Linux下密钥认证

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux下密钥认证相关的知识,希望对你有一定的参考价值。

1.1 生成密钥

ssh2同时支持RSA和DSA密钥,但是ssh1仅支持RSA密钥。

[[email protected] ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
15:91:d4:10:10:62:a8:1d:66:50:36:21:87:30:62:a2 [email protected]node1.example.com
The keys randomart image is:
+--[ DSA 1024]----+
|=oo+*oo o+**     |
|=..+=o .  ...    |
|E  = .    .      |
|  . .    .       |
|        S        |
|                 |
|                 |
|                 |
|                 |
+-----------------+
[[email protected]-node1 ~]# ll .ssh/
total 12
-rw------- 1 root root 410 Mar 29 20:04 authorized_keys
-rw------- 1 root root 668 Apr 27 20:52 id_dsa          钥匙    (私钥)
-rw-r--r-- 1 root root 618 Apr 27 20:52 id_dsa.pub      锁      (公钥)

1.2 分发密钥把公钥传到客户端

id_dsa(钥匙)留到管理机,id_dsa.pub(锁)发送到所有的被管理机

ssh-copy-id原理:

将id_dsa.pub(锁)发送到所有的被管理机,改名为~/.ssh/authorized_keys

同时权限是600, ~/.ssh权限为700

[[email protected] ~]# grep authorized /etc/ssh/sshd_config
#AuthorizedKeysFile .ssh/authorized_keys

被管理机:

[[email protected] tmp]# ll ~/.ssh/authorized_keys
-rw------- 1 root root 598 Oct  9 12:31 /root/.ssh/authorized_keys
[[email protected] tmp]# ll -ld ~/.ssh
drwx------ 2 root root 4096 Oct  9 12:31 /root/.ssh

1.3 单个密钥分发

[[email protected] ~]# ssh-copy-id -i .ssh/id_dsa.pub [email protected]172.16.1.41
The authenticity of host 172.16.1.41 (172.16.1.41) cant be established.
RSA key fingerprint is ce:6b:ba:e5:83:74:fe:d4:a1:ef:3a:3e:10:b0:63:14.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 172.16.1.41 (RSA) to the list of known hosts.
Address 172.16.1.41 maps to bogon, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
[email protected]172.16.1.41s password:
Now try logging into the machine, with "ssh ‘[email protected]", and check in: 
  .ssh/authorized_keys
 to make sure we havent added extra keys that you werent expecting.

 

以上是关于Linux下密钥认证的主要内容,如果未能解决你的问题,请参考以下文章

Linux服务器安全之用户密钥认证登录

Mac OS X下配置远程Linux 服务器SSH密钥认证自动登录

LINUX SSH 密钥认证登陆配置

Linux学习总结之 putty,xshell远程连接及密钥认证篇

如何在 Linux 中配置基于密钥认证的 SSH

如何在 Linux 中配置基于密钥认证的 SSH