Home > Developer > Linux

Linux Configuration SSH Trust

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >


The basic idea of public key authentication:

The encryption and decryption of information takes differentKey, it'sKeyrespectively calledprivate Keyand thePublic Key, of which,Public Keyon the server you want to log on to, andprivate Keyowned by a particular client. When a client makes a request to the server to establish a secure connection, it first sends its ownPublic Key, if thisPublic Keyis allowed by the server, the server sends aPublic Keyencrypted random data to the client, this data can only beprivate Keydecryption, the client sends the decrypted information back to the server, and the server verifies that the client is trustworthy, thus establishing a secure information channel. In this way, the client does not need to send out its own identity flag "private Key"To achieve the purpose of the calibration, andprivate Keyis not throughPublic Keyinferred in reverse. This avoids the potential for password leaks caused by network eavesdropping. The client needs to be careful to save its ownprivate KeyTo avoid being stolen by others, and once that happens, the server needs to replace the trustedPublic Keylist.

The steps to configure SSH Trust are as follows:

1. first, on the machine to configure mutual trust, the generation of their own certified key files;

2. Next, all the key files are aggregated into a total certification file;

3. Distribute this certification document, which contains all trusted machine authentication keys , to each machine;

4. Verify mutual trust.

Create ssh Trust with the same user test on the host named Node1,node2 .

1 . create on each node RSA keys and public keys

Login with test user

mkdir ~/.ssh

chmod ~/.ssh

CD ~/.ssh

SSH-KEYGEN-T RSA

2. consolidating public key files

Execute the following command on the node1

SSH node1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

ssh node2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys  

chmod ~/.ssh/authorized_keys

3. distributing the Consolidated public key file

Execute the following command on the node1

SCP ~/.ssh/authorized_keys node2:~/.ssh/

SCP ~/.ssh/authorized_keys node3:~/.ssh/

4. Test ssh Trust

run the following command on each node, if you do not need to enter a password to display the current date of the system, it indicates SSH Trust has been configured successfully.

SSH Node1 Date

ssh node2 Date  


Linux Configuration SSH Trust

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
asa ssh configuration cisco ssh configuration example iptables linux firewall configuration linux server firewall configuration linux syslog configuration http configuration in linux httpd configuration in linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More