ssh免密登陆
参考文章:http://blog.itpub.net/70017844/viewspace-2909916/
linux系统CentOS Linux release 7.9.2009 (Core)
zabbix-server 192.168.220.128
zabbix-proxy 192.168.220.108
利用root账号密码登录ssh服务端
1.zabbix-server开启ssh服务
[root@zabbix-server ~]# rpm -qf `which ssh`
openssh-clients-7.4p1-21.el7.x86_64
[root@zabbix-server ~]# rpm -qf `which sshd`
openssh-server-7.4p1-21.el7.x86_64
[root@zabbix-server ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-04-20 22:35:42 EDT; 4h 27min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 2563 (sshd)
CGroup: /system.slice/sshd.service
└─2563 /usr/sbin/sshd -D
........
2.zabbix-proxy账号密码登录zabbix-server
[root@zabbix-proxy ~]# ssh [email protected]
The authenticity of host '192.168.220.128 (192.168.220.128)' can't be established.
ECDSA key fingerprint is SHA256:WWjD+PCmlUmq2jJJF32DbaHWE32uVKO/h66k32jf9Ns.
ECDSA key fingerprint is MD5:92:ea:a5:d4:a6:ad:10:de:97:a5:bd:4f:67:ce:87:d6.
Are you sure you want to continue connecting (yes/no)? yes ####输入yes后会添加一条192.168.220.128的信息到客户端~/.ssh下的known_hosts文件
Warning: Permanently added '192.168.220.128' (ECDSA) to the list of known hosts.
[email protected]'s password:
Last login: Thu Apr 20 23:34:23 2023 from 192.168.220.1
[root@zabbix-server ~]#
客户端
[root@zabbix-proxy ~]# cat known_hosts
192.168.220.125 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7++JhhOslmX5T1/B2knqMR84TycWTSLUyQ2HYpoKMnKtVm2oqDhQuGksf19KjFHYxB7jFT4wpkAHGBwst8RtY=
192.168.220.128 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7++JhhOslmX5T1/B2knqMR84TycWTSLUyQ2HYpoKMnKtVm2oqDhQuGksf19KjFHYxB7jFT4wpkAHGBwst8RtY=
利用root账号免密登录ssh服务端
###手动复制客户端公钥到服务端authorized_keys文件内实现免密登录的方式有时候不好用,强烈建议使用ssh-copy-id命令
[root@zabbix-proxy ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Hb3aqAwQvPhc4nL1Tf8beXzvL4coAMrtMn7Q4dgVPbc root@zabbix-proxy
The key's randomart image is:
+---[RSA 2048]----+
| . |
| . . o.. |
| o ..o.. |
| . oo .. .E. |
| ..+Bo+S o . |
| +===..o = o |
| . =o. ..+ o.o.+|
| oo oo .. ..oo+|
| ..+ o . o==|
+----[SHA256]-----+
将/root/.ssh/id_rsa.pub的内容复制到服务端zabbix-server下的/root/.ssh/authorized_keys文件内 ###将ssh客户端公钥复制到服务端
[root@zabbix-proxy .ssh]# ssh [email protected] ###客户端实现免密登录
Last login: Fri Apr 21 03:05:43 2023 from 192.168.220.108
[root@zabbix-server ~]#
或者通过公钥拷贝指令# ssh-copy-id username@ip
###ssh-copy-id命令会在username用户家目录下创建.ssh/authorized_keys文件,文件内容为免密登录客户机的公钥信息
[root@zabbix-proxy ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Hb3aqAwQvPhc4nL1Tf8beXzvL4coAMrtMn7Q4dgVPbc root@zabbix-proxy
The key's randomart image is:
+---[RSA 2048]----+
| . |
| . . o.. |
| o ..o.. |
| . oo .. .E. |
| ..+Bo+S o . |
| +===..o = o |
| . =o. ..+ o.o.+|
| oo oo .. ..oo+|
| ..+ o . o==|
+----[SHA256]-----+
[root@zabbix-proxy .ssh]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: #此处输入密码登录服务端
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@zabbix-proxy .ssh]# ssh '[email protected]'
Last login: Fri Apr 21 03:20:32 2023 from 192.168.220.108
[root@zabbix-server ~]#
[root@zabbix-server ~]#
利用非root账号免密登录ssh服务端
ssh服务端
[root@zabbix-server .ssh]# useradd -m git
[root@zabbix-server .ssh]# passwd git
Changing password for user git.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@zabbix-server .ssh]# mkdir -p /home/git/.ssh/
[root@zabbix-server .ssh]# vi /home/git/.ssh/authorized_keys ###将ssh客户端公钥添加到服务端/home/git/.ssh/authorized_keys文件内
[root@zabbix-server .ssh]# chown -R git. /home/git/.ssh/ #重点在修改文件的属性和权限,否则ssh [email protected],任然会提示输入git用户密码
[root@zabbix-server .ssh]# chmod -R 700 /home/git/.ssh/
ssh客户端通过非root用户连接服务端
[root@zabbix-proxy .ssh]# ssh [email protected]
[email protected]'s password:
