Linux之sshkey密钥认证实战
Posted 潇潇、寒
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux之sshkey密钥认证实战相关的知识,希望对你有一定的参考价值。
在实际的生产环境中,经常会用到sshkey密钥认证实行数据分发数据等操作,还可以批量操作内网服务器,实行免密认证进行推送分发数据。
1、环境查看
分发服务器
节点服务器
2、服务器添加系统账号
3、生成密钥对
[root@localhost1 ~]# su - fenfa [fenfa@localhost1 ~]$ whoami fenfa
[fenfa@localhost1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/fenfa/.ssh/id_dsa):
Created directory \'/home/fenfa/.ssh\'. #创建目录
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/fenfa/.ssh/id_dsa.
Your public key has been saved in /home/fenfa/.ssh/id_dsa.pub.
The key fingerprint is:
2c:33:62:96:d5:5a:56:a8:19:63:29:de:63:35:83:f1 fenfa@localhost1
The key\'s randomart image is:
+--[ DSA 1024]----+
| .+ .. |
| . *o=. |
| . +.*Eo |
| .o*= |
| =.=.S |
| o . + |
| |
| |
| |
+-----------------+
[fenfa@localhost1 ~]$ cd /home/fenfa/.ssh/
[fenfa@localhost1 .ssh]$ ls -ld .ssh
ls: cannot access .ssh: No such file or directory
[fenfa@localhost1 .ssh]$ ls -ld /home/fenfa/.ssh/
drwx------ 2 fenfa fenfa 4096 Feb 21 00:25 /home/fenfa/.ssh/
[fenfa@localhost1 .ssh]$ ll
total 8
-rw------- 1 fenfa fenfa 668 Feb 21 00:25 id_dsa
-rw-r--r-- 1 fenfa fenfa 606 Feb 21 00:25 id_dsa.pub
[fenfa@localhost1 .ssh]$ cat /home/fenfa/.ssh/id_dsa -----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQDLu2NAZzbTkIb5qAXlFEEud/Ka3dS37dSzIgpkWeX5M65niDgJ NoXybn5t14YC5Ur7ef1MXQWsTJlzz1Y6+2MXNUnqnttIsbFGqPFCxfITDCryE9xZ L16LF7LLFcYyAiXDNJApQXRfnt8p4+5NYEx7WUtRnFhcAyolGCKGV9FlpQIVAPd4 UIqd7o3o3z+R8JbB0kB7uQmzAoGAb7DhH9aXMrDCERjr3u3kb6/P5yKl1h4Bx/Il k6Ye/hmly5jPk2ylwifPb0iVHVfKvREVGEQ84SUkYzGhAkws1hcrEp9auunzYDNP Sw8rTRwnGHe+jeSJpMFyE/XiAdLm9dlvNubgcprAhrY7j2dgM6lMzI4Wzx64yPm5 qqEF3AwCgYAswJiFXDeTFDumtSeAYwukCbuYFmuOZFep17Vo+5GO/EYmhv0WLkry mfkWIgzeq9RfiDj2jVGxMPwRdfIqqeThzrs8nJKNgIwhI8yN/EcjwdHA9iwkMWng +eXweI3JLGwAwOi8K0E5daJe6QyXZO67nlZt6RPsnnOZzsgdqIrtkwIVAK4QeeT/ lrNTWfo0hWEh7DPEGHsx -----END DSA PRIVATE KEY-----
4、分发密钥
分发的命令格式
ssh-copy-id -i 密钥名称 用户@远端主机 IP 地址--------------用于 ssh 是默认端口
ssh-copy-id -i 密钥名称 “-p port 用户@远端主机 IP 地址”--用于 ssh 非默认端口
[fenfa@localhost1 .ssh]$ ssh-copy-id -i id_dsa.pub fenfa@192.168.181.129 #分发的命令 The authenticity of host \'192.168.181.129 (192.168.181.129)\' can\'t be established. RSA key fingerprint is 9e:81:e9:02:86:a0:24:37:2b:d0:4e:ae:d4:41:6f:0d. Are you sure you want to continue connecting (yes/no)? y Please type \'yes\' or \'no\': yes Warning: Permanently added \'192.168.181.129\' (RSA) to the list of known hosts. fenfa@192.168.181.129\'s password: Permission denied, please try again. fenfa@192.168.181.129\'s password: Permission denied, please try again. fenfa@192.168.181.129\'s password: Now try logging into the machine, with "ssh \'fenfa@192.168.181.129\'", and check in: .ssh/authorized_keys to make sure we haven\'t added extra keys that you weren\'t expecting. [fenfa@localhost1 .ssh]$ ssh-copy-id -i id_dsa.pub fenfa@192.168.181.129 Now try logging into the machine, with "ssh \'fenfa@192.168.181.129\'", and check in: .ssh/authorized_keys to make sure we haven\'t added extra keys that you weren\'t expecting.
查看是否分发成功
[fenfa@localhost2 ~]$ tree /home/fenfa/.ssh/ /home/fenfa/.ssh/ └── authorized_keys 分发成功 0 directories, 1 file
5、分发数据
不需要输入密码
当每天都需要分发数据时,可以把命令写入脚本中,再加入定时任务,就可以自动分发数据。
以上是关于Linux之sshkey密钥认证实战的主要内容,如果未能解决你的问题,请参考以下文章
Linux 之 利用Google Authenticator实现用户双因素认证
Linux学习总结之 putty,xshell远程连接及密钥认证篇
Express实战 - 应用案例- realworld-API - 路由设计 - mongoose - 数据验证 - 密码加密 - 登录接口 - 身份认证 - token - 增删改查API(代码片段