溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊(cè)×
其他方式登錄
點(diǎn)擊 登錄注冊(cè) 即表示同意《億速云用戶服務(wù)條款》

Linux系統(tǒng)互信ssh的配置方法

發(fā)布時(shí)間:2020-08-10 08:07:06 來(lái)源:ITPUB博客 閱讀:315 作者:yhdmy 欄目:建站服務(wù)器
一、ssh互信的介紹
ssh互信是兩臺(tái)機(jī)器(terminal-1和terminal-2)經(jīng)過(guò)預(yù)先設(shè)置好認(rèn)證的key文件,雙方互相訪問(wèn)時(shí),進(jìn)行自動(dòng)認(rèn)證,無(wú)需再次輸入密碼,從而實(shí)現(xiàn)互信。
實(shí)現(xiàn)原理:
1.在要配置互信的機(jī)器(terminal-1和terminal-2)上生成各自經(jīng)過(guò)認(rèn)證的key文件。
2.將所有的key文件匯總到一個(gè)總的認(rèn)證文件夾中。
3.將打包的key發(fā)給想要進(jìn)行互信的機(jī)器(terminal-1和terminal-2)
4.互信驗(yàn)證

二、實(shí)驗(yàn)
1. 兩臺(tái)機(jī)器檢查(sam 172.16.211.129    suzzy 172.16.211.130)
terminal-1:

  1. [root@sam ~]# hostname
  2. sam
  3. terminal-2:
  4. [root@suzzy ~]# hostname
  5. suzzy

2. sam機(jī)器ssh到suzzy機(jī)器(需要輸入正確密碼才可以登錄)
密碼正確:

  1. [root@sam ~]# ssh suzzy
  2. The authenticity of host 'suzzy (172.16.211.130)' can't be established.
  3. RSA key fingerprint is e0:4b:15:f3:fe:6c:2d:11:f7:ad:7e:a6:d6:65:0e:0d.
  4. Are you sure you want to continue connecting (yes/no)? yes
  5. Warning: Permanently added 'suzzy,172.16.211.130' (RSA) to the list of known hosts.
  6. root@suzzy's password:
  7. Last login: Fri Oct 30 15:27:15 2015 from 172.16.211.1
  8. [root@suzzy ~]#

密碼錯(cuò)誤:

  1. [root@sam ~]# ssh suzzy
  2. root@suzzy's password:
  3. Permission denied, please try again.
  4. root@suzzy's password:
  5. Permission denied, please try again.
  6. root@suzzy

3. 創(chuàng)建互信所用到的目錄并修改權(quán)限(如果沒(méi)有的話),如果你用過(guò)ssh登錄過(guò)對(duì)方機(jī)器,該目錄會(huì)自動(dòng)創(chuàng)建,即便登錄不成功。

  1. [root@sam ~]# rm -rf .ssh
  2. [root@sam ~]# mkdir .ssh
  3. [root@sam ~]# chmod 755 .ssh
  4. [root@sam ~]# ls -la
  5. total 376
  6. dr-xr-x---. 31 root root 4096 Oct 30 16:05 .
  7. dr-xr-xr-x. 28 root root 4096 Aug 31 15:28 ..
  8. drwxr-xr-x. 2 root root 4096 Nov 27 2014 .abrt
  9. ...
  10. drwxr-xr-x 2 root root 4096 Oct 30 16:05 .ssh

4. 創(chuàng)建密鑰(默認(rèn)回車)
sam機(jī)器:

  1. [root@sam ~]# /usr/bin/ssh-keygen -t rsa
  2. Generating public/private rsa key pair.
  3. Enter file in which to save the key (/root/.ssh/id_rsa):
  4. Enter passphrase (empty for no passphrase):
  5. Enter same passphrase again:
  6. Your identification has been saved in /root/.ssh/id_rsa.
  7. Your public key has been saved in /root/.ssh/id_rsa.pub.
  8. The key fingerprint is:
  9. 70:d2:c8:c6:01:6d:1c:2b:2e:8c:89:c0:ae:fc:14:2d root@sam
  10. The key's randomart image is:
  11. +--[ RSA 2048]----+
  12. | .+o. |
  13. |. o+= |
  14. |.. ..O o |
  15. |++ ..o + |
  16. |+.oE.. S |
  17. |o .o |
  18. |.. . |
  19. | o |
  20. | . |
  21. +-----------------+
  22. [root@sam .ssh]# ll
  23. total 8
  24. -rw------- 1 root root 1675 Oct 30 17:42 id_rsa
  25. -rw-r--r-- 1 root root 390 Oct 30 17:42 id_rsa.pub