[git@zabbix-server ~]$
[git@zabbix-server ~]$
或者通过公钥拷贝指令ssh-copy-id
ssh服务端
[root@zabbix-server .ssh]# useradd -m git
[root@zabbix-server .ssh]# passwd git
Changing password for user git.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@zabbix-server git]# ls -l /home/git/.ssh/authorized_keys #git用户目录下没有此文件下面用ssh-copy-id命令生成
ls: cannot access /home/git/.ssh/authorized_keys: No such file or directory
ssh客户端通过非root用户连接服务端
[root@zabbix-proxy ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Hb3aqAwQvPhc4nL1Tf8beXzvL4coAMrtMn7Q4dgVPbc root@zabbix-proxy
The key's randomart image is:
+---[RSA 2048]----+
| . |
| . . o.. |
| o ..o.. |
| . oo .. .E. |
| ..+Bo+S o . |
| +===..o = o |
| . =o. ..+ o.o.+|
| oo oo .. ..oo+|
| ..+ o . o==|
+----[SHA256]-----+
[root@zabbix-proxy ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: #输入git密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@zabbix-proxy ~]# ssh [email protected]
Last login: Fri Apr 21 04:20:12 2023 from 192.168.220.108
[git@zabbix-server ~]$
ssh服务端
[root@zabbix-server ~]# ls -l /home/git/.ssh/authorized_keys ##可以看到公钥被拷贝到authorized_keys文件内
-rw------- 1 git git 399 Apr 21 04:19 /home/git/.ssh/authorized_keys
处理git用户的shell为git-shell
在Git用作仓库的时候我们可以将默认ssh登录shell改为git-shell,这个git提供的shell程序,一旦登录会自动秒退 #为了安全考虑我们需要禁用ssh登录到我们的shell,防止别人登录到shell之后对我们的电脑做增删改
ssh服务器
[root@zabbix-server git]# chsh -s `which git-shell` git
Changing shell for git.
chsh: Warning: "/usr/bin/git-shell" is not listed in /etc/shells.
Shell changed.
ssh客户端
[root@zabbix-proxy ~]# ssh [email protected]
[email protected]'s password:
Last login: Fri Apr 21 04:23:57 2023 from 192.168.220.108
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
Connection to 192.168.220.128 closed.
[root@zabbix-proxy ~]#
出现的问题
问题1:由于用户git在服务器端的 shell 为 git-shell,在使用 ssh-copy-id 的时候报错:
[root@zabbix-proxy test]# ssh-copy-id git@192.168.220.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
git@192.168.220.128's password:
fatal: unrecognized command 'exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi''
解决办法
[root@zabbix-proxy .ssh]# scp /root/.ssh/id_rsa.pub root@192.168.220.128:/home/git/.ssh/authorized_keys #确保ssh服务器/home/git/.ssh/目录存在,scp是ssh的文件复制命令
id_rsa.pub 100% 399 373.5KB/s 00:00
[root@zabbix-proxy .ssh]# ssh root@192.168.220.128
Last login: Fri Apr 21 04:12:25 2023 from 192.168.220.108
[root@zabbix-server ~]# cd /home/git/
[root@zabbix-server git]# chown -R git. .ssh
[root@zabbix-server git]# chmod -R 700 .ssh/
[root@zabbix-server git]# ll /home/git/.ssh/
total 4
-rwx------ 1 git git 399 Apr 21 05:35 authorized_keys
git详细教程
Git 分支管理 | 菜鸟教程
关于Git这一篇就够了_17岁boy想当攻城狮的博客-CSDN博客
Git简明指南:git 简明指南
搭建git本地服务器
环境
[root@zabbix-server ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
zabbix-server 192.168.220.128
zabbix-proxy 192.168.220.108
分别已安装软件 yum install git ssh -y;service ssh start
配置ssh远程访问
zabbix-server服务端
[root@zabbix-server ~]# useradd -m git
[root@zabbix-server ~]# passwd git #给git用户设置密码
Changing password for user git.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
zabbix-proxy客户端
[root@zabbix-proxy ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fmDBtjmOjnHxy/HOhtT4+PcvyZ91533TbelGyo8n5Sw root@zabbix-proxy
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| + |
| . + |
| . So |
| Boo. o |
| . o.=+. ..*.B|
| = .o*o .E=O@|
| . . o+=. oOOB|
+----[SHA256]-----+
[root@zabbix-proxy ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[root@zabbix-proxy ~]# ssh '[email protected]' #免密访问
Last failed login: Fri Apr 21 05:05:04 EDT 2023 from 192.168.220.108 on ssh:notty
There was 1 failed login attempt since the last successful login.
