ssh下常用操作汇总（good）-白红宇

ssh下常用操作汇总（good）

阅读量：6976 次

发布时间：2019-06-27

本文共 7885 字，大约阅读时间需要 26 分钟。

1. 安装git，从程序目录打开 "Git Bash"

2. 键入命令：ssh-keygen -t rsa -C "email@email.com"

"email@email.com"是github账号

3. 提醒你输入key的名称，输入如id_rsa //如果只输入文件名，则文件会生成在当前目录下。 2，3两步可以合成一个命令 ssh-keygen -t rsa -C "email@email.com" -f github-rsa 会生成github-rsa和github-rsa.pub两个文件。这种的话，可以用不同的密钥对应不同的ssh服务器

4. 在C:\Documents and Settings\Administrator\下产生两个文件：id_rsa和id_rsa.pub

5. 把4中生成的密钥文件复制到C:\Documents and Settings\Administrator\.ssh\ 目录下。

6. 用记事本打开id_rsa.pub文件，复制内容，在github.com的网站上到ssh密钥管理页面，添加新公钥，随便取个名字，内容粘贴刚才复制的内容。

7. ^_^ OK了

需要注意步骤2中产生的密钥文件在当前用户的根目录，必须把这两个文件放到当前用户目录的“.ssh”目录下才能生效。

在windows中只能在命令行下输入创建"."开头的文件夹。命令为 mkdir .ssh

http://www.cnblogs.com/igrl/archive/2010/09/17/1829358.html

我们在日常工作中会遇到公司有个gitlab，还有些自己的一些项目放在github上。这样就导致我们要配置不同的ssh-key对应不同的环境。下面我们来看看具体的操作：

1，生成一个公司用的SSH-Key

$ ssh-keygen -t rsa -C "youremail@yourcompany.com” -f ~/.ssh/id-rsa

在~/.ssh/目录会生成id-rsa和id-rsa.pub私钥和公钥。我们将id-rsa.pub中的内容粘帖到公司gitlab服务器的SSH-key的配置中。

2，生成一个github用的SSH-Key

$ ssh-keygen -t rsa -C "youremail@your.com” -f ~/.ssh/github-rsa

在~/.ssh/目录会生成github-rsa和github-rsa.pub私钥和公钥。我们将github-rsa.pub中的内容粘帖到github服务器的SSH-key的配置中。

3，添加私钥

$ ssh-add ~/.ssh/id_rsa $ ssh-add ~/.ssh/id_rsa_github

如果执行ssh-add时提示"Could not open a connection to your authentication agent"，可以现执行命令：

$ ssh-agent bash

然后再运行ssh-add命令。

# 可以通过 ssh-add -l 来确私钥列表

$ ssh-add -l

# 可以通过 ssh-add -D 来清空私钥列表

$ ssh-add -D

测试

$ ssh -T git@github.com

输出

Hi stefzhlg! You've successfully authenticated, but GitHub does not provide shell access.

就表示成功的连上github了.也可以试试链接公司的gitlab.

