CenOS7秘钥双向验证的配置

Posted yuan9910

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了CenOS7秘钥双向验证的配置相关的知识,希望对你有一定的参考价值。

配置密钥对的双向配置

HOST1配置:

root下编辑/etc/ssh/sshd_config 

RSAAuthentication  yes                  //启用RSA算法

PubkeyAuthentication   yes        //启用秘钥对验证

[root@host1 ~]# useradd hadoop              //建立一个用户

[root@host1 ~]# passwd hadoop          //设置密码

更改用户 hadoop 的密码 。      

新的 密码:

无效的密码: 密码少于 8 个字符

重新输入新的 密码:

passwd:所有的身份验证令牌已经成功更新。

[root@host1 ~]# su - hadoop

上一次登录:五 816 03:44:00 CST 2019pts/0

[hadoop@host1 ~]$ pwd

/home/hadoop

[hadoop@host1 ~]$ ssh-keygen -t rsa                  //生成密钥对,加密格式为rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):

Created directory ‘/home/hadoop/.ssh‘.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/hadoop/.ssh/id_rsa.

Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.

The key fingerprint is:

77:05:b5:65:b7:b6:81:79:79:6d:2d:13:e2:73:65:4e hadoop@host1

The key‘s randomart image is:

+--[ RSA 2048]----+

|            o.o E|

|           . ooX*|

|            oo***|

|             +o++|

|        S . .  . |

|         . .     |

|                 |

|                 |

|                 |

+-----------------+

[hadoop@host1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.50.112        //将公钥传给位于host2下的hatoop

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

hadoop@192.168.50.112‘s password:

 

Number of key(s) added: 1

 

Now try logging into the machine, with:   "ssh ‘hadoop@192.168.50.112‘"

and check to make sure that only the key(s) you wanted were added.

 

[hadoop@host1 ~]$ ssh hadoop@192.168.50.112         //无需验证密码即可登录

Last login: Thu Aug 15 20:10:32 2019 from 192.168.50.111

[hadoop@host2 ~]$

 

 

 HOST2配置:

root下编辑/etc/ssh/sshd_config 

RSAAuthentication  yes                  //启用RSA算法

PubkeyAuthentication   yes        //启用秘钥对验证

[hadoop@host2 ~]$ mkdir .ssh                        

[hadoop@host2 ~]$ chmod 700 .ssh/

[hadoop@host2 ~]$ ls -ld .ssh/

drwx------. 2 hadoop hadoop 6 8月  15 20:02 .ssh/

[hadoop@host2 ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/hadoop/.ssh/id_rsa.

Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.

The key fingerprint is:

f3:37:cc:fa:98:d6:ed:79:db:b6:68:13:cf:21:5f:66 hadoop@host2

The key‘s randomart image is:

+--[ RSA 2048]----+

|                 |

|                 |

|                 |

|                 |

|        S        |

|         o o o .E|

|          ..=.*oo|

|          .=.+o=+|

|         .+.oo+=+|

+-----------------+

[hadoop@host2 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.50.111    //将公钥文件传给HOST1

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

hadoop@192.168.50.111‘s password:

 

Number of key(s) added: 1

 

Now try logging into the machine, with:   "ssh ‘hadoop@192.168.50.111‘"

and check to make sure that only the key(s) you wanted were added.

 

[hadoop@host2 ~]$ ssh hadoop@192.168.50.111                   //直接登录,无需验证密码

Last login: Fri Aug 16 04:12:03 2019 from 192.168.50.112

[hadoop@host1 ~]$ 

以上是关于CenOS7秘钥双向验证的配置的主要内容,如果未能解决你的问题,请参考以下文章

soapui测试https双向验证p12项目

rsync & sersyncs 两台服务器双向文件同步实现

客户端与服务器双向密钥对验证

cenos7 网卡配置

nginx负载均衡,ssl原理,生成ssl秘钥对,nginx配置ssl

https双向认证时证书签发和配置