SSH免密登陸原理及配置

時間  2019-11-16
標籤 ssh 登陸 原理 配置 简体版
原文   原文鏈接

1、SSH免密登陸原理

SSH免密登錄配置圖示

SSH免密登錄配置

SSH免密登陸原理圖示

SSH免密登陸原理

2、具體配置操做

環境準備

  1. 操做系統:centos 6.4
  2. serverA: 192.168.100.129
  3. serverB: 192.168.100.130

配置

沒作任何配置前從serverA上SSH登陸到serverB時須要輸入密碼的(若是是第一次登陸,輸入密碼前還會詢問受權yes/no,只管輸入yes就行):centos

[binxin@serverA ~]$ ssh binxin@serverB
binxin@serverb's password: 
Last login: Fri Apr  1 00:35:41 2016 from servera
[binxin@serverB ~]$

下面開始免密登錄的配置:dom

  • 在serveA上生成祕鑰對:
[binxin@serverA ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/binxin/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/binxin/.ssh/id_rsa.
Your public key has been saved in /home/binxin/.ssh/id_rsa.pub.
The key fingerprint is:
f2:f1:00:ca:b0:d0:3c:52:ac:9b:b7:0d:7e:62:f3:39 binxin@serverA
The key's randomart image is:
+--[ RSA 2048]----+
| ..              |
| +.              |
|o.=   .          |
|.o = . .         |
| o. o . S        |
|o o    o +       |
| o +    . .      |
|  * E.           |
| . =o.           |
+-----------------+
[binxin@serverA ~]$

查看用戶目錄下的ssh(隱藏的)文件夾,祕鑰對已經生成,公鑰id_rsa.pub,私鑰id_rsassh

[binxin@serverA ~]$ cd .ssh/
[binxin@serverA .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts
[binxin@serverA .ssh]$
  • 經過scp命令複製serverA的公鑰到serverB上
[binxin@serverA .ssh]$ scp ~/.ssh/id_rsa.pub binxin@serverB:/home/binxin/id_rsa.pub
binxin@serverb's password: 
id_rsa.pub                                           100%  396     0.4KB/s   00:00    
[binxin@serverA .ssh]$
  • 登陸serverB,將上步靠過來的公鑰添加到受權列表文件authorized_keys中,剛開始沒有這個文件,追加的時候自動生成了
[binxin@serverB ~]$ cd .ssh/
[binxin@serverB .ssh]$ ls
[binxin@serverB .ssh]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
[binxin@serverB .ssh]$ ls
authorized_keys
[binxin@serverB .ssh]$
  • authorized_keys文件的權限必須爲600,ssh目錄權限必須爲700,手動修改權限
[binxin@serverB ~]$ chmod 700 ~/.ssh 
[binxin@serverB ~]$ chmod 600 ~/.ssh/authorized_keys
  • 檢驗配置是否成功,從serverA經過ssh登錄到serverB,發現不用輸密碼直接登錄成功了,搞定!
[binxin@serverA .ssh]$ ssh binxin@serverB
Last login: Fri Apr  1 00:46:54 2016 from servera
[binxin@serverB ~]$

3、可能的問題

權限問題

配置完authorized_keys一直不生效,極可能是由於.ssh目錄和下面文件的權限問題致使的,由於目錄的權限已經超過了sshd的要求權限。若是但願ssh公鑰生效需知足至少下面兩個條件:.ssh目錄的權限必須是700,.ssh/authorized_keys文件權限必須是600ide

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程