  27. [root@sam .ssh]# /usr/bin/ssh-keygen -t dsa
  28. Generating public/private dsa key pair.
  29. Enter file in which to save the key (/root/.ssh/id_dsa):
  30. Enter passphrase (empty for no passphrase):
  31. Enter same passphrase again:
  32. Your identification has been saved in /root/.ssh/id_dsa.
  33. Your public key has been saved in /root/.ssh/id_dsa.pub.
  34. The key fingerprint is:
  35. 9e:12:19:4e:6a:d5:46:64:47:3d:f9:2a:11:e0:49:ad root@sam
  36. The key's randomart image is:
  37. +--[ DSA 1024]----+
  38. | .*+o. . |
  39. | * oo + |
  40. | + =. . o |
  41. | = +E . . |
  42. | o + S . . |
  43. | . o .. . |
  44. | . o . |
  45. | . |
  46. | |
  47. +-----------------+
  48. [root@sam .ssh]# ll
  49. total 16
  50. -rw------- 1 root root 672 Oct 30 17:49 id_dsa
  51. -rw-r--r-- 1 root root 598 Oct 30 17:49 id_dsa.pub
  52. -rw------- 1 root root 1675 Oct 30 17:42 id_rsa
  53. -rw-r

注:suzzy機(jī)器同上

  1. [root@suzzy ~]# ssh-keygen -t rsa
  2. Generating public/private rsa key pair.
  3. Enter file in which to save the key (/root/.ssh/id_rsa):
  4. Enter passphrase (empty for no passphrase):
  5. Enter same passphrase again:
  6. Your identification has been saved in /root/.ssh/id_rsa.
  7. Your public key has been saved in /root/.ssh/id_rsa.pub.
  8. The key fingerprint is:
  9. d9:d1:27:75:5b:85:a2:af:77:75:83:74:d1:2a:02:35 root@suzzy
  10. The key's randomart image is:
  11. +--[ RSA 2048]----+
  12. | .E ..*|
  13. | . o...o+|
  14. | ...o..o.|
  15. | oo..+.. |
  16. | S .o..o |
  17. | .. .o|
  18. | . .o|
  19. | . . . |
  20. | . . |
  21. +-----------------+
  22. [root@suzzy ~]# ssh-keygen -t dsa
  23. Generating public/private dsa key pair.
  24. Enter file in which to save the key (/root/.ssh/id_dsa):
  25. Enter passphrase (empty for no passphrase):
  26. Enter same passphrase again:
  27. Your identification has been saved in /root/.ssh/id_dsa.
  28. Your public key has been saved in /root/.ssh/id_dsa.pub.
  29. The key fingerprint is:
  30. c4:94:b1:87:9a:34:1d:35:cb:51:03:12:f1:86:b7:fe root@suzzy
  31. The key's randomart image is:
  32. +--[ DSA 1024]----+
  33. | B*=oo |
  34. | +.O + . |
  35. | o B B |
  36. | . = + . |
  37. | o S . |
  38. | . |
  39. | . |
  40. | . |
  41. | E |
  42. +

5. 將每個(gè)主機(jī)上的公共密鑰文件id_rsa.pub和id_dsa.pub的內(nèi)容復(fù)制到~/.ssh/authorized_keys文件中。并把這個(gè)文件分別放到所有機(jī)器中。注意,當(dāng)您第一次使用ssh訪問(wèn)遠(yuǎn)程主機(jī)時(shí),其RSA密鑰是未知的,所以提示確認(rèn)一下,確認(rèn)完畢后SSH將記錄遠(yuǎn)程主機(jī)的RSA密鑰,以后連接該主機(jī)就不用密碼了。

  1. [root@sam .ssh]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  2. [root@sam .ssh]# cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
  3. [root@sam .ssh]# ssh root@suzzy cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
  4. The authenticity of host 'suzzy (172.16.211.130)' can't be established.
  5. RSA key fingerprint is e0:4b:15:f3:fe:6c:2d:11:f7:ad:7e:a6:d6:65:0e:0d.
  6. Are you sure you want to continue connecting (yes/no)? yes
  7. Warning: Permanently added 'suzzy,172.16.211.130' (RSA) to the list of known hosts.
  8. root@suzzy's password:
  9. [root@sam .ssh]# ssh root@suzzy cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
  10. root@suzzy

