zoukankan      html  css  js  c++  java
  • UNIX SSH证书认证来取代普通的密码认证

    [oracle@june2 ~]$ ssh 10.10.17.3
    The authenticity of host '10.10.17.3 (10.10.17.3)' can't be established.
    RSA key fingerprint is 1f:6c:5f:a9:fb:cc:0e:a7:e8:68:a3:d7:96:af:3b:e7.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '10.10.17.3' (RSA) to the list of known hosts.
    oracle@10.10.17.3's password: 
    
    
    需要密码:
    登陆10.10.17.2执行
    [oracle@june2 ~]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/oracle/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /oracle/.ssh/id_rsa.
    Your public key has been saved in /oracle/.ssh/id_rsa.pub.
    The key fingerprint is:
    c3:73:91:bb:9e:2a:eb:6a:45:42:f0:ff:68:2c:9c:87 oracle@june
    
    
    登陆10.10.17.3执行
    
    [oracle@june3 ~]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/oracle/.ssh/id_rsa): 
    Created directory '/oracle/.ssh'.
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /oracle/.ssh/id_rsa.
    Your public key has been saved in /oracle/.ssh/id_rsa.pub.
    The key fingerprint is:
    00:2a:31:69:93:52:0a:97:1c:d9:7f:46:40:30:66:7b oracle@june
    
    [oracle@june2 .ssh]$ scp ~/.ssh/id_rsa.pub oracle@10.10.17.3:/oracle/
    oracle@10.10.17.3's password: 
    id_rsa.pub                                                         100%  393     0.4KB/s   00:00   
    
    登陆10.10.17.3执行
    [oracle@june3 ~]$ cat ~/id_rsa.pub >>.ssh/authorized_keys 
    
    [oracle@june2 ~]$ ssh 10.10.17.3
    Last login: Sun Jul  6 09:14:54 2014 from 10.10.17.1
    [oracle@june3 ~]$ 
    
    那么june3 ssh june2呢?
    [oracle@june3 ~]$ ssh 10.10.17.2
    The authenticity of host '10.10.17.2 (10.10.17.2)' can't be established.
    RSA key fingerprint is 1f:6c:5f:a9:fb:cc:0e:a7:e8:68:a3:d7:96:af:3b:e7.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '10.10.17.2' (RSA) to the list of known hosts.
    oracle@10.10.17.2's password: 
    
    这是不可以的
    
    注意事项:
    1.如果[oracle@june3 ~]$ ls -ltr .ssh/authorized_keys 
    -rwxrwxrwx 1 oracle dba 393 07-06 09:12 .ssh/authorized_keys
    权限不对  则报错
    chmod 644 ~/.ssh/authorized_keys
    
    2.用户家目录权限问题:
    不能为775
    
    
    3.修改密码对ssh 等效性无影响
    


    
                                        
    
  • 相关阅读:
    python数据1-5
    python密码1-2
    css Loading 教程
    定制化jQuery
    PHP 将MySQL数据导出csv
    windows MySQL 5.7 导出表方法记录
    前端UI
    我的框架说明文档 2016-04-06
    微信公众号内支付(三)
    微信公众号内支付(二)
  • 原文地址:https://www.cnblogs.com/hzcya1995/p/13352258.html
Copyright © 2011-2022 走看看