热卖商品
新闻详情
SSH服务器配置RSA问题-chenwenming-ChinaUnix博客
来自 : blog.chinaunix.net/uid-7530389
发布时间:2021-03-25
SSH服务器配置问题
我希望配置RSA密钥对,可以让client不需要输入密码就可以连到服务端。
系统环境 RH9
SSH版本为redhat9自带
openssh-3.5p1-6
openssh-server-3.5p1-6
openssh-clients-3.5p1-6
ssh-config和sshd-config使用系统默认配置。
我希望配置RSA密钥对,可以让client不需要输入密码就可以连到服务端。
client端,我这样做的
ssh-keygen -t rsa
需要口令时,按回车不输入。
最后生成id_rsa 和 id_rsa.pub
在服务器端,我把id_rsa.pub的内容copy到想连接的机器上的 ~/.ssh/authorized_keys 文件中
.ssh 文件夹和authorxxx的相关权限如下:
服务器端
[backup@root .ssh]$ ls -la
total 16
drwx------ 2rootroot 4096 Jun 11 17:13 .
drwx------ 3rootroot 4096 Jun 11 14:10 ..
-rw-r--r-- 1 rootroot232 Jun 11 17:13 authorized_keys
-rw-r--r-- 1 rootroot225 Jun 11 11:47 known_hosts
客户端
[backup@root .ssh]$ ls -la
total 20
drwx------ 2 rootroot 4096 Jun 11 15:26 .
drwx------ 3 rootroot 4096 Jun 11 14:47 ..
-rwx------ 1 rootroot887 Jun 11 13:55 id_rsa
-rwx------ 1 rootroot232 Jun 11 13:55 id_rsa.pub
-rwx------ 1 rootroot455 Jun 11 14:49 known_hosts
而且不需要修改sshd_config和ssh_config里的配置
---------------------------------------------
[root@mod .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7a:59:b7:b9:fc:a5:7c:dd:3c:5f:f8:8d:17:e7:4f:c4 root@mod
[root@mod .ssh]#cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@mod .ssh]#scp ~/.ssh/authorized_keys 192.168.0.22:~/.ssh/authorized_keys
The authenticity of host \'192.168.0.22 (192.168.0.22)\' can\'t be established.
RSA key fingerprint is ce:ff:6e:a8:e1:ff:32:71:02:3c:c4:ad:8e:77:ff:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added \'192.168.0.22\' (RSA) to the list of known hosts.
\'s password:
authorized_keys 100%218 0.2KB/s 00:00
[root@mod .ssh]# ssh 192.168.0.22
Last login: Fri Sep 25 23:58:16 2009 from 192.168.0.120
[root@CRBTDB ~]# exit
==============================================
以下是互相信用
我希望配置RSA密钥对,可以让client不需要输入密码就可以连到服务端。
系统环境 RH9
SSH版本为redhat9自带
openssh-3.5p1-6
openssh-server-3.5p1-6
openssh-clients-3.5p1-6
ssh-config和sshd-config使用系统默认配置。
我希望配置RSA密钥对,可以让client不需要输入密码就可以连到服务端。
client端,我这样做的
ssh-keygen -t rsa
需要口令时,按回车不输入。
最后生成id_rsa 和 id_rsa.pub
在服务器端,我把id_rsa.pub的内容copy到想连接的机器上的 ~/.ssh/authorized_keys 文件中
.ssh 文件夹和authorxxx的相关权限如下:
服务器端
[backup@root .ssh]$ ls -la
total 16
drwx------ 2rootroot 4096 Jun 11 17:13 .
drwx------ 3rootroot 4096 Jun 11 14:10 ..
-rw-r--r-- 1 rootroot232 Jun 11 17:13 authorized_keys
-rw-r--r-- 1 rootroot225 Jun 11 11:47 known_hosts
客户端
[backup@root .ssh]$ ls -la
total 20
drwx------ 2 rootroot 4096 Jun 11 15:26 .
drwx------ 3 rootroot 4096 Jun 11 14:47 ..
