1. 程式人生 > >Linux下密鑰認證

Linux下密鑰認證

log air sts for dsa permanent ner bsp cati

1.1 生成密鑰

ssh2同時支持RSA和DSA密鑰,但是ssh1僅支持RSA密鑰。

[root@linux-node1 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh
/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 15:91:d4:10:10:62:a8:1d:66:50:36:21:87:30:62:a2 root@linux-node1.example.com The keys randomart image is: +--[ DSA 1024]----+ |=oo+*oo o+** | |=..+=o . ... | |E = . . | | . . . | | S | | | | | | | | | +-----------------+ [root@linux
-node1 ~]# ll .ssh/ total 12 -rw------- 1 root root 410 Mar 29 20:04 authorized_keys -rw------- 1 root root 668 Apr 27 20:52 id_dsa 鑰匙 (私鑰) -rw-r--r-- 1 root root 618 Apr 27 20:52 id_dsa.pub 鎖 (公鑰)

1.2 分發密鑰把公鑰傳到客戶端

id_dsa(鑰匙)留到管理機,id_dsa.pub(鎖)發送到所有的被管理機

ssh-copy-id原理:

將id_dsa.pub(鎖)發送到所有的被管理機,改名為~/.ssh/authorized_keys

同時權限是600, ~/.ssh權限為700

[root@m01 ~]# grep authorized /etc/ssh/sshd_config
#AuthorizedKeysFile .ssh/authorized_keys

被管理機:

[root@backup tmp]# ll ~/.ssh/authorized_keys
-rw------- 1 root root 598 Oct  9 12:31 /root/.ssh/authorized_keys
[root@backup tmp]# ll -ld ~/.ssh
drwx------ 2 root root 4096 Oct  9 12:31 /root/.ssh

1.3 單個密鑰分發

[root@m01 ~]# ssh-copy-id -i .ssh/id_dsa.pub root@172.16.1.41
The authenticity of host 172.16.1.41 (172.16.1.41) cant be established.
RSA key fingerprint is ce:6b:ba:e5:83:74:fe:d4:a1:ef:3a:3e:10:b0:63:14.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 172.16.1.41 (RSA) to the list of known hosts.
Address 172.16.1.41 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@172.16.1.41s password:
Now try logging into the machine, with "ssh ‘[email protected]", and check in: 
  .ssh/authorized_keys
 to make sure we havent added extra keys that you werent expecting.

Linux下密鑰認證