码迷,mamicode.com
首页 > 系统相关 > 详细

Linux下密钥认证

时间:2017-11-01 22:13:54      阅读:286      评论:0      收藏:0      [点我收藏+]

标签:oss   etc   +=   res   管理   private   ssh2   tin   file   

1.1 生成密钥

ssh2同时支持RSA和DSA密钥,但是ssh1仅支持RSA密钥。

[root@linux-node1 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
15:91:d4:10:10:62:a8:1d:66:50:36:21:87:30:62:a2 root@linux-node1.example.com
The keys randomart image is:
+--[ DSA 1024]----+
|=oo+*oo o+**     |
|=..+=o .  ...    |
|E  = .    .      |
|  . .    .       |
|        S        |
|                 |
|                 |
|                 |
|                 |
+-----------------+
[root@linux-node1 ~]# ll .ssh/
total 12
-rw------- 1 root root 410 Mar 29 20:04 authorized_keys
-rw------- 1 root root 668 Apr 27 20:52 id_dsa          钥匙    (私钥)
-rw-r--r-- 1 root root 618 Apr 27 20:52 id_dsa.pub      锁      (公钥)

1.2 分发密钥把公钥传到客户端

id_dsa(钥匙)留到管理机,id_dsa.pub(锁)发送到所有的被管理机

ssh-copy-id原理:

将id_dsa.pub(锁)发送到所有的被管理机,改名为~/.ssh/authorized_keys

同时权限是600, ~/.ssh权限为700

[root@m01 ~]# grep authorized /etc/ssh/sshd_config
#AuthorizedKeysFile .ssh/authorized_keys

被管理机:

[root@backup tmp]# ll ~/.ssh/authorized_keys
-rw------- 1 root root 598 Oct  9 12:31 /root/.ssh/authorized_keys
[root@backup tmp]# ll -ld ~/.ssh
drwx------ 2 root root 4096 Oct  9 12:31 /root/.ssh

1.3 单个密钥分发

[root@m01 ~]# ssh-copy-id -i .ssh/id_dsa.pub root@172.16.1.41
The authenticity of host 172.16.1.41 (172.16.1.41) cant be established.
RSA key fingerprint is ce:6b:ba:e5:83:74:fe:d4:a1:ef:3a:3e:10:b0:63:14.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 172.16.1.41 (RSA) to the list of known hosts.
Address 172.16.1.41 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@172.16.1.41s password:
Now try logging into the machine, with "ssh ‘root@172.16.1.41‘", and check in: 
  .ssh/authorized_keys
 to make sure we havent added extra keys that you werent expecting.

 

Linux下密钥认证

标签:oss   etc   +=   res   管理   private   ssh2   tin   file   

原文地址:http://www.cnblogs.com/syaving/p/7768724.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!