首先用apt-get命令安装SSH
jerry@ubuntu:~$ sudo apt-get install ssh [sudo] password for jerry: Reading package lists... Done Building dependency tree Reading state information... Done The following extra packages will be installed: libck-connector0 ncurses-term openssh-server openssh-sftp-server ssh-import-id Suggested packages: rssh molly-guard monkeysphere The following NEW packages will be installed: libck-connector0 ncurses-term openssh-server openssh-sftp-server ssh ssh-import-id 0 upgraded, 6 newly installed, 0 to remove and 6 not upgraded. Need to get 617 kB of archives. After this operation, 3,450 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/main libck-connector0 amd64 0.4.5-3.1ubuntu2 [10.5 kB] Get:2 http://us.archive.ubuntu.com/ubuntu/ trusty/main ncurses-term all 5.9+20140118-1ubuntu1 [243 kB] Get:3 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main openssh-sftp-server amd64 1:6.6p1-2ubuntu2.3 [34.1 kB]
查找下用户目录下有没有.ssh文件夹。这个文件夹本身是个隐藏文件夹。安装SSH的时候应该默认会在安装用户的个人目录下创建改文件,如果没有就自己手动创建一个。至于它是用来干嘛的?SSH使用的是公钥加密。这个文件夹就是用来存放公钥和私钥两个文件的文件夹。
jerry@ubuntu:~$ ls -a -d .ssh ~ ls: cannot access .ssh: No such file or directory /home/jerry jerry@ubuntu:~$ mkdir ~/.ssh jerry@ubuntu:~$ ls -a -d .ssh ~ /home/jerry .ssh jerry@ubuntu:~$
接下来就是生成密钥了。这里用ssh_keygen命令生成密钥。-t表示加密类型,ssh支持rsa(目前流行的公钥加密算法)/dsa(digital signature algorithm数字签名算法)。-f表示公钥和私钥文件保存的路径。可以看到.ssh文件夹下生成了id_dsa(私钥)和id_dsa.pub(公钥)两个文件。
jerry@ubuntu:~$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa Generating public/private dsa key pair. Your identification has been saved in /home/jerry/.ssh/id_dsa. Your public key has been saved in /home/jerry/.ssh/id_dsa.pub. The key fingerprint is: e8:57:37:7d:ae:85:55:33:90:2f:86:80:5d:b0:b3:31 jerry@ubuntu The key's randomart image is: +--[ DSA 1024]----+ | o.o. .. | | . o. .. | | E. . .o.| | . =. + .+| | . S.. + o o| | . . . . = | | . . . o| | . o | | . | +-----------------+
jerry@ubuntu:~$ ls -a ~/.ssh/
. .. id_dsa id_dsa.pub
jerry@ubuntu:~$
添加公钥到认证的公钥证书列表中
jerry@ubuntu:~$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys jerry@ubuntu:~$
尝试用SSH连接本地服务器
jerry@ubuntu:~$ ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is da:b7:c3:2a:ea:a2:76:4c:c3:c1:68:ca:0e:c2:ea:92. Are you sure you want to continue connecting (yes/no)? y Please type 'yes' or 'no': yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-39-generic x86_64) * Documentation: https://help.ubuntu.com/ The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. jerry@ubuntu:~$
有用的链接:
ssh: connect to host h2 port 22: No route to host
ssh登录 The authenticity of host 192.168.0.xxx can't be established. 的问题