zoukankan      html  css  js  c++  java
  • 免登陆 安全密钥验证

    加密是对信息进行编码和解码的技术,它通过一定的算法(密钥)将原本能被直接阅读的明文信息转换成密文形式。

    密钥即是密文的钥匙,有私钥和公钥之分。

    在传输数据时,如果担心被他人监听或截获,就可以在传输前先使用公钥对数据加密处理,然后再进行传送。这样,只有掌握私钥的用户才能解密这段数据,除此之外的其他人即便截获了数据,一般也很难将其破译为明文信息。

    1、在需要免登陆的节点生成“密钥对”。(192.168.10.20)

    [root@Client ~]# ssh-keygen    //默认算法是rsa,也可使用-t指定算法
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 回车  //按回车键或设置密钥的存储路径
    Enter passphrase (empty for no passphrase): 回车  //直接按回车键或设置密钥的密码
    Enter same passphrase again: 回车  //再次按回车键或设置密钥的密码
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.   //此时将自动生成.ssh目录和id_rsa id_rsa.pub两个文件
    The key fingerprint is:
    SHA256:kHa7B8V0nk63evABRrfZhxUpLM5Hx0I6gb7isNG9Hkg root@linuxprobe.com
    The key's randomart image is:
    +---[RSA 2048]----+
    |          o.=.o.+|
    |       . + =oB X |
    |      + o =oO O o|
    |     . o + *.+ ..|
    |      .ES . + o  |
    |     o.o.=   + . |
    |      =.o.o . o  |
    |     . . o.  .   |
    |        ..       |
    +----[SHA256]-----+

    [root@Client.ssh]# ll /root/.ssh/
    total 12
    -rw-------. 1 root root 1831 Dec 1 19:12 id_rsa

    -rw-r--r--. 1 root root 401 Dec 1 19:12 id_rsa.pub //本机公钥
    -rw-r--r--. 1 root root  175 Dec  1 19:16 known_hosts

    2、将生成的公钥文件(id_ras.pub)传送到需要免登陆的目标主机。

    [root@Client ~]# ssh-copy-id 192.168.10.10  //此命令会自动在目标主机(192.168.10.10)创建/root/.ssh/authorized_keys文件且将id_rsa.pub写入其中,如果目标主机已经存在authorized_keys文件,会将id_rsa.pub追加到文件中。
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    root@192.168.10.10's password: 此处输入服务器管理员密码
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.10.10'"
    and check to make sure that only the key(s) you wanted were added.
    ---------------也可使用scp传输--------------
    [root@Client ~]#scp /root/.ssh/id_rsa.pub root@192.168.10.10:/root/.ssh/ //将本地文件推送到目标主机
    [root@Server ~]#cat /root/.ssh/id_rsa.pub  >> /root/.ssh/authorized_keys  //在目标主机上将公钥文件写入authorized_keys
    ---------------也可使用scp传输--------------

    [root@server ~ ]# ls -l /root/.ssh/    //此时目标主机authorized_keys文件中已经存储了id_rsa.pub

    total 8
    -rw-------. 1 root root 802 Dec 3 18:48 authorized_keys
    -rw-r--r--. 1 root root 525 Dec 3 18:53 known_hosts

    此时192.168.10.20即可免密登录到192.168.10.10(其基本原理是.10主机authorized_keys文件中存储了.20的id_rsa.pub,.20机器才能免密登录到.10)

    注:如果多台机器之间都需要免密登录的话,就需要在authorized_keys文件中相互存储id_rsa.pub。





  • 相关阅读:
    如何使用plsql导出oracle中的建表语句文件
    启动Tomcat 7.0 报 Server Tomcat v7.0 was unable to start within 45 seconds. If the server requires more time, try increasing the timeout in the server editor.
    Spring + springMvc + MyBatis 整合步骤(收藏)
    同台电脑部署多组Tomcat负载均衡(或集群)
    Apache+Tomcat部署负载均衡(或集群)
    WebLogic部署集群和代理服务器
    iOS视频直播初窥:高仿<喵播APP>
    iOS高仿:花田小憩3.0.1
    Preprocessor Macros
    App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. 解决方案
  • 原文地址:https://www.cnblogs.com/wushuai2018/p/15637311.html
Copyright © 2011-2022 走看看