Ssh Clientseite: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (27 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 28: | Zeile 28: | ||
:bob@u2:~$ | :bob@u2:~$ | ||
=Schlüsselpaar erzeugen= | =Schlüsselpaar erzeugen= | ||
| − | + | :alice@u3:~$ ssh-keygen -b 4096 | |
| + | ;Alternativ | ||
| + | :ssh-keygen -t ed25519 | ||
<pre> | <pre> | ||
Generating public/private rsa key pair. | Generating public/private rsa key pair. | ||
| Zeile 51: | Zeile 53: | ||
+----[SHA256]-----+ | +----[SHA256]-----+ | ||
</pre> | </pre> | ||
| + | |||
=Schlüsselpaar= | =Schlüsselpaar= | ||
*Wir haben nun ein Schlüsselpaar erzeugt. | *Wir haben nun ein Schlüsselpaar erzeugt. | ||
| Zeile 58: | Zeile 61: | ||
*Er wird von dem SSH-Agent verwaltet. | *Er wird von dem SSH-Agent verwaltet. | ||
=Das Schlüsselpaar= | =Das Schlüsselpaar= | ||
| − | + | :alice@u3:~$ ls .ssh/id_rsa* | |
| − | .ssh/id_rsa .ssh/id_rsa.pub | + | .ssh/id_rsa .ssh/id_rsa.pub |
| + | =Übertragen des Publik Keys zu bob@u2= | ||
| + | :alice@u3:~$ ssh-copy-id bob@u2 | ||
| + | <pre> | ||
| + | /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/alice/.ssh/id_rsa.pub" | ||
| + | /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed | ||
| + | /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys | ||
| + | bob@u2's password: | ||
| + | |||
| + | Number of key(s) added: 1 | ||
| + | |||
| + | Now try logging into the machine, with: "ssh 'bob@u2'" | ||
| + | and check to make sure that only the key(s) you wanted were added. | ||
| + | </pre> | ||
| + | =Alternatives Übertragen des Publik Keys zu bob@u2= | ||
| + | :alice@u3:~$ scp ~/.ssh/id_*.pub bob@u2:~ | ||
| + | :alice@u3:~$ ssh bob@u2 | ||
| + | :bob@u2:~$ cat id_*.pub >> .ssh/authorized_keys | ||
| + | |||
| + | =Der Private Key ist noch nicht im Arbeitsspeicher= | ||
| + | :alice@u3:~$ ssh-add -l | ||
| + | The agent has no identities. | ||
| + | =Wir fügen den Private Key zum Agent hinzu= | ||
| + | :alice@u3:~$ ssh-add | ||
| + | Enter passphrase for /home/alice/.ssh/id_rsa: | ||
| + | Identity added: /home/alice/.ssh/id_rsa (alice@u3) | ||
| + | |||
| + | =Der Private Key ist nun im Arbeitsspeicher und wird vom Agent verwaltet= | ||
| + | :alice@u3:~$ ssh-add -l | ||
| + | 4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA) | ||
| + | =Einlogen ohne Passwort= | ||
| + | :alice@u3:~$ ssh bob@u2 | ||
| + | bob@u2:~$ | ||
| + | |||
| + | =Einloggen ohne Passwort= | ||
| + | :alice@u3:~$ ssh bob@u2 | ||
| + | <pre> | ||
| + | Enter passphrase for key '/home/alice/.ssh/id_rsa': | ||
| + | bob@u2:~$ | ||
| + | </pre> | ||
| + | =Wir bringen nun den Public-Key von alice auf den Account bob@u1= | ||
| + | :alice@u3:~$ ssh-copy-id bob@u1 | ||
| + | <pre> | ||
| + | The authenticity of host 'u1 (172.16.10.1)' can't be established. | ||
| + | ECDSA key fingerprint is SHA256:Dp+DL5apc0A3rsUKCPcvbLSBmb4BSQXDsJGLJR0r0GA. | ||
| + | Are you sure you want to continue connecting (yes/no/[fingerprint])? yes | ||
| + | /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed | ||
| + | /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys | ||
| + | </pre> | ||
| + | :bob@u1's password: | ||
| + | <pre> | ||
| + | Number of key(s) added: 1 | ||
| + | |||
| + | Now try logging into the machine, with: "ssh 'bob@u1'" | ||
| + | and check to make sure that only the key(s) you wanted were added. | ||
| + | </pre> | ||
| + | :alice@u3:~$ | ||
| + | =Einloggen= | ||
| + | :alice@u3:~$ ssh bob@u2 | ||
| + | :bob@u2:~$ | ||
| + | ;Wir haben den Schlüssel mit genommen. | ||
| + | :bob@u2:~$ ssh-add -l | ||
| + | 4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA) | ||
| + | :bob@u2:~$ ssh -A u1 | ||
| + | :bob@u1:~$ | ||
| + | ;Wir haben den Schlüssel weiter mit genommen. | ||
| + | :bob@u1:~$ ssh-add -l | ||
| + | 4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA) | ||
| + | |||
| + | =Cipher mit angeben= | ||
| + | :alice@u3:~$ ssh -o kexalgorithms=diffie-hellman-group-exchange-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+3des-cbc 10.10.4.108 -l xinux -p 22 | ||
| + | |||
| + | =Beispiel der User Konfigurationsdatei= | ||
| + | ~/.ssh/config | ||
| + | <pre> | ||
| + | host github.com | ||
| + | Port 22 | ||
| + | |||
| + | host 10.81.0.12 | ||
| + | user admin | ||
| + | ciphers aes128-cbc | ||
| + | KexAlgorithms +diffie-hellman-group1-sha1 | ||
| + | HostKeyAlgorithms=+ssh-rsa | ||