6. 檢查總密鑰文件

  1. [root@sam .ssh]# ls -l authorized_keys
  2. -rw-r--r-- 1 root root 1980 Oct 30 18:19 authorized_keys
  3. [root@sam .ssh]# cat authorized_keys
  4. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzxsnq3tyb50Z+uRGp0tFpMOSTqZpvOvcyrB0S2vbL0YdUl4oJg2xnwo6duteS5EHzoVKzRjSdfrDM5owKRVsWJnufAA/o6z0kiiYje6Cvfd5hlw/jgJtU1TVuzZsj+bwnCzWuSKfkkM/uhBvWk9UQe0GuTClUn4bxuXuFNGwWuDi020pwwNLdUbEtH93rhWFGskUrj9s2RLd3eDquT18TQzNGwwG0PrbedxyT57aVdbqKyLnxMDx/eOHKW4dWZQMIaUe/n73rjuGG43F6oRFk3R52bMSdOqYqljUSI5FmtBAAO1AyTALldg09rdg6PqTlYyQvLt1T9JVok6BLm9nHQ== root@sam
  5. ssh-dss AAAAB3NzaC1kc3MAAACBAPR47OE9s4nnzVEpoH6/rPgJexROcNSwMPJeF9QSXpuIcbUNmLocrab8xQ33rfFkjUOAaf5PG9AJa3T0FReobaEA8uRui4NjJJ74/Bjs+Rm6Lg9FAeboIwBAuEyIG4VcoFXCf7bpplg6+hiRd4oNkuDA+GJdVMyBqWvborAIhuPJAAAAFQCnj9Ft5BQs5tzP6uoV0pBvx7lEAQAAAIEA15+u2GTGGiEMeeCCOwu4kQNjKUGHrZsMBepbOmaBImBeYJP3Q76dpSxjJpPjQ/bk61oVHnKjceuXwpmiND08BvjrGAtw15q2wodKdr0EnRjFQ/8MIWsfSgkBx1ngWDvAD+YqZI1V9imnUUEU+Xlq84PDxDKn45tZ2sauSkYWrhwAAACBAK3I2fkbaLwd/3gWcXkMoA7jm2euYB48DXm2NMYe0WddI/lN+LocRKEf9ZEwts48tw7G/lwcD+eP6jWPYNnSBr8xavjt3ZtVlGnuUlU4yuzUFvtBC8AnG7nyihEFM7lM+V2N0Tx/83K6gRXFGDoOpT4/xfEFxlVFsLdfuuodHhh4 root@sam
  6. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1H5kArvHN1jagQEUIwTHBEQXI0CHNgMJMZrnIlgNY2ssSFKfJdCdA8bfBtoIesfBSLfyQHFFqwh6CZqfXTlhL6JLlVL0anUnpEHX9v5B1vrNIfsQTXhfjXpyJOJNd1pWFweOQLq/fSvuoWvxQQESBloN8rUFs+eXvxMYi4y5rfQ+9MkJ6y+6HA1JB2KlHadzoA0vbZ4JxS/gcifhAzCv0goEw6ulNwHxdgx4Sp3EG+i8QxlSjV3BJ16FknaMRV8eMy8+pRibY6dWB+FW7sV5rQoT9/2PaqgUf0rMvCPzDE4aNpPYPXiU53dX+691iarmQo1Km26YHu7gDPsGbxa+lw== root@suzzy
  7. ssh-dss AAAAB3NzaC1kc3MAAACBAI4e0Ul5sHev0cAc0uwTgIU9x7oNTQq0YYSdBySfJ1iqpeKM5B1nf4y8C6o+m8IOh6C6BH7Jx3oLyW0oBetlfGroU3WHVSC2D/lAY9CywvRqmLB96OFICJG7NMU48vfFTyYj7m4ARo/gFnhF6svY65tUkrZgf7vxX8F+PNH66YDdAAAAFQCVKW/d0cQ6HBwIZheTbZ+mwkDEYwAAAIAEG0tEw2CKvysYNglifESkHmNw8DqgFvZ0azXTkr8OVxfNKB/h9lzV7U+IyIMMcsSfZaukGVntTtg0RVFPTMq/5rhUrupUWfRNgm0vgTGS2v5JPc5xYdoqZXQS8EIFvndkDyqGU233aievALTITY6bCyt4Nks95obUrSDl4T5ZnAAAAIAv5IVdJ8l2XKNdWMCSJXPhzepDtuzXbx5hKMRoNtoi+Qz8s/uAn3wEJC4qB7zjTnZQcfOdoV0R0JegvI46GO1D3sQhtUy76I2DlwXr0HjrOd/+UXQzfXf3rY3/B4rCTuGjwbbuAZeJVS+joV+MkeaiFrXoXisXjFDOoUiAIX1amw== root@suzzy

7. 將總密鑰文件傳到其他機(jī)器對(duì)應(yīng)目錄

  1. [root@sam .ssh]# scp authorized_keys root@suzzy:~/.ssh/
  2. root@suzzy

8. 測(cè)試連接(首次還是需要YES下,第二次便可以不需要)

  1. [root@sam ~]# ssh suzzy
  2. Last login: Fri Oct 30 18:25:38 2015 from sam
  3. [root@suzzy ~]# ssh sam
  4. Last login: Fri Oct 30 18:26:34 2015 from suzzy
  5. [root@sam ~]#

9. 將authorized_keys文件權(quán)限變更為600,以便安全,每臺(tái)都需要更改

  1. [root@sam ~]# cd .ssh
  2. [root@sam .ssh]# ls -l authorized_keys
  3. -rw-r--r-- 1 root root 1980 Oct 30 18:19 authorized_keys
  4. [root@sam .ssh]# chmod 600 authorized_keys
  5. [root@sam .ssh]# ls -l authorized_keys
  6. -rw

三、總結(jié)
     這個(gè)互信操作在Oracle 10g配置RAC(real application cluster)前是需要手工來(lái)操作的,從11G安裝開始,可以在圖形界面按鈕式配置,相當(dāng)容易,但我們還是應(yīng)該掌握該技巧,在需要免密登錄時(shí)還是要通過(guò)手工配置??醇业谋绢I(lǐng)可不能丟。

向AI問(wèn)一下細(xì)節(jié)

免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI