Chinaunix首页 | 论坛 | 博客

一阵风

首页 |  博文目录 |  关于我

chenwenming

  • 博客访问: 1349882
  • 博文数量: 112
  • 博客积分: 7112
  • 博客等级: 少将
  • 技术积分: 1299
  • 用 户 组: 普通用户
  • 注册时间: 2007-05-31 16:27
文章分类

全部博文(112)

文章存档

2011年(19)

2010年(20)

2009年(16)

2008年(20)

2007年(37)

我的朋友
最近访客
推荐博文
相关博文
SSH服务器配置RSA问题

分类: LINUX

2007-06-13 23:16:31

SSH服务器配置问题

我希望配置RSA密钥对,可以让client不需要输入密码就可以连到服务端。

系统环境 RH9

SSH版本为redhat9自带
openssh-3.5p1-6
openssh-server-3.5p1-6
openssh-clients-3.5p1-6

ssh-config和sshd-config使用系统默认配置。
我希望配置RSA密钥对,可以让client不需要输入密码就可以连到服务端。

client端,我这样做的
ssh-keygen -t rsa
需要口令时,按回车不输入。
最后生成id_rsa 和 id_rsa.pub

在服务器端,我把id_rsa.pub的内容copy到想连接的机器上的 ~/.ssh/authorized_keys 文件中
.ssh 文件夹和authorxxx的相关权限如下:
服务器端
[backup@root .ssh]$ ls -la
total 16
drwx------    2 root   root       4096 Jun 11 17:13 .
drwx------    3 root   root       4096 Jun 11 14:10 ..
-rw-r--r--    1 root   root        232 Jun 11 17:13 authorized_keys
-rw-r--r--    1 root   root        225 Jun 11 11:47 known_hosts


客户端
[backup@root .ssh]$ ls -la
total 20
drwx------    2 root   root       4096 Jun 11 15:26 .
drwx------    3 root   root       4096 Jun 11 14:47 ..
-rwx------    1 root   root        887 Jun 11 13:55 id_rsa
-rwx------    1 root   root        232 Jun 11 13:55 id_rsa.pub
-rwx------    1 root   root        455 Jun 11 14:49 known_hosts
而且不需要修改sshd_config和ssh_config里的配置


---------------------------------------------
[root@mod .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7a:59:b7:b9:fc:a5:7c:dd:3c:5f:f8:8d:17:e7:4f:c4 root@mod
[root@mod .ssh]#  cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@mod .ssh]#  scp ~/.ssh/authorized_keys 192.168.0.22:~/.ssh/authorized_keys
The authenticity of host '192.168.0.22 (192.168.0.22)' can't be established.
RSA key fingerprint is ce:ff:6e:a8:e1:ff:32:71:02:3c:c4:ad:8e:77:ff:0e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.22' (RSA) to the list of known hosts.
's password:
authorized_keys                                                                100%  218     0.2KB/s   00:00   
[root@mod .ssh]# ssh 192.168.0.22
Last login: Fri Sep 25 23:58:16 2009 from 192.168.0.120
[root@CRBTDB ~]# exit

==============================================
以下是互相信用

要建立用户等效性,请在两个节点上以 oracle 用户身份生成用户的公钥和私钥。打开 rac1 的电源,在这两个节点上执行以下任务。
在 rac1 上执行 

rac1-> mkdir ~/.ssh
rac1-> chmod 700 ~/.ssh
rac1-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_rsa.
Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
87:54:4f:92:ba:ed:7b:51:5d:1d:59:5b:f9:44:da:b6 oracle@rac1.mycorpdomain.com
rac1-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_dsa.
Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
31:76:96:e6:fc:b7:25:04:fd:70:42:04:1f:fc:9a:26 oracle@rac1.mycorpdomain.com

在 rac2 上执行 

rac2-> mkdir ~/.ssh
rac2-> chmod 700 ~/.ssh
rac2-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_rsa.
Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
29:5a:35:ac:0a:03:2c:38:22:3c:95:5d:68:aa:56:66 oracle@rac2.mycorpdomain.com
rac2-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /export/home/oracle/.ssh/id_dsa.
Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
4c:b2:5a:8d:56:0f:dc:7b:bc:e0:cd:3b:8e:b9:5c:7c oracle@rac2.mycorpdomain.com
在 rac1 上执行 
rac1-> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
rac1-> cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
rac1-> ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'rac2 (192.168.2.132)' can't be established.
RSA key fingerprint is 63:d3:52:d4:4d:e2:cb:ac:8d:4a:66:9f:f1:ab:28:1f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac2,192.168.2.132' (RSA) to the list of known hosts.
oracle@rac2's password:
rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
oracle@rac2's password:
rac1-> scp ~/.ssh/authorized_keys rac2:~/.ssh/authorized_keys
oracle@rac2's password:
authorized_keys                           100% 1716     1.7KB/s   00:00
在每个节点上测试连接。验证当您再次运行以下命令时,系统是否不提示您输入口令。 
ssh rac1 date
ssh rac2 date
ssh rac1-priv date
ssh rac2-priv date
ssh rac1.mycorpdomain.com date
ssh rac2.mycorpdomain.com date
ssh rac1-priv.mycorpdomain.com date
ssh rac2-priv.mycorpdomain.com date

======================================================================
配置密钥快速方法:

ssh-keygen -t dsa
ssh-copy-id root@远程ip地址  #这个过程会提示输入密码
ssh root@远程ip地址

三步就行了



阅读(10605) | 评论(0) | 转发(0) |
0

上一篇:技嘉865主板自带网卡 Yukon Gigabit 在linux下安装

下一篇:linux下常用命令用法

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6