| + | port 22 | ||
| + | </pre> | ||
=SSH Optionen= | =SSH Optionen= | ||
*[[Ausgewählte SSH Optionen]] | *[[Ausgewählte SSH Optionen]] | ||
Aktuelle Version vom 30. Juli 2024, 09:26 Uhr
Erster Verbindungsaufbau
- alice@u3:~$ ssh bob@u2
The authenticity of host 'u2 (172.16.10.2)' can't be established. ECDSA key fingerprint is SHA256:Dp+DL5apc0A3rsUKCPcvbLSBmb4BSQXDsJGLJR0r0GA. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
- bob@u2's password:
- bob@u2:~$
Exit
- bob@u2:~$ exit
- alice@u3:~$ cat .ssh/known_hosts
|1|5BdpwWv6AjvkrERbWPK0NCdeWiY=|XEQyvQ0nw5bIIM7UHd6rbJwIA1A= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNmNwRv2mqfgV3SwvASy48CIjb4oSmxqcQf7e28dCYQxGRfIXiQK5HYKagkqsfBgai+iIiLKDrkav7tvqX0XsAQ= |1|m9IwDx96MLYRVu8WE49HjWRcdyk=|CVTp1yv65aqMW6Y1zWngj0j1oW8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNmNwRv2mqfgV3SwvASy48CIjb4oSmxqcQf7e28dCYQxGRfIXiQK5HYKagkqsfBgai+iIiLKDrkav7tvqX0XsAQ=
- Der Publikkey des Server u3 wurde hinzugefügt
Befehl ausführen
- alice@u3:~$ ssh bob@u2 hostname
- bob@u2's password:
u2
alternativer Aufruf
- alice@u3:~$ ssh -l bob u2
- bob@u2's password:
- bob@u2:~$
Angabe eines speziellen Ports
- alice@u3:~$ ssh -p 8822 -l bob u2
- bob@u2's password:
- bob@u2:~$
Schlüsselpaar erzeugen
- alice@u3:~$ ssh-keygen -b 4096
- Alternativ
- ssh-keygen -t ed25519
Generating public/private rsa key pair. Enter file in which to save the key (/home/alice/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/alice/.ssh/id_rsa Your public key has been saved in /home/alice/.ssh/id_rsa.pub The key fingerprint is: SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 The key's randomart image is: +---[RSA 4096]----+ | . | | o . | |o + o | | X o = . | |+ * o + S | |=* o o o . | |E+*.ooo.+ | |.==o+o++ . | | +B*+==. | +----[SHA256]-----+
Schlüsselpaar
- Wir haben nun ein Schlüsselpaar erzeugt.
- Der geheime Schlüssel ist passwort-geschützt.
- Dieses Passwort wird beim erstmaligen Nutzen nach dem Einloggen abgefragt.
- Danach befindet sich der geheime Schlüssel im Arbeitsspeicher.
- Er wird von dem SSH-Agent verwaltet.
Das Schlüsselpaar
- alice@u3:~$ ls .ssh/id_rsa*
.ssh/id_rsa .ssh/id_rsa.pub
Übertragen des Publik Keys zu bob@u2
- alice@u3:~$ ssh-copy-id bob@u2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/alice/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys bob@u2's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'bob@u2'" and check to make sure that only the key(s) you wanted were added.
Alternatives Übertragen des Publik Keys zu bob@u2
- alice@u3:~$ scp ~/.ssh/id_*.pub bob@u2:~
- alice@u3:~$ ssh bob@u2
- bob@u2:~$ cat id_*.pub >> .ssh/authorized_keys
Der Private Key ist noch nicht im Arbeitsspeicher
- alice@u3:~$ ssh-add -l
The agent has no identities.
Wir fügen den Private Key zum Agent hinzu
- alice@u3:~$ ssh-add
Enter passphrase for /home/alice/.ssh/id_rsa: Identity added: /home/alice/.ssh/id_rsa (alice@u3)
Der Private Key ist nun im Arbeitsspeicher und wird vom Agent verwaltet
- alice@u3:~$ ssh-add -l
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
Einlogen ohne Passwort
- alice@u3:~$ ssh bob@u2
bob@u2:~$
Einloggen ohne Passwort
- alice@u3:~$ ssh bob@u2
Enter passphrase for key '/home/alice/.ssh/id_rsa': bob@u2:~$
Wir bringen nun den Public-Key von alice auf den Account bob@u1
- alice@u3:~$ ssh-copy-id bob@u1
The authenticity of host 'u1 (172.16.10.1)' can't be established. ECDSA key fingerprint is SHA256:Dp+DL5apc0A3rsUKCPcvbLSBmb4BSQXDsJGLJR0r0GA. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
- bob@u1's password:
Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'bob@u1'" and check to make sure that only the key(s) you wanted were added.
- alice@u3:~$
Einloggen
- alice@u3:~$ ssh bob@u2
- bob@u2:~$
- Wir haben den Schlüssel mit genommen.
- bob@u2:~$ ssh-add -l
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
- bob@u2:~$ ssh -A u1
- bob@u1:~$
- Wir haben den Schlüssel weiter mit genommen.
- bob@u1:~$ ssh-add -l
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
Cipher mit angeben
- alice@u3:~$ ssh -o kexalgorithms=diffie-hellman-group-exchange-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+3des-cbc 10.10.4.108 -l xinux -p 22
Beispiel der User Konfigurationsdatei
~/.ssh/config
host github.com Port 22 host 10.81.0.12 user admin ciphers aes128-cbc KexAlgorithms +diffie-hellman-group1-sha1 HostKeyAlgorithms=+ssh-rsa port 22