Linux Configuration SSH Trust

Linux Configuration SSH Mutual trust

The basic idea of public key authentication:

The encryption and decryption of information using different keys, the key is called private key and public key, where public key is stored on the server to log on, and private key for a specific client hold. When the client makes a request to establish a secure connection to the server, first sends its own public key, if the public key is allowed by the server, the server sends a public key encrypted random data to the client, this data only through the private Key decryption, the client sends the decrypted information back to the server, the server verifies that the client is trustworthy, and thus establishes a secure information channel. In this way, the client does not need to send its own identity flag "private key" to achieve the purpose of verification, and private key can not be inferred from the public key backwards. This avoids the potential for password leaks caused by network eavesdropping. The client needs to be careful to save its own private key to avoid being stolen by others, and once that happens, the server will need to replace the trusted public key list.

Configuration SSH the steps to mutual trust are as follows:

1. First, on the machine to configure mutual trust, the generation of their own certified key files;

2. Next, all the key files are aggregated into a total certification file;

3. Distribute this certification document, which contains all trusted machine authentication keys, to each machine;

4. Verify mutual trust.

Create SSH trust with the same user test on the host named Node1,node2,node3.

1. Create an RSA key and public key on each node

Login with test user

mkdir ~/.ssh

chmod ~/.ssh

CD ~/.ssh

SSH-KEYGEN-T RSA

2. consolidating public key files

Execute the following command on the Node1

SSH node1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

SSH node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

SSH node3 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

chmod ~/.ssh/authorized_keys

3. Distributing the Consolidated public key file

Execute the following command on the Node1

SCP ~/.ssh/authorized_keys node2:~/.ssh/

SCP ~/.ssh/authorized_keys node3:~/.ssh/

4. test ssh Trust

Run the following command on each node, if you do not need to enter a password to display the current date of the system, it means that SSH trust has been configured successfully.

SSH Node1 Date

SSH Node2 Date

SSH node3 Date

Linux Configuration SSH Trust