SSH免密登陆原理及配置

时间  2019-11-16
标签 ssh 登陆 原理 配置 繁體版
原文   原文链接

1、SSH免密登陆原理

SSH免密登录配置图示

SSH免密登录配置

SSH免密登陆原理图示

SSH免密登陆原理

2、具体配置操做

环境准备

  1. 操做系统:centos 6.4
  2. serverA: 192.168.100.129
  3. serverB: 192.168.100.130

配置

没作任何配置前从serverA上SSH登陆到serverB时须要输入密码的(若是是第一次登陆,输入密码前还会询问受权yes/no,只管输入yes就行):centos

[binxin@serverA ~]$ ssh binxin@serverB
binxin@serverb's password: 
Last login: Fri Apr  1 00:35:41 2016 from servera
[binxin@serverB ~]$

下面开始免密登录的配置:dom

  • 在serveA上生成秘钥对:
[binxin@serverA ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/binxin/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/binxin/.ssh/id_rsa.
Your public key has been saved in /home/binxin/.ssh/id_rsa.pub.
The key fingerprint is:
f2:f1:00:ca:b0:d0:3c:52:ac:9b:b7:0d:7e:62:f3:39 binxin@serverA
The key's randomart image is:
+--[ RSA 2048]----+
| ..              |
| +.              |
|o.=   .          |
|.o = . .         |
| o. o . S        |
|o o    o +       |
| o +    . .      |
|  * E.           |
| . =o.           |
+-----------------+
[binxin@serverA ~]$

查看用户目录下的ssh(隐藏的)文件夹,秘钥对已经生成,公钥id_rsa.pub,私钥id_rsassh

[binxin@serverA ~]$ cd .ssh/
[binxin@serverA .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts
[binxin@serverA .ssh]$
  • 经过scp命令复制serverA的公钥到serverB上
[binxin@serverA .ssh]$ scp ~/.ssh/id_rsa.pub binxin@serverB:/home/binxin/id_rsa.pub
binxin@serverb's password: 
id_rsa.pub                                           100%  396     0.4KB/s   00:00    
[binxin@serverA .ssh]$
  • 登陆serverB,将上步靠过来的公钥添加到受权列表文件authorized_keys中,刚开始没有这个文件,追加的时候自动生成了
[binxin@serverB ~]$ cd .ssh/
[binxin@serverB .ssh]$ ls
[binxin@serverB .ssh]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
[binxin@serverB .ssh]$ ls
authorized_keys
[binxin@serverB .ssh]$
  • authorized_keys文件的权限必须为600,ssh目录权限必须为700,手动修改权限
[binxin@serverB ~]$ chmod 700 ~/.ssh 
[binxin@serverB ~]$ chmod 600 ~/.ssh/authorized_keys
  • 检验配置是否成功,从serverA经过ssh登录到serverB,发现不用输密码直接登录成功了,搞定!
[binxin@serverA .ssh]$ ssh binxin@serverB
Last login: Fri Apr  1 00:46:54 2016 from servera
[binxin@serverB ~]$

3、可能的问题

权限问题

配置完authorized_keys一直不生效,极可能是由于.ssh目录和下面文件的权限问题致使的,由于目录的权限已经超过了sshd的要求权限。若是但愿ssh公钥生效需知足至少下面两个条件:.ssh目录的权限必须是700,.ssh/authorized_keys文件权限必须是600ide

相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程