CenOS7秘钥双向验证的配置
配置密钥对的双向配置
HOST1配置:
root下编辑/etc/ssh/sshd_config
RSAAuthentication yes //启用RSA算法
PubkeyAuthentication yes //启用秘钥对验证
[root@host1 ~]# useradd hadoop //建立一个用户
[root@host1 ~]# passwd hadoop //设置密码
更改用户 hadoop 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@host1 ~]# su - hadoop
上一次登录:五 8月 16 03:44:00 CST 2019pts/0 上
[hadoop@host1 ~]$ pwd
/home/hadoop
[hadoop@host1 ~]$ ssh-keygen -t rsa //生成密钥对,加密格式为rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径
Created directory '/home/hadoop/.ssh'.
Enter passphrase (empty for no passphrase): //公钥密码,回车即设置空密码(回车)
Enter same passphrase again: //二次输入公钥密码(回车)
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
77:05:b5:65:b7:b6:81:79:79:6d:2d:13:e2:73:65:4e hadoop@host1
The key's randomart image is:
+--[ RSA 2048]----+
| o.o E|
| . ooX*|
| oo***|
| +o++|
| S . . . |
| . . |
| |
| |
| |
+-----------------+
[hadoop@host1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.50.112 //将公钥传给位于host2下的hatoop
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@192.168.50.112's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'hadoop@192.168.50.112'"
and check to make sure that only the key(s) you wanted were added.
[hadoop@host1 ~]$ ssh hadoop@192.168.50.112 //无需验证密码即可登录
Last login: Thu Aug 15 20:10:32 2019 from 192.168.50.111
[hadoop@host2 ~]$
HOST2配置:
root下编辑/etc/ssh/sshd_config
RSAAuthentication yes //启用RSA算法
PubkeyAuthentication yes //启用秘钥对验证
[hadoop@host2 ~]$ mkdir .ssh
[hadoop@host2 ~]$ chmod 700 .ssh/
[hadoop@host2 ~]$ ls -ld .ssh/
drwx------. 2 hadoop hadoop 6 8月 15 20:02 .ssh/
[hadoop@host2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径
Enter passphrase (empty for no passphrase): //输入公钥密码,回车即空密码(回车)
Enter same passphrase again: //再次输入(回车)
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
f3:37:cc:fa:98:d6:ed:79:db:b6:68:13:cf:21:5f:66 hadoop@host2
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| S |
| o o o .E|
| ..=.*oo|
| .=.+o=+|
| .+.oo+=+|
+-----------------+
[hadoop@host2 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.50.111 //将公钥文件传给HOST1
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@192.168.50.111's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'hadoop@192.168.50.111'"
and check to make sure that only the key(s) you wanted were added.
[hadoop@host2 ~]$ ssh hadoop@192.168.50.111 //直接登录,无需验证密码
Last login: Fri Aug 16 04:12:03 2019 from 192.168.50.112
[hadoop@host1 ~]$
CenOS7秘钥双向验证的配置的更多相关文章
- 构建秘钥对验证的SSH体系
构建秘钥对验证的SSH 体系 首先先要在ssh 客户端以root用户身份创建秘钥对 客户端将创建的公钥文件上传至ssh服务器 服务器将公钥信息导入用户root的公钥数据库文件 客户端以root用户身份 ...
- Git秘钥生成以及Gitlab配置
安装Git:详见http://www.cnblogs.com/xiuxingzhe/p/9300905.html 开通gitlab(开通需要咨询所在公司的gitlab管理员)账号后,本地Git仓库和g ...
- Git秘钥生成以及Gitlab配置(附以下问题解决方法:Key is invalid Fingerprint cannot be generated)
在进行Git密钥配置时,总是提示: “The form contains the following errors:Key is invalidFingerprint cannot be genera ...
- ssl/https双向验证的配置
1.SSL认证 不需要特别配置,相关证书库生成看https认证中的相关部分 2.HTTPS认证 一.基本概念 1.单向认证,就是传输的数据加密过了,但是不会校验客户端的来源 2.双向认证,如果客户端 ...
- ssl https双向验证的配置与证书库的生成
1.SSL认证 不须要特别配置,相关证书库生成看https认证中的相关部分 2.HTTPS认证 一.基本概念 1.单向认证,就是传输的数据加密过了,可是不会校验client的来源 2.双向认证,假设 ...
- nginx配置ssl双向验证 nginx https ssl证书配置
1.安装nginx 参考<nginx安装>:http://www.ttlsa.com/nginx/nginx-install-on-linux/ 如果你想在单IP/服务器上配置多个http ...
- Android中保存静态秘钥实践(转)
本文我们将讲解一个Android产品研发中可能会碰到的一个问题:如何在App中保存静态秘钥以及保证其安全性.许多的移动app需要在app端保存一些静态字符串常量,其可能是静态秘钥.第三方appId等. ...
- soapui测试https双向验证p12项目
1.准备好p12 和jsk秘钥文件 2.配置soapui ssl 其中: 1:jks就是放在trustStore那里,密码填写为 106075 2:p12放到keystore,密码填写:180000 ...
- git生成SSH秘钥
1.进入git bash , 输入 cd ~/.ssh/ ,没有的话,自己创建 mkdir ~/.ssh , 然后进入该文件夹完成生成秘钥步骤 2.配置全局的name和email,这里是的你githu ...
随机推荐
- 安卓之Android.mk编写
题记:编译环境可以参考https://www.cnblogs.com/ywjfx/p/9960817.html 不管是写C还是java,我想所有的程序员都经历过HelloWorld程序的编写,现在让我 ...
- Nova Conductor 与 Versioned Object Model 机制
目录 文章目录 目录 Nova Conductor 数据库访问代理机制 Versioned Object Model 机制 Nova Conductor Conductor 服务作为 Nova 核心部 ...
- HashMap 的实现原理解析(转载)
HashMap 概述 HashMap 是基于哈希表的 Map 接口的非同步实现.此实现提供所有可选的映射操作,并允许使用 null 值和 null 键.此类不保证映射的顺序,特别是它不保证该顺序恒久不 ...
- ras 加密及解密
rsa 对数据进行加密和解密 #!/usr/bin/env python # coding=utf-8 """ pip3 install rsa "" ...
- Linux LAMP源码安装
查看编译参数 # httpd cat /app/httpd24/build/config.nice # mysql cat /app/mysql/docs/INFO_BIN # php php -i ...
- “vmware 未能初始化监视器设备”的解决方法
从挂起状态唤醒时出现"vmware 未能初始化监视器设备"的提示,在cmd中输入命令 net start vmci net start vmx86 可能还不能成功启动,提示&quo ...
- HCL试验4
PC端配置:配置ip地址 配置网关 交换机配置:①创建VLAN system-view vlan 10 vlan 20 ②配置PC端接口 interface vlan-interface 10 ip ...
- MariaDB(第三章)select
基本查询 ``` --查询基本使用(条件,排序,聚合函数,分组,分页) --创建学生表 create table students ( id int unsigned not null auto_in ...
- 【Linux开发】linux设备驱动归纳总结(四):4.单处理器下的竞态和并发
linux设备驱动归纳总结(四):4.单处理器下的竞态和并发 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ...
- Flume概述
flume是分布式的,可靠的,用于从不同的来源有效收集 聚集 和 移动 大量的日志数据用以集中式的数据存储的系统. 是apache的一个顶级项目. 系统需求:jdk1.6以上,推荐java1.7