSA key fingerprint is MD5:22:b0:8e:c0:21:e6:96:b1:de:bd:bd:c4:08:d9:bf:4d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
jundong@120.78.150.47's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'jundong@120.78.150.47'"
and check to make sure that only the key(s) you wanted were added.

 

方式三：在阿里雲控制檯導入

【在控制檯導入證書，阿里雲作的事是：將公鑰追加到/root/.ssh/authorized_keys中；修改/etc/ssh/sshd_config,把PasswordAuthentication改爲no】

1.這種方式會默認把密碼登陸禁用，只能使用祕鑰登陸，能夠本身手動打開（修改/etc/ssh/sshd_config,把PasswordAuthentication改爲yes）

2.這種方式只能使用root用戶登陸，其餘用戶不能使用這種方式導入，由於控制檯導入只會導入到/root/.ssh/authorized_keys，不會導入到其餘用戶目錄

複製剛剛生成的公鑰id_rsa.pub（在當前用戶家目錄的.ssh/id_rsa.pub），這裏是/home/jundong.ssh/ authorized_keys，粘貼到控制檯的文本框肯定便可，再將密鑰對綁定到指定服務器 

參考連接：https://help.aliyun.com/document_detail/51794.html?spm=5176.doc51793.6.707.1A6GMv

3.測試

3.1在生成祕鑰那臺客戶機上

[root@node1 ~]# ssh jundong@120.78.150.47 Welcome to Alibaba Cloud Elastic Compute Service ! [jundong@izwz97s23bov6qmem6poj8z ~]$