[git@zabbix-server ~]$
zabbix-server服务端
[root@zabbix-server .ssh]# chown -R git. /home/git/.ssh/
[root@zabbix-server .ssh]# chmod -R 700 /home/git/.ssh/
[root@zabbix-server .ssh]# chsh -s `which git-shell` git #修改git用户的shell,防止客户机ssh通过git用户登录服务器修改文件
Changing shell for git.
chsh: Warning: "/usr/bin/git-shell" is not listed in /etc/shells.
Shell changed.
创建git本地仓库
zabbix-server服务端
创建仓库存放路径并设置所属用户为git,路径可任意起名,这里叫gitrepo。
[root@zabbix-server .ssh]# mkdir -p /home/git/gitrepo
初始化仓库并设置所属用户为git,这里建了一个叫test的仓库。
root@zabbix-server .ssh]# cd /home/git/gitrepo/
[root@zabbix-server gitrepo]# git init --bare test.git
Initialized empty Git repository in /home/git/gitrepo/test.git/
[root@zabbix-server gitrepo]# chown -R git. /home/git/gitrepo/ ##因为这里的gitrepo路径下有多个文件,所以加-R参数递归
到此,git服务器就算搭建完成,URL地址如下:
[email protected]:/home/git/gitrepo/test.git
测试1 --git clone
以下简单测试Clone和Push,如果你之前用过git,那么得到上边的仓库地址后应该就非常熟悉了。
clone--zabbix-proxy客户端
[root@zabbix-proxy ~]# mkdir -p $HOME/A
[root@zabbix-proxy ~]# cd A/
[root@zabbix-proxy A]# git clone [email protected]:/home/git/gitrepo/test.git #这里并不需要输入上边创建git用户的密码,如果需要输入密码,说明公钥添加有误,请重新检查。
Cloning into 'test'...
warning: You appear to have cloned an empty repository.
[root@zabbix-proxy A]# ls
test
[root@zabbix-proxy A]# cd test
[root@zabbix-proxy test]# ls
[root@zabbix-proxy test]# touch 1
[root@zabbix-proxy test]# git add .
[root@zabbix-proxy test]# git commit -m "ceshi"
[master (root-commit) e3b8d5b] ceshi
1 file changed, 0 insertions(+), 0 deletions(-)
create mode 100644 1
[root@zabbix-proxy test]# git push origin master #通过克隆来的远程仓库,默认有个别名叫origin,所以推送可以直接这样:
Counting objects: 3, done.
Writing objects: 100% (3/3), 193 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To [email protected]:/home/git/gitrepo/test.git
* [new branch] master -> master
[root@zabbix-proxy test]# mkdir -p $HOME/B #再次克隆
[root@zabbix-proxy test]# cd $HOME/B
[root@zabbix-proxy B]# git clone [email protected]:/home/git/gitrepo/test.git
Cloning into 'test'...
remote: Counting objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
[root@zabbix-proxy B]# ls
test
[root@zabbix-proxy B]# cd test
[root@zabbix-proxy test]# ls #可以看到这个就是刚才提交文件
1
测试2 --git remote #需要有本地仓库
[root@zabbix-proxy ~]# mkdir -p $HOME/C
[root@zabbix-proxy ~]# cd $HOME/C
[root@zabbix-proxy C]# git init #初始化创建本地仓库
Initialized empty Git repository in /root/C/.git/
[root@zabbix-proxy C]# git remote add origin [email protected]:/home/git/gitrepo/test.git #git远程添加源
[root@zabbix-proxy C]# git push -u origin master #将本地的master分支推送到origin主机,同时指定origin为默认主机
error: src refspec master does not match any.
error: failed to push some refs to '[email protected]:/home/git/gitrepo/test.git'
[root@zabbix-proxy C]# git pull [email protected]:/home/git/gitrepo/test.git ##在上传你的代码之前因为产生冲突会报错,提交不上,通常要进行拉取代码。
remote: Counting objects: 26, done.
remote: Compressing objects: 100% (18/18), done.
remote: Total 26 (delta 4), reused 0 (delta 0)
Unpacking objects: 100% (26/26), done.
