ssh 秘钥认证流程

ssh配置认证

基于口令(密码)的安全验证

[root@m01 ~]# ssh 10.0.0.41 hostname
root@10.0.0.41's password:
backup
[root@m01 ~]# ssh 10.0.0.41 whoami
root@10.0.0.41's password:
root
[root@m01 ~]# ssh lewen@10.0.0.41 whoami
lewen@10.0.0.41's password:
lewen

基于秘钥的认证

1.生成钥匙和锁头

[root@m01 ~]# hostname
m01
[root@m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):            # 给秘钥加密码
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
::1b:e1:9f:0a:ab::a0:fc:::2d:bc::dd root@m01
The key's randomart image is:
+--[ DSA ]----+
| |
| . + . |
| = + E |
| . + . o |
| o . S |
| ..o = . |
| .o.... o |
| .o..o.. |
| .+o.. |
+-----------------+

2.把锁头发送到目标机器

发送到 backup
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.41
The authenticity of host '172.16.1.41 (172.16.1.41)' can't be established.
RSA key fingerprint is ac:0f:aa:d2:5b:ff:cf:ac:f0:::a6:be::b9:f9.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '172.16.1.41' (RSA) to the list of known hosts.
root@172.16.1.41's password:
Now try logging into the machine, with "ssh 'root@172.16.1.41'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@m01 ~]# ssh 10.0.0.41 hostname
backup


#nfs01
[root@m01 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.16.1.31
The authenticity of host '172.16.1.31 (172.16.1.31)' can't be established.
RSA key fingerprint is ac:0f:aa:d2:5b:ff:cf:ac:f0:::a6:be::b9:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.1.31' (RSA) to the list of known hosts.
root@172.16.1.31's password:
Now try logging into the machine, with "ssh 'root@172.16.1.31'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@m01 ~]# ssh 172.16.1.31 hostname
nfs01

3.免密发送

sshpass 软件
yum install sshpass -y #sshpass 给ssh类提供密码
[root@m01 ~]# sshpass -p123456 ssh 172.16.1.41 hostname
backup
sshpass -p123456 ssh -o StrictHostKeyChecking=no 172.16.1.41 hostname
backup

非交互式创建 钥匙锁头

[root@m01 ~]# ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa

非交互式 分发公钥

不用输入密码将公钥发送到目的机器

[root@m01 ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.41"
Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no root@172.16.1.41'",
and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.


[root@m01 ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@172.16.1.31"
Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no root@172.16.1.31'",
and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
​ [root@m01 ~]# ssh 172.16.1.41 hostname
backup
[root@m01 ~]# ssh 172.16.1.31 hostname
nfs01
Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname
-f: force mode -- copy keys without trying to check if they are already installed
-n: dry run -- no keys are actually copied

ssh 认证的更多相关文章

  1. ssh 认证指定端口

    [root@database2 ~]# cat ssh.sh if [ ! $# -eq 2 ] ;then echo "请输入用户密码以空格分开" exit else ssh-k ...

  2. 批量的单向的ssh 认证

    <pre name="code" class="python">if [ ! $# -eq 2 ] ;then echo "请输入用户密码 ...

  3. debian下使用gitosis+gitweb搭建SSH认证的git服务器

    搭建完成Git服务器后,需要使用两台机器进行测试,一台机器作为服务器端server,一台服务器作为客户端client.整个系统,需要三个计算机账户,这里假设server端的账户名为git,client ...

  4. github添加ssh认证

    总概:在使用git的时候,和目标仓库建立关系有两种方式https,ssh.一般用的是https认证(这样简单方便),但有个缺点,pull,push等操作需要频繁输入用户验证.虽然可以把用户验证账号密码 ...

  5. Linux学习笔记总结--ssh认证登录

    原理简介 SSH证书认证登录的基础是一对唯一匹配密钥: 私钥(private key)和公钥(public key).公钥用于对数据进行加密,而且只能用于加密.而私钥只能对使用所匹配的公钥,所加密过的 ...

  6. git ssh认证

    一般新手用git时,使用HTTPS都需要输入用户名和密码,这是一个很低效的开发过程.(虽然有时可以让开发人员减少push的次数).github提供了几种连接方式,其中以https:开头的代表https ...

  7. 华为SSH认证配置

    [设备型号]华为switch-S5700s ————1: [SW1] rsa/dsa local-key-pair create #创建本地密钥对 The key name will be: SW1_ ...

  8. Jenkins - SSH认证方式拉取Git代码

    1.本地生成密钥 [root@root ~] ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which ...

  9. [Linux] 一次SSH认证失败引发的关于通过日志查错误的思考

    一.缘由: 早上在用SSH公钥认证打通所有的机器,有一台机器在完成一些列操作后密钥登陆失败,其他机器一切正常. 错误如下:Public-key authentication with the serv ...

随机推荐

  1. ALV界面显示

    PERFORM ADD.   IS_LAYOUT_LVC-CWIDTH_OPT = 'X'.   IS_LAYOUT_LVC-SEL_MODE = 'A'. CALL FUNCTION 'REUSE_ ...

  2. 运行SVO

    安装与运行的所有文档:https://github.com/uzh-rpg/rpg_svo/wiki 有两种安装方式: 有ros:https://github.com/uzh-rpg/rpg_svo/ ...

  3. select into tb_temp2 from tb_temp1 创建临时表实现上一个、下一个功能,使用完毕就删除临时表

    好久没有写过Sql了,今天遇到一个问题,业务逻辑是: 一个商品可以属于多个分类,在显示商品详情的时候,要求可以点击“上一个”,“下一个” 查看和该商品在同一个分类下的其他商品,商品具有排序号. 这样我 ...

  4. VS“当前上下文中不存在名称“ViewBag”,当前上下文不存在名称“model””-已解决

    自己的项目出现了错误提示,却能编译成功,但是有点强迫症,总是想解决这个错误. 上网找了一堆,都是删除缓存等一些方法,但是没有多大用处,我觉得还是版本号不对,没有引用进来相应的配置,所以配置下了Conf ...

  5. 引爆你的Javascript代码进化

    转自:http://www.hicss.net/evolve-your-javascript-code/ 方才在程序里看到一段JS代码,写法极为高明,私心想着若是其按照规范来写,定可培养对这门语言的理 ...

  6. grep如何进行正则表达式查找

    字符类 字符类的搜索:如果我想要搜寻 test 或 taste 这两个单字时,可以发现到,其实她们有共通的 't?st' 存在-这个时候,我可以这样来搜寻: [root@www ~]# grep -n ...

  7. 搭建http静态网页服务器出现“Forbidden You don't have permission to access / on this server”

    部分参考链接: 2.4+ httpd最简单example.conf, 存放目录:/etc/httpd/conf.d/example.conf Alias /newstart-zte/ "/n ...

  8. CH6901 骑士放置

    原题链接 和棋盘覆盖(题解)差不多.. 同样对格子染色,显然日字的对角格子是不同色,直接在对应节点连边,然后就是二分图最大独立集问题. #include<cstdio> #include& ...

  9. snort学习笔记

    Snort有三种工作模式:嗅探器.数据包记录器.网络入侵检测系统(ids). 嗅探器模式仅仅是从网络上读取数据包并作为连续不断的流显示在终端上. 数据包记录器模式把数据包记录到硬盘上. 网络入侵检测模 ...

  10. 10个办法让设计小白迅速get海报设计要点!

    对于设计师而言,海报和宣传单的设计,几乎是每一个设计师的必修课.如今网页上的 Banner.宣传和促销的数字海报,大多脱胎于我们所熟知的海报设计. 对于推销产品.连接客户,海报始终是一种最为有趣和实用 ...