客户端与服务器双向密钥对验证
Posted tanxiaojuncom
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了客户端与服务器双向密钥对验证相关的知识,希望对你有一定的参考价值。
一、
客户端 >>> 服务器
HOST1配置:
root下编辑/etc/ssh/sshd_config
RSAAuthentication yes //启用RSA算法
PubkeyAuthentication yes //启用秘钥对验证
[root@host1 ~]# useradd hadoop //建立hadoop用户
[root@host1 ~]# passwd hadoop //为用户设置密码
更改用户 hadoop 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@host1 ~]# su - hadoop //切换用户到hadoop
上一次登录:五 8月 16 03:44:00 CST 2019pts/0 上
[hadoop@host1 ~]$ pwd
/home/hadoop
[hadoop@host1 ~]$ ssh-keygen -t rsa //生成密钥对,加密格式为rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径
Created directory ‘/home/hadoop/.ssh‘.
Enter passphrase (empty for no passphrase): //公钥密码,回车即设置空密码(回车)
Enter same passphrase again: //二次输入公钥密码(回车)
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
77:05:b5:65:b7:b6:81:79:79:6d:2d:13:e2:73:65:4e hadoop@host1
The key‘s randomart image is:
+--[ RSA 2048]----+
| o.o E|
| . ooX*|
| oo***|
| +o++|
| S . . . |
| . . |
| |
| |
| |
+-----------------+
[hadoop@host1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.153.10 //将公钥传给位于host2下的hatoop
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@192.168.153.10‘s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh ‘hadoop@192.168.153.10‘"
and check to make sure that only the key(s) you wanted were added.
[hadoop@host1 ~]$ ssh hadoop@192.168.153.10 //无需验证密码即可登录
Last login: Thu Aug 15 20:10:32 2019 from 192.168.153.128
[hadoop@host2 ~]$
二、
服务器 >>> 客户端
root下编辑/etc/ssh/sshd_config
RSAAuthentication yes //启用RSA算法
PubkeyAuthentication yes //启用秘钥对验证
[hadoop@host2 ~]$ mkdir .ssh
[hadoop@host2 ~]$ chmod 700 .ssh/
[hadoop@host2 ~]$ ls -ld .ssh/
drwx------. 2 hadoop hadoop 6 8月 15 20:02 .ssh/
[hadoop@host2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径
Enter passphrase (empty for no passphrase): //输入公钥密码,回车即空密码(回车)
Enter same passphrase again: //再次输入(回车)
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
f3:37:cc:fa:98:d6:ed:79:db:b6:68:13:cf:21:5f:66 hadoop@host2
The key‘s randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| S |
| o o o .E|
| ..=.*oo|
| .=.+o=+|
| .+.oo+=+|
+-----------------+
[hadoop@host2 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.153.128 //将公钥文件传给HOST1
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@192.168.153.128‘s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh ‘hadoop@192.168.153.128‘"
and check to make sure that only the key(s) you wanted were added.
[hadoop@host2 ~]$ ssh hadoop@192.168.153.128 //直接登录,无需验证密码
Last login: Fri Aug 16 04:12:03 2019 from 192.168.153.10
[hadoop@host1 ~]$
以上是关于客户端与服务器双向密钥对验证的主要内容,如果未能解决你的问题,请参考以下文章