注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

风之人生

人生如风,却无法如风般潇洒。

 
 
 

日志

 
 
关于我

一介草民,苟活于上海滩,以甲骨文为生,偶尔对一些国家大事有些兴趣,日常无事常以丝竹之声为乐。

网易考拉推荐

linux下使用公钥登录(转载)  

2010-02-09 16:58:01|  分类: linux/Unix |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

§6.4 使用Public Key (OpenSSH) 不用密码登陆.

步骤如下:

l         创建key

1.           $ mkdir -p ~/.ssh                        If it doesn't already exist

2.           $ chmod 700 ~/.ssh

3.           $ cd ~/.ssh

$ ssh-keygen -t dsa

l         拷贝key到服务器端

$ scp -p id_dsa.pub remoteuser@remotehost:

Password: ********

l         登陆到服务器端安装公钥

$ ssh -l remoteuser remotehost

Password: ********

 

remotehost$ mkdir -p ~/.ssh                        If it doesn't already exist

remotehost$ chmod 700 ~/.ssh

remotehost$ cat id_dsa.pub >> ~/.ssh/authorized_keys   (Appending)

remotehost$ chmod 600 ~/.ssh/authorized_keys

remotehost$ mv id_dsa.pub ~/.ssh        可选步骤,该文件甚至可以删除掉

remotehost$ logout

l         public-key登陆

$ ssh -l remoteuser remotehost

Enter passphrase for key '/home/smith/.ssh/id_dsa': ********

 

公钥一般存放在~/.ssh/authorized_keys, 老的OpenSSH版本可能存放在~/.ssh/authorized_keys2.

 

Public-key 认证机制比密码要安全, 因为密码不在网络上传输. 而且可以是用加密的方式存储的,如果没有别人没有passphrase,拿到密钥也没有用.为此一定要设置passphrase

 

如果以上不步骤不能实现不输密码登陆,请检查:

/etc/ssh/sshd_config:

PubkeyAuthentication yes           If no, change it and restart sshd

可以用ssh –v来显示详细的登陆过程.

 

SSH-2 key文件格式:

SSH的两种主要实现方式: OpenSSH and SSH Secure Shell ("SSH2")

OpenSSH 的如下:

ssh-dss A9AAB3NzaC1iGMqHpSCEliaouBun8FF9t8p...

or:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA3DIqRox...

SSH Secure Shell的如下:

---- BEGIN SSH2 PUBLIC KEY ----

AAAAB3NzaC1kc3MAAACBAM4a2KKBE6zhPBgRx4q6Dbjxo5hXNKNWYIGkX/W/k5PqcCH0J6 ...

---- END SSH2 PUBLIC KEY ----

 

SSH Secure Shell的安装方式也不同,目录在~/.ssh2 要在, ~/.ssh2/authorization中用如下方式提及: Key public_key_filename. 私钥也需要在~/.ssh2/identification用如下方式引用:

IdKey private_key_filename

 

§6.5 (OpenSSH) 客户端登陆SSH2 server (OpenSSH Key)

Export your OpenSSH key to create an SSH2-format public key. If your OpenSSH private key is ~/.ssh/id_dsa:

 

$ cd ~/.ssh

$ ssh-keygen -e -f id_dsa > mykey-ssh2.pub

Copy the public key to the SSH2 server:

 

$ scp mykey-ssh2.pub remoteuser@remotehost:

Log into the SSH2 server and install the public key, then log out:

 

$ ssh -l remoteuser remotehost

Password: ********

 

remotehost$ mkdir -p ~/.ssh2                                      If it doesn't already exist

remotehost$ chmod 700 ~/.ssh2

remotehost$ mv mykey-ssh2.pub ~/.ssh2/

remotehost$ cd ~/.ssh2

remotehost$ echo "Key mykey-ssh2.pub" >> authorization      (Appending)

remotehost$ chmod 600 mykey-ssh2.pub authorization

remotehost$ logout

Now log in via public-key authentication:

 

$ ssh -l remoteuser remotehost

Enter passphrase for key '/home/smith/.ssh/id_dsa': *******

 

ssh-keygen能把OpenSSH格式的密钥转换成SSH2格式, -e即可.

 

§6.6 (OpenSSH) 客户端登陆SSH2 server (SSH2 Key)

使用已经存在的SSH2格式的密钥.

ssh-keygen能把SSH2格式的密钥转换成OpenSSH格式, -i即可. 但是只能针对没有加密的.

 

上面是转换key的方式,但是在有passphrase的情况下不能实现,以下方法给它先解密

 

Suppose your SSH2 private key is id_dsa_1024_a.

 

Make a copy of the SSH2 private key:

 

$ cd ~/.ssh2

$ cp -p id_dsa_1024_a newkey

Set its passphrase to the empty string, creating an unencrypted key:

 

$ ssh-keygen2 -e newkey

...

Do you want to edit passphrase (yes or no)? yes

New passphrase :

Again          :

Import the SSH2 private key to convert it into an OpenSSH private key, imported-ssh2-key:

 

$ mkdir -p ~/.ssh                        If it doesn't already exist

$ chmod 700 ~/.ssh

$ cd ~/.ssh

$ mv ~/.ssh2/newkey .

$ ssh-keygen -i -f newkey > imported-ssh2-key

$ rm newkey

$ chmod 600 imported-ssh2-key

Change the passphrase of the imported key:

 

$ ssh-keygen -p imported-ssh2-key

Use your new key:

 

$ ssh -l remoteuser -i ~/.ssh/imported-ssh2-key remotehost

To generate the OpenSSH public key from the OpenSSH private key imported-ssh2-key, run:

 

$ ssh-keygen -y -f imported-ssh2-key > imported-ssh2-key.pub

Enter passphrase: ********

 

§6.7 (SSH2) 客户端登陆OpenSSH server

Create an SSH2 private key on the client machine, if one doesn't already exist, and install it by appending a line to ~/.ssh2/identification:

 

$ mkdir -p ~/.ssh2                                       If it doesn't already exist

$ chmod 700 ~/.ssh2

$ cd ~/.ssh2

$ ssh-keygen2                                            Creates id_dsa_1024_a

$ echo "IdKey id_dsa_1024_a" >> identification     (Appending)

Copy its public key to the OpenSSH server machine:

 

$ scp2 id_dsa_1024_a.pub remoteuser@remotehost:.ssh/

Log into the OpenSSH server host and use OpenSSH's ssh-keygen to import the public key, creating an OpenSSH format key: [Recipe 6.6]

 

$ ssh2 -l remoteuser remotehost

Password: ********

 

remotehost$ cd ~/.ssh

remotehost$ ssh-keygen -i > imported-ssh2-key.pub

Enter file in which the key is (/home/smith/.ssh/id_rsa): id_dsa_1024_a.pub

Install the new public key by appending a line to ~/.ssh/authorized_keys:

 

remotehost$ cat imported-ssh2-key.pub >> authorized_keys   (Appending)

Log out and log back in using the new key:

 

remotehost$ exit

$ ssh2 -l remoteuser remotehost

  评论这张
 
阅读(1471)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017