标签:oss etc += res 管理 private ssh2 tin file
ssh2同时支持RSA和DSA密钥,但是ssh1仅支持RSA密钥。
[root@linux-node1 ~]# ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 15:91:d4:10:10:62:a8:1d:66:50:36:21:87:30:62:a2 root@linux-node1.example.com The key‘s randomart image is: +--[ DSA 1024]----+ |=oo+*oo o+** | |=..+=o . ... | |E = . . | | . . . | | S | | | | | | | | | +-----------------+ [root@linux-node1 ~]# ll .ssh/ total 12 -rw------- 1 root root 410 Mar 29 20:04 authorized_keys -rw------- 1 root root 668 Apr 27 20:52 id_dsa 钥匙 (私钥) -rw-r--r-- 1 root root 618 Apr 27 20:52 id_dsa.pub 锁 (公钥)
id_dsa(钥匙)留到管理机,id_dsa.pub(锁)发送到所有的被管理机
ssh-copy-id原理:
将id_dsa.pub(锁)发送到所有的被管理机,改名为~/.ssh/authorized_keys
同时权限是600, ~/.ssh权限为700
[root@m01 ~]# grep authorized /etc/ssh/sshd_config #AuthorizedKeysFile .ssh/authorized_keys
被管理机:
[root@backup tmp]# ll ~/.ssh/authorized_keys -rw------- 1 root root 598 Oct 9 12:31 /root/.ssh/authorized_keys [root@backup tmp]# ll -ld ~/.ssh drwx------ 2 root root 4096 Oct 9 12:31 /root/.ssh
[root@m01 ~]# ssh-copy-id -i .ssh/id_dsa.pub root@172.16.1.41 The authenticity of host ‘172.16.1.41 (172.16.1.41)‘ can‘t be established. RSA key fingerprint is ce:6b:ba:e5:83:74:fe:d4:a1:ef:3a:3e:10:b0:63:14. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘172.16.1.41‘ (RSA) to the list of known hosts. Address 172.16.1.41 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! root@172.16.1.41‘s password: Now try logging into the machine, with "ssh ‘root@172.16.1.41‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting.
标签:oss etc += res 管理 private ssh2 tin file
原文地址:http://www.cnblogs.com/syaving/p/7768724.html