服务器间通过ssh使用密钥对实现无密码登录solaris,redhat,linux

2024-03-17 10:58

本文主要是介绍服务器间通过ssh使用密钥对实现无密码登录solaris,redhat,linux,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!

受flutter的启发,把bigadmin上的文档完善并简化一下,非常简单。

E文原址:http://www.sun.com/bigadmin/content/submitted/ssh_setting.html

关键词:ssh 密钥 无密码登录 信任关系

                                以下做法在solaris 10 u5,redhat as 5.0上测试通过。2008.07.24更新.

【概述】

如果你(A机)想无密码ssh登录别的机器(B机),只需要完成3个步骤:
 


  • A机生成密钥对
     
  • 把公钥传给B机
     
  • B机对A机的公钥授权
     





hosta和hostb都必须同步完成以下操作,以hosta为例
================================================================
1、创建密钥对,两台都做
[root@hosta /]# who am i
root     pts/1        2008-04-30 12:08 (172.16.10.220)
[root@hosta /]# cd ~/.ssh
[root@hosta .ssh]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.                              -------私钥名一定要叫id_dsa
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
0a:13:25:19:a2:59:2c:b1:49:e6:62:90:57:07:e5:f7 root@hosta

passphrase(密钥保护) 保留为空,否则使用ssh时将要求输入passphrase(密钥保护)

2、发布公钥和获取公钥
[root@hosta .ssh]# scp id_dsa.pub hostb:/root/.ssh/hosta.key.pub
root@hostb's password:
id_dsa.pub                                            100%  600     0.6KB/s   00:00   
[root@hosta .ssh]# scp hostb:/root/.ssh/id_dsa.pub /root/.ssh/hostb.key.pub
root@hostb's password:
id_dsa.pub                                            100%  600     0.6KB/s   00:00   

3、对公钥授权两台都做
[root@hostb .ssh]# cat hosta.key.pub >>authorized_keys2                 -----对A机公钥授权,A机用私钥来登录B机
[root@hostb .ssh]# cat id_dsa.pub >>authorized_keys2                      -----可选项,本机登录本机,可不配置

如果是ssh v1版本,比如solaris 9,就使用authorized_keys文件

4、使用密钥对登录
[root@hosta .ssh]# ssh hostb
Last login: Sun Apr 27 00:04:49 2008 from 172.16.10.220

已经不用输入密码lol

[root@hostb ~]# exit
logout
Connection to hostb closed.

5、查看日志
[root@hosta .ssh]# more /var/log/secure
Apr 27 10:26:47 hosta sshd[9309]: Accepted password for root from 172.16.10.220 port 239
5 ssh2
Apr 27 10:26:47 hosta sshd[9309]: pam_unix(sshd:session): session opened for user root b
y (uid=0)
Apr 27 10:41:51 hosta sshd[12195]: Accepted password for root from 172.16.10.220 port 24
08 ssh2
Apr 27 10:41:51 hosta sshd[12195]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 12:42:15 hosta sshd[3331]: pam_unix(sshd:session): session closed for user root
Apr 27 13:08:32 hosta sshd[26563]: Accepted password for root from 172.16.10.2 port 4324
7 ssh2
Apr 27 13:08:32 hosta sshd[26563]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:08:33 hosta sshd[26563]: pam_unix(sshd:session): session closed for user root
Apr 27 13:08:52 hosta sshd[26607]: Accepted password for root from 172.16.10.2 port 4324
8 ssh2
Apr 27 13:08:52 hosta sshd[26607]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:08:52 hosta sshd[26607]: pam_unix(sshd:session): session closed for user root
Apr 27 13:09:15 hosta sshd[26658]: Accepted password for root from 172.16.10.2 port 4324
9 ssh2
Apr 27 13:09:15 hosta sshd[26658]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:09:15 hosta sshd[26658]: pam_unix(sshd:session): session closed for user root
Apr 27 13:09:25 hosta sshd[26689]: Accepted password for root from 172.16.10.2 port 4325
0 ssh2
Apr 27 13:09:25 hosta sshd[26689]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:09:25 hosta sshd[26689]: pam_unix(sshd:session): session closed for user root
Apr 27 13:51:27 hosta sshd[29770]: Accepted password for root from 172.16.10.220 port 4248 ssh2
Apr 27 13:51:27 hosta sshd[29770]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 27 13:53:54 hosta sshd[29770]: pam_unix(sshd:session): session closed for user root
Apr 27 15:13:48 hosta sshd[9309]: pam_unix(sshd:session): session closed for user root
Apr 27 15:22:20 hosta sshd[12195]: pam_unix(sshd:session): session closed for user root
Apr 27 23:37:48 hosta sshd[7798]: Accepted password for root from 172.16.10.220 port 4948 ssh2
Apr 27 23:37:48 hosta sshd[7798]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 28 04:30:58 hosta sshd[7798]: pam_unix(sshd:session): session closed for user root
Apr 30 12:08:32 hosta sshd[15039]: Accepted password for root from 172.16.10.220 port 1637 ssh2
Apr 30 12:08:32 hosta sshd[15039]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 30 12:11:05 hosta useradd[15282]: new group: name=mysql, GID=503
Apr 30 12:11:05 hosta useradd[15282]: new user: name=mysql, UID=503, GID=503, home=/home/mysql, shell=/bin/bash
Apr 30 12:22:18 hosta sshd[16164]: Accepted password for root from 172.16.10.2 port 47224 ssh2
Apr 30 12:22:18 hosta sshd[16164]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 30 12:22:18 hosta sshd[16164]: pam_unix(sshd:session): session closed for user root

