您的位置:首页 > 其它

服务器间通过ssh使用密钥对实现无密码登录

2012-01-17 15:28 766 查看
脚本如下:

#该脚本为生成SSH密码对

rm -rf .ssh

mkdir .ssh

echo "创建证书,默认回车即可"

ssh-keygen -t rsa

chmod 600 ~/.ssh/id_rsa

chmod 600 ~/.ssh/id_rsa.pub

chmod 644 ~/.ssh/known_hosts

chmod 755 ~/.ssh

chmod g-x ~/.ssh/id_rsa ~/.ssh/id_rsa.pub

chmod o-x ~/.ssh/id_rsa ~/.ssh/id_rsa.pub

echo "创建远端服务器tt_ff@172.18.114.111的证书发布目录.输入密码"

ssh tt_ff@172.18.114.111 'mkdir .ssh'

echo "发布证书到服务器tt_ff@172.18.114.111.输入密码"

scp .ssh/id_rsa.pub
tt_ff@172.18.114.111:~/.ssh/authorized_keys_1

echo "增加证书到服务器公共证书文件中.输入密码"

ssh tt_ff@172.18.114.111 'cat ~/.ssh/authorized_keys_1>>~/.ssh/authorized_keys'

echo "发布证书成功"

参考:

发信人: hutu (难得糊涂·霜林孤雁), 信区: UNIX

标 题: 服务器间通过ssh使用密钥对实现无密码登录(转载)

发信站: 烟雨漓江BBS站 (Fri May 9 15:00:32 2008), 站内

From: yuhuohu@CU

关键词:ssh 密钥 无密码登录 信任关系

以下做法在solaris 10,redhat as 5.0上测试通过。

hosta和hostb都必须同步完成以下操作,以hosta为例

================================================================

1、创建密钥对

[root@hosta /]# who am i

root pts/1 2008-04-30 12:08 (172.16.10.220)

[root@hosta /]# cd ~/.ssh

[root@hosta .ssh]# ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/root/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_dsa.

Your public key has been saved in /root/.ssh/id_dsa.pub.

The key fingerprint is:

0a:13:25:19:a2:59:2c:b1:49:e6:62:90:57:07:e5:f7 root@hosta

passphrase(密钥保护) 保留为空,否则使用ssh时将要求输入passphrase(密钥保护)

2、发布公钥和获取公钥

[root@hosta .ssh]# scp id_dsa.pub hostb:/root/.ssh/hosta.key.pub

root@hostb's password:

id_dsa.pub 100% 600 0.6KB/s 00:00

[root@hosta .ssh]# scp hostb:/root/.ssh/id_dsa.pub /root/.ssh/hostb.key.pub

root@hostb's password:

id_dsa.pub 100% 600 0.6KB/s 00:00

3、对公钥授权

[root@hosta .ssh]# cat id_dsa.pub >>authorized_keys2

[root@hosta .ssh]# cat hostb.key.pub >>authorized_keys2

如果是ssh v1版本,比如solaris 9,就使用authorized_keys文件

4、使用密钥对登录

[root@hosta .ssh]# ssh hostb

Last login: Sun Apr 27 00:04:49 2008 from 172.16.10.220

已经不用输入密码lol

[root@hostb ~]# exit

logout

Connection to hostb closed.

5、查看日志

[root@hosta .ssh]# more /var/log/secure

Apr 27 10:26:47 hosta sshd[9309]: Accepted password for root from 172.16.10.220 port 239

5 ssh2

Apr 27 10:26:47 hosta sshd[9309]: pam_unix(sshd:session): session opened for user root b

y (uid=0)

Apr 27 10:41:51 hosta sshd[12195]: Accepted password for root from 172.16.10.220 port 24

08 ssh2

Apr 27 10:41:51 hosta sshd[12195]: pam_unix(sshd:session): session opened for user root

by (uid=0)

Apr 27 12:42:15 hosta sshd[3331]: pam_unix(sshd:session): session closed for user root

Apr 27 13:08:32 hosta sshd[26563]: Accepted password for root from 172.16.10.2 port 4324

7 ssh2

Apr 27 13:08:32 hosta sshd[26563]: pam_unix(sshd:session): session opened for user root

by (uid=0)

Apr 27 13:08:33 hosta sshd[26563]: pam_unix(sshd:session): session closed for user root

Apr 27 13:08:52 hosta sshd[26607]: Accepted password for root from 172.16.10.2 port 4324

8 ssh2

Apr 27 13:08:52 hosta sshd[26607]: pam_unix(sshd:session): session opened for user root

by (uid=0)

