Chinaunix首页 | 论坛 | 博客
  • 博客访问: 185294
  • 博文数量: 80
  • 博客积分: 70
  • 博客等级: 民兵
  • 技术积分: 180
  • 用 户 组: 普通用户
  • 注册时间: 2008-06-25 13:58
文章分类
文章存档

2014年(47)

2011年(33)

分类: SOLARIS

2014-11-24 17:14:36

介绍SSH用户之间建立信任关系,相互登录无需口令方法的文章网上很多,但都是语焉不详,照做不成功,本文比较详细介绍了此方法。
亦可参考我的豆丁文档:

二、 建立信任关系的方法

其实用户使用SSH登录的时候,带有对方SSHD的秘钥,如果该秘钥匹配,则无需口令就可以安全登录,实现其所谓的passwordless登录。而登录时带的秘钥存放在用户home目录的 .ssh目录下的authorized_keys文件里面。

如果有n台主机都需要实现用户相互的passwordless的登录,那么authorized_keys文件里将记录所有主机该用户的登录秘钥,由此可见,该文件内容是至关重要的,实现方法也就比较简单了。只需要将各个主机自己生成的dsa public key集中起来,然后生成一个authorized_keys文件,然后将该文件放置到每台主机该用户的home目录.ssh目录下即可。

以下以两台主机实现test用户的信任关系为例,cluster1cluster2为两台主机的主机名,用户为test,其home目录为/export/home/test,步骤中的(cluster1)表示该操作在cluster1上进行,其他类似:

1.生成cluster1public keycluster1

$ /usr/bin/ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/export/home/test/.ssh/id_dsa):

Created directory '/export/home/test/.ssh'.

Enter passphrase (empty for no passphrase): (此处直接回车即可)

Enter same passphrase again: (此处直接回车即可)

Your identification has been saved in /export/home/test/.ssh/id_dsa.

Your public key has been saved in /export/home/test/.ssh/id_dsa.pub.

The key fingerprint is:

40:3f:17:bd:e6:2c:32:54:0d:04:3b:30:29:b5:db:5e test@cluster1

2.生成cluster2public keycluster2

$/usr/bin/ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/export/home/test/.ssh/id_dsa):

Created directory '/export/home/test/.ssh'.

Enter passphrase (empty for no passphrase): (此处直接回车即可)

Enter same passphrase again: (此处直接回车即可)

Your identification has been saved in /export/home/test/.ssh/id_dsa.

Your public key has been saved in /export/home/test/.ssh/id_dsa.pub.

The key fingerprint is:

83:2f:bb:0e:f8:91:be:6b:15:5c:83:a5:48:6f:ed:cd test@cluster2

3.将生成的public key拷贝到cluster2机(cluster1

$scp id_dsa.pub cluster2:/export/home/test/.ssh/id_dsa1.pub

Password:  此时输入用户的口令

id_dsa.pub   100% |*****************************|   603       00:00

4.将生成的cluster2public key拷贝到cluster1机(cluster2

$scp cluster2:/export/home/test/.ssh/id_dsa.pub id_dsa2.pub

Password: 此时输入用户的口令

id_dsa.pub  100% |*****************************|   603       00:00

 $ls:有以下几个文件

id_dsa       id_dsa.pub   id_dsa2.pub  known_hosts

5.cluster1机上合并public key文件到authorized_keys文件(cluster1

$cat /export/home/test/.ssh/*pub >>/export/home/test/.ssh/authorized_keys

6.cluster2机上合并public key文件到authorized_keys文件(cluster2

ls显示以下几个文件:

id_dsa       id_dsa.pub   id_dsa1.pub

$ cat /export/home/test/.ssh/*pub >>/export/home/test/.ssh/authorized_keys

7.使用ssh登录各个机器,需要回到yes后,即可以无口令方式登录了

阅读(1842) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~