6、查看ssh的详细操作记录(ssh -v, scp -v or sftp -v ...)
[root@hosta .ssh]# scp -v /root/install.log hostb:/root
Executing: program /usr/bin/ssh host hostb, user (unspecified), command scp -v -t /root
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to hostb [172.16.10.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hostb' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure.  Minor code may provide more information
No credentials cache found

debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Offering public key: /root/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = zh_CN.GB18030
debug1: Sending command: scp -v -t /root
Sending file modes: C0644 35582 install.log
Sink: C0644 35582 install.log
install.log                                                             100%   35KB  34.8KB/s   00:00   
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

这篇关于服务器间通过ssh使用密钥对实现无密码登录solaris,redhat,linux的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!



http://www.chinasem.cn/article/818741

相关文章

防止Linux rm命令误操作的多场景防护方案与实践

《防止Linuxrm命令误操作的多场景防护方案与实践》在Linux系统中,rm命令是删除文件和目录的高效工具,但一旦误操作,如执行rm-rf/或rm-rf/*,极易导致系统数据灾难,本文针对不同场景... 目录引言理解 rm 命令及误操作风险rm 命令基础常见误操作案例防护方案使用 rm编程 别名及安全删除

Linux下MySQL数据库定时备份脚本与Crontab配置教学

《Linux下MySQL数据库定时备份脚本与Crontab配置教学》在生产环境中,数据库是核心资产之一,定期备份数据库可以有效防止意外数据丢失,本文将分享一份MySQL定时备份脚本,并讲解如何通过cr... 目录备份脚本详解脚本功能说明授权与可执行权限使用 Crontab 定时执行编辑 Crontab添加定

SpringBoot全局域名替换的实现

《SpringBoot全局域名替换的实现》本文主要介绍了SpringBoot全局域名替换的实现,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一... 目录 项目结构⚙️ 配置文件application.yml️ 配置类AppProperties.Ja

Java使用Javassist动态生成HelloWorld类

《Java使用Javassist动态生成HelloWorld类》Javassist是一个非常强大的字节码操作和定义库,它允许开发者在运行时创建新的类或者修改现有的类,本文将简单介绍如何使用Javass... 目录1. Javassist简介2. 环境准备3. 动态生成HelloWorld类3.1 创建CtC

使用Python批量将.ncm格式的音频文件转换为.mp3格式的实战详解

《使用Python批量将.ncm格式的音频文件转换为.mp3格式的实战详解》本文详细介绍了如何使用Python通过ncmdump工具批量将.ncm音频转换为.mp3的步骤,包括安装、配置ffmpeg环... 目录1. 前言2. 安装 ncmdump3. 实现 .ncm 转 .mp34. 执行过程5. 执行结

Python实现批量CSV转Excel的高性能处理方案

《Python实现批量CSV转Excel的高性能处理方案》在日常办公中,我们经常需要将CSV格式的数据转换为Excel文件,本文将介绍一个基于Python的高性能解决方案,感兴趣的小伙伴可以跟随小编一... 目录一、场景需求二、技术方案三、核心代码四、批量处理方案五、性能优化六、使用示例完整代码七、小结一、

Java实现将HTML文件与字符串转换为图片

《Java实现将HTML文件与字符串转换为图片》在Java开发中,我们经常会遇到将HTML内容转换为图片的需求,本文小编就来和大家详细讲讲如何使用FreeSpire.DocforJava库来实现这一功... 目录前言核心实现:html 转图片完整代码场景 1:转换本地 HTML 文件为图片场景 2:转换 H

Java使用jar命令配置服务器端口的完整指南

《Java使用jar命令配置服务器端口的完整指南》本文将详细介绍如何使用java-jar命令启动应用,并重点讲解如何配置服务器端口,同时提供一个实用的Web工具来简化这一过程,希望对大家有所帮助... 目录1. Java Jar文件简介1.1 什么是Jar文件1.2 创建可执行Jar文件2. 使用java

C#使用Spire.Doc for .NET实现HTML转Word的高效方案

《C#使用Spire.Docfor.NET实现HTML转Word的高效方案》在Web开发中,HTML内容的生成与处理是高频需求,然而,当用户需要将HTML页面或动态生成的HTML字符串转换为Wor... 目录引言一、html转Word的典型场景与挑战二、用 Spire.Doc 实现 HTML 转 Word1

C#实现一键批量合并PDF文档

《C#实现一键批量合并PDF文档》这篇文章主要为大家详细介绍了如何使用C#实现一键批量合并PDF文档功能,文中的示例代码简洁易懂,感兴趣的小伙伴可以跟随小编一起学习一下... 目录前言效果展示功能实现1、添加文件2、文件分组(书签)3、定义页码范围4、自定义显示5、定义页面尺寸6、PDF批量合并7、其他方法