Apr 27 13:08:52 hosta sshd[26607]: pam_unix(sshd:session): session closed for user root

Apr 27 13:09:15 hosta sshd[26658]: Accepted password for root from 172.16.10.2 port 4324

9 ssh2

Apr 27 13:09:15 hosta sshd[26658]: pam_unix(sshd:session): session opened for user root

by (uid=0)

Apr 27 13:09:15 hosta sshd[26658]: pam_unix(sshd:session): session closed for user root

Apr 27 13:09:25 hosta sshd[26689]: Accepted password for root from 172.16.10.2 port 4325

0 ssh2

Apr 27 13:09:25 hosta sshd[26689]: pam_unix(sshd:session): session opened for user root

by (uid=0)

Apr 27 13:09:25 hosta sshd[26689]: pam_unix(sshd:session): session closed for user root

Apr 27 13:51:27 hosta sshd[29770]: Accepted password for root from 172.16.10.220 port 4248 ssh2

Apr 27 13:51:27 hosta sshd[29770]: pam_unix(sshd:session): session opened for user root by (uid=0)

Apr 27 13:53:54 hosta sshd[29770]: pam_unix(sshd:session): session closed for user root

Apr 27 15:13:48 hosta sshd[9309]: pam_unix(sshd:session): session closed for user root

Apr 27 15:22:20 hosta sshd[12195]: pam_unix(sshd:session): session closed for user root

Apr 27 23:37:48 hosta sshd[7798]: Accepted password for root from 172.16.10.220 port 4948 ssh2

Apr 27 23:37:48 hosta sshd[7798]: pam_unix(sshd:session): session opened for user root by (uid=0)

Apr 28 04:30:58 hosta sshd[7798]: pam_unix(sshd:session): session closed for user root

Apr 30 12:08:32 hosta sshd[15039]: Accepted password for root from 172.16.10.220 port 1637 ssh2

Apr 30 12:08:32 hosta sshd[15039]: pam_unix(sshd:session): session opened for user root by (uid=0)

Apr 30 12:11:05 hosta useradd[15282]: new group: name=mysql, GID=503

Apr 30 12:11:05 hosta useradd[15282]: new user: name=mysql, UID=503, GID=503, home=/home/mysql, shell=/bin/bash

Apr 30 12:22:18 hosta sshd[16164]: Accepted password for root from 172.16.10.2 port 47224 ssh2

Apr 30 12:22:18 hosta sshd[16164]: pam_unix(sshd:session): session opened for user root by (uid=0)

Apr 30 12:22:18 hosta sshd[16164]: pam_unix(sshd:session): session closed for user root

6、查看ssh的详细操作记录(ssh -v, scp -v or sftp -v ...)

[root@hosta .ssh]# scp -v /root/install.log hostb:/root

Executing: program /usr/bin/ssh host hostb, user (unspecified), command scp -v -t /root

OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to hostb [172.16.10.2] port 22.

debug1: Connection established.

debug1: permanently_set_uid: 0/0

debug1: identity file /root/.ssh/identity type -1

debug1: identity file /root/.ssh/id_rsa type -1

debug1: identity file /root/.ssh/id_dsa type 2

debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3

debug1: match: OpenSSH_4.3 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.3

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'hostb' is known and matches the RSA host key.

debug1: Found key in /root/.ssh/known_hosts:2

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,gssapi-with-mic,password

debug1: Next authentication method: gssapi-with-mic

debug1: Unspecified GSS failure. Minor code may provide more information

No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information

No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information

No credentials cache found

debug1: Next authentication method: publickey

debug1: Trying private key: /root/.ssh/identity

debug1: Trying private key: /root/.ssh/id_rsa

debug1: Offering public key: /root/.ssh/id_dsa

debug1: Server accepts key: pkalg ssh-dss blen 433

debug1: read PEM private key done: type DSA

debug1: Authentication succeeded (publickey).

debug1: channel 0: new [client-session]

debug1: Entering interactive session.

debug1: Sending environment.

debug1: Sending env LANG = zh_CN.GB18030

debug1: Sending command: scp -v -t /root

Sending file modes: C0644 35582 install.log

Sink: C0644 35582 install.log

install.log 100% 35KB 34.8KB/s 00:00

debug1: client_input_channel_req: channel 0 rtype exit-status reply 0

debug1: channel 0: free: client-session, nchannels 1

debug1: fd 0 clearing O_NONBLOCK

debug1: fd 1 clearing O_NONBLOCK

debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds

debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0

debug1: Exit status 0
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: