linux ssh publickey access

標籤：

 

一、公開金鑰認證的基本思想：

對資訊的加密和解密採用不同的key，這對key分別稱作private key和public key，其中，public key存放在欲登入的伺服器上，而private key為特定的客戶機所持有。

當客戶機向伺服器發出建立安全連線的請求時，首先發送自己的public key，如果這個public key是被伺服器所允許的，伺服器就發送一個經過public key加密的隨機資料給客戶機，這個資料只能通過private key解密，客戶機將解密後的資訊發還給伺服器，伺服器驗證正確後即確認客戶機是可信任的，從而建立起一條安全的資訊通道。

通過這種方式，客戶機不需要向外發送自己的身份標誌“private key”即可達到校正的目的，並且private key是不能通過public key反向推斷出來的。這避免了網路竊聽可能造成的密碼泄露。客戶機需要小心的儲存自己的private key，以免被其他人竊取，一旦這樣的事情發生，就需要各伺服器更換受信的public key列表。

二、無密碼登入實現方式（server1 publickey串連server2免密碼登入）

1、用ssh-keygen建立公開金鑰（server1）

[[email protected] ~]# ssh-keygen  
Generating public/private rsa key pair. 
Enter file in which to save the key(/root/.ssh/id_rsa): 
Created directory ‘/root/.ssh‘. 
Enter passphrase (empty for no passphrase):  （此處密碼決定終端串連時使用的私密金鑰密碼）
Enter same passphrase again: 
Your identification has been saved in/root/.ssh/id_rsa. 
Your public key has been saved in/root/.ssh/id_rsa.pub. 
The key fingerprint is: 
7b:aa:08:a0:99:fc:d9:cc:d8:2e:4b:1a:c0:6b:da:[email protected] 
The key‘s randomart image is: 
+--[ RSA 2048]----+ 
| | 
| | 
| | 
|. | 
|o. S | 
|++. . | 
|+=o. . . | 
|o+=oB. o | 
|..E==*... | 
+-----------------+ 

2、補充說明：
ssh-keygen:產生秘鑰，其中：
  -t指定演算法
  -f 指定產生秘鑰路徑
  -N 指定密碼

查看產生認證：

[[email protected]]$ ll /root/.ssh/
total 16
-rw------- 1 yida yida 1675 Mar 31 11:42 id_rsa
-rw-r--r-- 1 yida yida  399 Mar 31 11:42 id_rsa.pub

3、將server1 publickey複製到server2 authorized_keys

[[email protected] .ssh]$ ssh-copy-id -i id_rsa.pub [email protected]
The authenticity of host ‘10.207.0.179 (10.207.0.179)‘ can‘t be established.
RSA key fingerprint is 94:5f:47:a8:ae:0b:b0:31:0f:ce:6b:86:08:51:98:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘10.207.0.179‘ (RSA) to the list of known hosts.
Address 10.207.0.179 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Password:
Now try logging into the machine, with "ssh ‘[email protected]‘", and check in:

  .ssh/authorized_keys

to make sure we haven‘t added extra keys that you weren‘t expecting.

[[email protected]_d10075798 .ssh]$

4.server2 查看public key檔案

[[email protected]]$ ll
total 16
-rw------- 1 root root  408 Mar 30 15:43 authorized_keys

 

 

linux ssh publickey access