Erster Verbindungsaufbau
- alice@u3:~$ ssh bob@u2
The authenticity of host 'u2 (172.16.10.2)' can't be established.
ECDSA key fingerprint is SHA256:Dp+DL5apc0A3rsUKCPcvbLSBmb4BSQXDsJGLJR0r0GA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
- bob@u2's password:
- bob@u2:~$
Exit
- bob@u2:~$ exit
- alice@u3:~$ cat .ssh/known_hosts
|1|5BdpwWv6AjvkrERbWPK0NCdeWiY=|XEQyvQ0nw5bIIM7UHd6rbJwIA1A= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNmNwRv2mqfgV3SwvASy48CIjb4oSmxqcQf7e28dCYQxGRfIXiQK5HYKagkqsfBgai+iIiLKDrkav7tvqX0XsAQ=
|1|m9IwDx96MLYRVu8WE49HjWRcdyk=|CVTp1yv65aqMW6Y1zWngj0j1oW8= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNmNwRv2mqfgV3SwvASy48CIjb4oSmxqcQf7e28dCYQxGRfIXiQK5HYKagkqsfBgai+iIiLKDrkav7tvqX0XsAQ=
- Der Publikkey des Server u3 wurde hinzugefügt
Befehl ausführen
- alice@u3:~$ ssh bob@u2 hostname
- bob@u2's password:
u2
alternativer Aufruf
- alice@u3:~$ ssh -l bob u2
- bob@u2's password:
- bob@u2:~$
Angabe eines speziellen Ports
- alice@u3:~$ ssh -p 8822 -l bob u2
- bob@u2's password:
- bob@u2:~$
Schlüsselpaar erzeugen
- alice@u3:~$ ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/alice/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/alice/.ssh/id_rsa
Your public key has been saved in /home/alice/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3
The key's randomart image is:
+---[RSA 4096]----+
| . |
| o . |
|o + o |
| X o = . |
|+ * o + S |
|=* o o o . |
|E+*.ooo.+ |
|.==o+o++ . |
| +B*+==. |
+----[SHA256]-----+
Schlüsselpaar
- Wir haben nun ein Schlüsselpaar erzeugt.
- Der geheime Schlüssel ist passwort-geschützt.
- Dieses Passwort wird beim erstmaligen Nutzen nach dem Einloggen abgefragt.
- Danach befindet sich der geheime Schlüssel im Arbeitsspeicher.
- Er wird von dem SSH-Agent verwaltet.
Das Schlüsselpaar
- alice@u3:~$ ls .ssh/id_rsa*
.ssh/id_rsa .ssh/id_rsa.pub
Übetragen des Publik Keys zu bob@u2
- alice@u3:~$ ssh-copy-id bob@u2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/alice/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
bob@u2's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'bob@u2'"
and check to make sure that only the key(s) you wanted were added.
Der Private Key ist noch nicht im Arbeitsspeicher
- alice@u3:~$ ssh-add -l
The agent has no identities.
Wir fügen den Private Key zum Agent hinzu
- alice@u3:~$ ssh-add
Enter passphrase for /home/alice/.ssh/id_rsa:
Identity added: /home/alice/.ssh/id_rsa (alice@u3)
Der Private Key ist nun im Arbeitsspeicher und wird vom Agent verwaltet
- alice@u3:~$ ssh-add -l
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
Einlogen ohne Passwort
- alice@u3:~$ ssh bob@u2
bob@u2:~$
Einloggen ohne Passwort
- alice@u3:~$ ssh bob@u2
Enter passphrase for key '/home/alice/.ssh/id_rsa':
bob@u2:~$
Wir bringen nun den Public-Key von alice auf den Account bob@u1
- alice@u3:~$ ssh-copy-id bob@u1
The authenticity of host 'u1 (172.16.10.1)' can't be established.
ECDSA key fingerprint is SHA256:Dp+DL5apc0A3rsUKCPcvbLSBmb4BSQXDsJGLJR0r0GA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
- bob@u1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'bob@u1'"
and check to make sure that only the key(s) you wanted were added.
- alice@u3:~$
Einloggen
- alice@u3:~$ ssh bob@u2
- bob@u2:~$
- Wir haben den Schlüssel mit genommen.
- bob@u2:~$ ssh-add -l
4096 SHA256:PrjyG7hdgYyB8o3G6AylcbWvmPjjJr29l4yGS7uAR44 alice@u3 (RSA)
Cipher mit angeben
- alice@u3:~$ ssh -o kexalgorithms=diffie-hellman-group14-sha256 -o macs=hmac-sha1 -o ciphers=aes256-ctr xinux@brian.tuxmen.de
SSH Optionen