linux生成公钥私钥ssh远程实现直接免密登录
实验环境
系统:CentOS 6.5
加密算法:RSA
两台服务器:服务端、客户端
服务端用户名:lisi
客户端用户名:zhangsan
让两台服务器互相登录不需要密码登录,实现直接免密登录。
双向公钥和私钥验证图
OpenSSH安装包
默认安装Linux系统时自动安装,若未安装,安装光盘中的如下rpm包:
openssh-clients-5.3p1-94.el6.x86_64
openssh-askpass-5.3p1-94.el6.x86_64
openssh-server-5.3p1-94.el6.x86_64
openssh-5.3p1-94.el6.x86_64
服务名称:sshd
服务端主程序:/usr/sbin/sshd
服务端配置文件:/etc/ssh/sshd_config
客户端配置文件:/etc/ssh/ssh_config
28.128配置创建公钥和私钥对
在客户端创建公钥私钥
[root@localhost ~]# useradd zhangsan
[root@localhost ~]# passwd zhangsan
更改用户 zhangsan 的密码 。
新的 密码:
无效的密码: WAY 过短
无效的密码: 过于简单
重新输入新的 密码:
passwd: 所有的身份验证令牌已经成功更新。
[root@localhost ~]# su - zhangsan
[zhangsan@localhost ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/zhangsan/.ssh/id_rsa): #提示文件放到这里行不行,不修改回车就行。
Created directory '/home/zhangsan/.ssh'.
Enter passphrase (empty for no passphrase): #回车
Enter same passphrase again: #回车
Your identification has been saved in /home/zhangsan/.ssh/id_rsa. #私钥位置
Your public key has been saved in /home/zhangsan/.ssh/id_rsa.pub. #公钥位置
The key fingerprint is:
3e:57:cf:9a:d6:6f:1d:36:71:c1:f4:3a:94:9d:61:40 zhangsan@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| .E++ |
| .=+|
| o.+|
| . o.|
| S . o o|
| . . o = |
| o . .+ +|
| o .o. o|
| .o o.|
+-----------------+
[zhangsan@localhost ~]$ ssh-copy-id -i /home/zhangsan/.ssh/id_rsa.pub lisi@192.168.28.128
The authenticity of host '192.168.28.128 (192.168.28.128)' can't be established.
RSA key fingerprint is e2:e9:fc:57:50:d3:2d:16:4a:a1:9c:15:08:0d:70:59.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.28.128' (RSA) to the list of known hosts.
lisi@192.168.28.128's password: #输入用户密码
Now try logging into the machine, with "ssh 'lisi@192.168.28.128'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
开启密钥验证配置文件/etc/ssh/sshd_config
#RSAAuthentication yes #启用RSA算法
#PubkeyAuthentication yes #启用密钥对验证
#AuthorizedKeysFile .ssh/authorized_keys #指定公钥库位置
服务端:
[lisi@www ~]$ ll .ssh/
总用量 4
-rw-------. 1 lisi lisi 412 5月 28 20:53 authorized_keys
[lisi@www ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqWHpmYbHdB5G8yb0CtbowBHNPKi8o9SwDNLfmy0C0sG/tROvM2yHTbwQiFpan4yiRYOHGPCajMnsuywFo0waxT2CkhkZB3k9bvDKkfuUhvA/O7zl2GRh4yKSsGmAMU/OEA80oPv2AeSu41LNCgQ3FeItZwLwzq7EvD40yOJLuzCM7EG8gwsg5RF8OCJAIA7oJSyEhg3+HUppmtf6QJX6dNnb/uvoalAbjLrN+aJuiokaFi76OiMVKQYYw82Wof3p/XJre+tkm2DLhZSyZpvBfsZhPiKMxTVOnKyhx7z2wkQkh9bdHo+9uG7HTgeUN2blg90rhq9hpBwwZnMzz+SB2w== zhangsan@localhost.localdomain
28.100服务器配置生成公钥和私钥
[root@www ~]# useradd lisi
[root@www ~]# passwd lisi
更改用户 lisi 的密码 。
新的 密码:
无效的密码: WAY 过短
无效的密码: 过于简单
重新输入新的 密码:
passwd: 所有的身份验证令牌已经成功更新。
[root@www ~]# su - lisi
[lisi@www ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/lisi/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/lisi/.ssh/id_rsa.
Your public key has been saved in /home/lisi/.ssh/id_rsa.pub.
The key fingerprint is:
b3:55:1b:8f:5f:47:e7:6f:e3:0c:e9:ef:30:2b:bc:2e lisi@www
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| o o|
| . = o.|
| S . o . +|
| + ...o|
| . . =..o|
| E o. B..|
| ooooo= |
+-----------------+
[lisi@www ~]$ ssh-copy-id -i /home/lisi/.ssh/id_rsa.pub zhangsan@192.168.28.100
zhangsan@192.168.28.100's password:
Now try logging into the machine, with "ssh 'zhangsan@192.168.28.100'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
开启密钥验证配置文件/etc/ssh/sshd_config
#RSAAuthentication yes #启用RSA算法
#PubkeyAuthentication yes #启用密钥对验证
#AuthorizedKeysFile .ssh/authorized_keys #指定公钥库位置
测试
[zhangsan@localhost ~]$ ssh lisi@192.168.28.128
Last login: Mon May 28 20:57:32 2018 from 192.168.28.100
[lisi@www ~]$
[lisi@www ~]$ ssh zhangsan@192.168.28.100
[zhangsan@localhost ~]$
本文由 帝一博客 原创发布。用户在本站发布的原创内容(包括但不仅限于回答、文章和评论),著作权均归用户本人所有。独家文章转载,请联系邮箱:17762131@qq.com。获得授权后,须注明本文地址: https://bubukou.com/linuxyunwei/1985.html
-
一个小时学会搭建和使用 kubernetes
2021-12-07 17:36
-
linux生成公钥私钥ssh远程实现直接免密登录
2021-05-11 10:31
-
linux(centos)安装lrzsz上传下载软件rz,s...
2021-01-25 17:58
-
linux mkfs.ext4命令格式化硬盘
2021-01-15 14:54
-
查看linux系统增加根目录空间不足
2020-12-31 11:28
-
linux下如何tightvncserver安装使用图形化访...
2020-12-28 19:03
-
centos7中 yum跟python的安装【附带pytho...
2020-12-08 20:57
-
Centos 7.4系统Filebeat + Kafka +...
2020-12-07 10:45
-
CentOS 7系统搭建Rsyslog+LogAnalyze...
2020-12-03 22:12
-
linux groups命令显示指定用户帐户的组群成员身份
2020-11-29 15:52
网友留言评论