ssh -v user@host //可输出ssh过程的详细信息

ssh -v 10.1.1.158.OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013debug1: Reading configuration data /etc/ssh/ssh_configdebug1: Applying options for *debug1: Connecting to 10.1.1.158 [10.1.1.158] port 22.debug1: Connection established.debug1: permanently_set_uid: 0/0debug1: identity file /root/.ssh/identity type -1debug1: identity file /root/.ssh/identity-cert type -1debug1: identity file /root/.ssh/id_rsa type -1debug1: identity file /root/.ssh/id_rsa-cert type -1debug1: identity file /root/.ssh/id_dsa type -1debug1: identity file /root/.ssh/id_dsa-cert type -1debug1: identity file /root/.ssh/id_ecdsa type -1debug1: identity file /root/.ssh/id_ecdsa-cert type -1debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3debug1: match: OpenSSH_5.3 pat OpenSSH*debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_5.3debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: server->client aes128-ctr hmac-md5 nonedebug1: kex: client->server aes128-ctr hmac-md5 nonedebug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdebug1: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYThe authenticity of host '10.1.1.158 (10.1.1.158)' can't be established.RSA key fingerprint is 3f:6f:11:ff:b7:5e:f7:63:57:ec:22:91:ca:9e:9c:e3.Are you sure you want to continue connecting (yes/no)? yPlease type 'yes' or 'no': yesWarning: Permanently added '10.1.1.158' (RSA) to the list of known hosts.debug1: ssh_rsa_verify: signature correctdebug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug1: SSH2_MSG_NEWKEYS receiveddebug1: SSH2_MSG_SERVICE_REQUEST sentdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,passworddebug1: Next authentication method: gssapi-keyexdebug1: No valid Key exchange contextdebug1: Next authentication method: gssapi-with-micdebug1: Unspecified GSS failure.  Minor code may provide more informationCannot determine realm for numeric host addressdebug1: Unspecified GSS failure.  Minor code may provide more informationCannot determine realm for numeric host addressdebug1: Unspecified GSS failure.  Minor code may provide more informationdebug1: Unspecified GSS failure.  Minor code may provide more informationCannot determine realm for numeric host addressdebug1: Next authentication method: publickeydebug1: Trying private key: /root/.ssh/identitydebug1: Trying private key: /root/.ssh/id_rsadebug1: Trying private key: /root/.ssh/id_dsadebug1: Trying private key: /root/.ssh/id_ecdsadebug1: Next authentication method: passwordroot@10.1.1.158's password:

ssh

/etc/ssh/ssh_known_hosts             Systemwide list of known host keys.  This file should be prepared             by the system administrator to contain the public host keys of             all machines in the organization.  It should be world-readable.             See sshd(8) for further details of the format of this file.

~/.ssh/             This directory is the default location for all user-specific con-             figuration and authentication information.  There is no general             requirement to keep the entire contents of this directory secret,             but the recommended permissions are read/write/execute for the             user, and not accessible by others.     ~/.ssh/authorized_keys             Lists the public keys (RSA/ECDSA/DSA) that can be used for log-             ging in as this user.  The format of this file is described in             the sshd(8) manual page.  This file is not highly sensitive, but             the recommended permissions are read/write for the user, and not             accessible by others.     ~/.ssh/config             This is the per-user configuration file.  The file format and             configuration options are described in ssh_config(5).  Because of             the potential for abuse, this file must have strict permissions:             read/write for the user, and not accessible by others.     ~/.ssh/environment             Contains additional definitions for environment variables; see             ENVIRONMENT, above.     ~/.ssh/identity     ~/.ssh/id_dsa     ~/.ssh/id_ecdsa     ~/.ssh/id_rsa             Contains the private key for authentication.  These files contain             sensitive data and should be readable by the user but not acces-             sible by others (read/write/execute).  ssh will simply ignore a             private key file if it is accessible by others.  It is possible             to specify a passphrase when generating the key which will be             used to encrypt the sensitive part of this file using 3DES.     ~/.ssh/identity.pub     ~/.ssh/id_dsa.pub     ~/.ssh/id_ecdsa.pub     ~/.ssh/id_rsa.pub             Contains the public key for authentication.  These files are not             sensitive and can (but need not) be readable by anyone.     ~/.ssh/known_hosts             Contains a list of host keys for all hosts the user has logged             into that are not already in the systemwide list of known host             keys.  See sshd(8) for further details of the format of this             file.     ~/.ssh/rc             Commands in this file are executed by ssh when the user logs in,             just before the user’s shell (or command) is started.  See the             sshd(8) manual page for more information.

免密码登陆

http://www.cnblogs.com/softidea/p/5447539.html

http://www.cnblogs.com/softidea/p/4303157.html

http://www.cnblogs.com/softidea/p/4523136.html

http://www.cnblogs.com/softidea/p/5308405.html

http://www.cnblogs.com/softidea/p/4710513.html

解决linux中ssh登录Warning:Permanently added (RSA) to the list of known hosts

原因：

在执行scp id_rsa.pub root@hostname:/root/.ssh这一步时，没在本机的/root/.ssh下生成known_hosts文件。

解决方案：

vi /etc/ssh/ssh_config

最后有两行是