From 192.168.220.128:/home/git/gitrepo/test
* branch HEAD -> FETCH_HEAD
[root@zabbix-proxy C]# ls
1 README runoob.php test.txt
[root@zabbix-proxy C]# git branch
* master
[root@zabbix-proxy C]# echo 1111111 >ceshi
[root@zabbix-proxy C]# git add .
[root@zabbix-proxy C]# git commit -m "add ceshi"
[master 6e0e239] add ceshi
1 file changed, 1 insertion(+)
create mode 100644 ceshi
[root@zabbix-proxy C]# git push -u origin master ##将本地的master分支推送到origin主机,同时指定origin为默认主机
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 257 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To [email protected]:/home/git/gitrepo/test.git
0e88423..6e0e239 master -> master
Branch master set up to track remote branch master from origin.
[root@zabbix-proxy C]#
git clone与git pull的区别
git clone与git pull区别_git pull能用什么代替_zhou_xiaomiao的博客-CSDN博客
git上传_提交代码前先git pull吗_年少不知富婆好的博客-CSDN博客
git如何拉取指定分支的代码
问题背景:
新项目还在开发阶段,没有正式对外发布,所以开发同事合并代码到develop上(或者其他名称分支上),而不是到master分支上
通过git拉取代码的时候,默认拉取的是master分支,如下图:
拉取指定分支代码解决方案:
以拉取develop分支的代码为例, 要拉取其余分支代码类似操作
1.使用git命令拉取
命令:git clone -b develop XXX** **其中develop就是分支的名称
2.使用TortoiseGit工具拉取
git fetch与git merge
参考内容:Git 远程仓库(Github) | 菜鸟教程
- 执行
git fetch origin master
时,它的意思是从名为 origin 的远程上拉取名为 master 的分支到本地分支 origin/master 中。既然是拉取代码,当然需要同时指定远程名与分支名,所以分开写。 - 执行
git merge origin/master
时,它的意思是合并名为 origin/master 的分支到当前所在分支。既然是分支的合并,当然就与远程名没有直接的关系,所以没有出现远程名。需要指定的是被合并的分支。 - 执行
git push origin master
时,它的意思是推送本地的 master 分支到远程 origin,涉及到远程以及分支,当然也得分开写了。 - 还可以一次性拉取多个分支的代码:
git fetch origin master stable oldstable
; - 也还可以一次性合并多个分支的代码:
git merge origin/master hotfix-2275 hotfix-2276 hotfix-2290
;
服务器A
[root@dongm xuexi]# ls
11111 1.txt ceshi.c ceshi.ccccccc ceshi.sh test.c test.txt xinjian.txt
[root@dongm xuexi]# echo 555555 >11111111111.txt
[root@dongm xuexi]# git add .
[root@dongm xuexi]# git commit -m "add 1111111111.txt"
[master c3d767b] add 1111111111.txt
1 file changed, 1 insertion(+)
create mode 100644 11111111111.txt
[root@dongm xuexi]# git push origin master
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 260 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
remote: Resolving deltas: 100% (1/1), completed with 1 local object.
To [email protected]:dongmin6/test.git
3f7513d..c3d767b master -> master ##增加文件11111111111.txt
[root@dongm xuexi]# ls
11111 11111111111.txt 1.txt ceshi.c ceshi.ccccccc ceshi.sh test.c test.txt xinjian.txt
服务器B
[root@dongm test]# git fetch origin
From github.com:dongmin6/test
3f7513d..c3d767b master -> origin/master ##与仓库新增文件11111111111.txt对应
[root@dongm test]# ls
11111 1.txt ceshi.c ceshi.ccccccc ceshi.sh README.md test.c test.txt xinjian.txt
[root@dongm test]# git merge origin/master
Merge made by the 'recursive' strategy.
11111111111.txt | 1 +
1 file changed, 1 insertion(+)
create mode 100644 11111111111.txt
[root@dongm test]# ls
11111 11111111111.txt 1.txt ceshi.c ceshi.ccccccc ceshi.sh README.md test.c test.txt xinjian.txt
版权归原作者 weixin_47680367 所有, 如有侵权,请联系我们删除。