搭建无密码的ssh认证
环境介绍:我机器是*.*.*.28 和*.*.*.125 上分别有xliu账户, 而且他们位于同一个局域网中!并且能ping通。
一:目的:为xliu(28)和xliu(125)上大家无密码的ssh认证, 使得在以xliu 用户登录28后, 执行ssh *.*.*.125 此时不需要密码就可以直接登录*.*.*125
1:在28上以root用户创建xliu用户,
useradd xliu
root@* ~$ cat /etc/passwd | grep xliu
xliu:x:551:500::/home/xliu:/bin/bash
有类似输出就表示xliu已经搭建成功!
同样在125上以root用户创建xliu用户, 命令同上。
2:创建private key和public key。
在28上的/home/xliu/目录下,执行如下:
[xliu@localhost ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/xliu/.ssh/id_dsa):
Created directory '/home/xliu/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xliu/.ssh/id_dsa.
Your public key has been saved in /home/xliu/.ssh/id_dsa.pub.
The key fingerprint is:
81:0c:2e:e8:6d:03:d9:d9:0b:25:b0:88:a3:e5:68:48 xliu@localhost.localdomain
记得上面不要输入密码, 连续敲回车!此时会在目录下生成两个文件,如图:
[xliu@localhost ~]$ cd .ssh/
[xliu@localhost .ssh]$ ls
id_dsa id_dsa.pub
显然private key为id_dsa,public key 为id_dsa.pub,public key应放在你要登录的机器上, 现在我要登录125,所以id_dsa.pub应放在125:/home/xliu/.ssh目录下
xliu@qhtlnx28 ~/.ssh$ scp id_dsa.pub *.*.*.*:/home/xliu/.ssh
xliu@172.17.61.125's password:
输入125上xliu用户对应当密码。即可将文件传输到125的/home/xliu/.ssh目录下。
3:在125上,
[xliu@localhost ~]$ cd .ssh/
[xliu@localhost .ssh]$ pwd
/home/xliu/.ssh
[xliu@localhost .ssh]$ mv id_dsa.pub authorized_keys
然后,以xliu用户登录28后, 然后 ssh *.*.*.125 即可成功登陆125(不需要输入密码)!
二:上面的是client和server上都有同样的用户名,如果我用用client端的xliu用户和server端的root用户建立无密码的ssh认证,
方法很类似,
客户端上的步骤完全相同, 只是把id_dsa.pub复制到server上的/root/.ssh目录下,并改名为authorized_keys,在client上ssh的时候,一定要ssh root@*.*.*.125(说明,指明以root登录125)
三:还有一种情况, 就是多个client端的root都和server上的root建立无密码的ssh认证(我只是以root为例子!)
这个client的方式和上面完全一样, 只不过是server端,
要用cd /root/.ssh
cat id_dsa.pub >> authorized_keys
将每个id_dsa.pub都添加进去即可。
ssh连接的相关日志记录在
[root@qht25 log]# pwd
/var/log
[root@qht25 log]# ls secure
secure
[root@qht25 log]#
May 24 01:59:59 qht25 sshd[18031]: Accepted publickey for root from ::ffff:172.17.61.106 port 41052 ssh2
May 24 09:59:59 qht25 sshd[18030]: Accepted publickey for root from ::ffff:172.17.61.106 port 41052 ssh2
May 24 10:00:05 qht25 sshd[18098]: Accepted publickey for root from ::ffff:172.17.61.111 port 22691 ssh2
May 24 02:00:05 qht25 sshd[18099]: Accepted publickey for root from ::ffff:172.17.61.111 port 22691 ssh2
May 24 10:00:05 qht25 sshd[18119]: Accepted publickey for root from ::ffff:172.17.61.108 port 24092 ssh2
May 24 02:00:05 qht25 sshd[18120]: Accepted publickey for root from ::ffff:172.17.61.108 port 24092 ssh2
May 24 10:00:06 qht25 sshd[18140]: Accepted publickey for root from ::ffff:172.17.61.110 port 7497 ssh2
May 24 02:00:06 qht25 sshd[18141]: Accepted publickey for root from ::ffff:172.17.61.110 port 7497 ssh2
May 24 02:00:06 qht25 sshd[18143]: Accepted publickey for root from ::ffff:172.17.61.113 port 28187 ssh2
May 24 10:00:06 qht25 sshd[18142]: Accepted publickey for root from ::ffff:172.17.61.113 port 28187 ssh2
May 24 02:00:06 qht25 sshd[18183]: Accepted publickey for root from ::ffff:172.17.61.109 port 31560 ssh2
May 24 10:00:06 qht25 sshd[18182]: Accepted publickey for root from ::ffff:172.17.61.109 port 31560 ssh2
May 24 02:05:11 qht25 sshd[18478]: Accepted password for root from ::ffff:172.17.61.143 port 1348 ssh2
1:使用过程中遇到的一个问题,及解决方法:
阅读(1812) | 评论(0) | 转发(0) |