-rwx------ 1 rootroot887 Jun 11 13:55 id_rsa
-rwx------ 1 rootroot232 Jun 11 13:55 id_rsa.pub
-rwx------ 1 rootroot455 Jun 11 14:49 known_hosts
而且不需要修改sshd_config和ssh_config里的配置
---------------------------------------------
[root@mod .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7a:59:b7:b9:fc:a5:7c:dd:3c:5f:f8:8d:17:e7:4f:c4 root@mod
[root@mod .ssh]#cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@mod .ssh]#scp ~/.ssh/authorized_keys 192.168.0.22:~/.ssh/authorized_keys
The authenticity of host \'192.168.0.22 (192.168.0.22)\' can\'t be established.
RSA key fingerprint is ce:ff:6e:a8:e1:ff:32:71:02:3c:c4:ad:8e:77:ff:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added \'192.168.0.22\' (RSA) to the list of known hosts.
\'s password:
authorized_keys 100%218 0.2KB/s 00:00
[root@mod .ssh]# ssh 192.168.0.22
Last login: Fri Sep 25 23:58:16 2009 from 192.168.0.120
[root@CRBTDB ~]# exit
==============================================
以下是互相信用
要建立用户等效性,请在两个节点上以 oracle 用户身份生成用户的公钥和私钥。打开 rac1 的电源,在这两个节点上执行以下任务。
在 rac1 上执行
rac1-> mkdir ~/.ssh
rac1-> chmod 700 ~/.ssh
rac1-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_rsa.
Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
87:54:4f:92:ba:ed:7b:51:5d:1d:59:5b:f9:44:da:b6 oracle@rac1.mycorpdomain.com
rac1-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_dsa.
Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
31:76:96:e6:fc:b7:25:04:fd:70:42:04:1f:fc:9a:26 oracle@rac1.mycorpdomain.com
在 rac2 上执行
rac2-> mkdir ~/.ssh在 rac1 上执行
rac2-> chmod 700 ~/.ssh
rac2-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_rsa.
Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
29:5a:35:ac:0a:03:2c:38:22:3c:95:5d:68:aa:56:66 oracle@rac2.mycorpdomain.com
rac2-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_dsa.
Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
4c:b2:5a:8d:56:0f:dc:7b:bc:e0:cd:3b:8e:b9:5c:7c oracle@rac2.mycorpdomain.com
rac1-> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys在每个节点上测试连接。验证当您再次运行以下命令时,系统是否不提示您输入口令。
rac1-> cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
rac1-> ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host \'rac2 (192.168.2.132)\' can\'t be established.
RSA key fingerprint is 63:d3:52:d4:4d:e2:cb:ac:8d:4a:66:9f:f1:ab:28:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added \'rac2,192.168.2.132\' (RSA) to the list of known hosts.
oracle@rac2\'s password:
rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
oracle@rac2\'s password:
rac1-> scp ~/.ssh/authorized_keys rac2:~/.ssh/authorized_keys
oracle@rac2\'s password:
authorized_keys 100% 1716 1.7KB/s 00:00
ssh rac1 date
ssh rac2 date
ssh rac1-priv date
ssh rac2-priv date
ssh rac1.mycorpdomain.com date
ssh rac2.mycorpdomain.com date
ssh rac1-priv.mycorpdomain.com date
ssh rac2-priv.mycorpdomain.com date
======================================================================
配置密钥快速方法:
ssh-keygen -t dsa
ssh-copy-id root@远程ip地址 #这个过程会提示输入密码
ssh root@远程ip地址
三步就行了
本文链接: http://rsacorp.immuno-online.com/view-754809.html
发布于 : 2021-03-25
阅读(0)
最新动态
2021-03-25
2021-03-25
2021-03-25
2021-03-25
2021-03-25
2021-03-25
2021-03-25
2021-03-25
联络我们