1. 用ssh-keygen创建公钥,一直回车即可
root@kali:~# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists. Overwrite (y/n)?
2. ssh本机,提示输入密码。。。
root@kali:~/.ssh# /etc/init.d/ssh start [ ok ] Starting OpenBSD Secure Shell server: sshd. root@kali:~/.ssh# ssh localhost root@localhost's password:
3. 将公钥拷为authorized_keys, 再实验ssh localhost,即可免密码登录
root@kali:~/.ssh# cp id_rsa.pub authorized_keys root@kali:~/.ssh# ls authorized_keys id_rsa id_rsa.pub known_hosts root@kali:~/.ssh# ssh localhost Linux kali 3.7-trunk-686-pae #1 SMP Debian 3.7.2-0+kali8 i686 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Dec 19 22:41:22 2013 from localhost
4. 将公钥拷至被管理机上,再试试。喔??报错啦!
root@kali:~# ssh 192.168.0.102 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is 73:4e:4f:2b:b4:51:95:7c:d2:41:34:be:24:8d:bb:5f. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending RSA key in /root/.ssh/known_hosts:2 RSA host key for 192.168.0.102 has changed and you have requested strict checking. Host key verification failed.
这种情况是因为要ssh的机器上的ssh重新安装或者系统重装了,导致RSA host key 失效,解决方法:cd ~/.ssh 然后 rm -f known_hosts 即可重新登录
root@kali:~/.ssh# scp id_rsa.pub root@192.168.0.102:~/.ssh/authorized_keys id_rsa.pub 100% 391 0.4KB/s 00:00
root@kali:~# more /etc/hosts 127.0.0.1 localhost 192.168.0.101 node1 192.168.0.102 node2 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters root@kali:~# ssh node2 The authenticity of host 'node2 (192.168.0.102)' can't be established. RSA key fingerprint is 73:4e:4f:2b:b4:51:95:7c:d2:41:34:be:24:8d:bb:5f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node2' (RSA) to the list of known hosts. Linux bt 3.2.6 #1 SMP Fri Feb 17 10:40:05 EST 2012 i686 GNU/Linux System information as of Mon Mar 3 21:39:15 CST 2014 System load: 0.0 Processes: 77 Usage of /: 41.9% of 27.15GB Users logged in: 1 Memory usage: 1% IP address for eth1: 192.168.0.102 Swap usage: 0% Graph this data and manage this system at https://landscape.canonical.com/ Last login: Mon Mar 3 21:25:09 2014 root@bt:~# 这里已经登入了。。。
在此,已经完成了管理节点到被管理节点的免密码登录。
5. 将两机的authorized_keys文件合并。拷贝至两台机器上, 即可实现双机互相面密码登录
root@bt:~/.ssh# cat id_rsa.pub >>authorized_keys
root@kali:~/.ssh# scp root@node2:~/.ssh/authorized_keys . authorized_keys 100% 780 0.8KB/s 00:00
root@bt:~/.ssh# ssh node1 The authenticity of host 'node1 (192.168.0.101)' can't be established. RSA key fingerprint is 66:61:d5:b1:ae:85:0f:1d:3d:3d:40:13:9f:6f:e1:7c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'node1,192.168.0.101' (RSA) to the list of known hosts. Linux kali 3.7-trunk-686-pae #1 SMP Debian 3.7.2-0+kali8 i686 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Mar 3 21:19:04 2014 from localhost root@kali:~# 这里实现了node2 登录node1