ITPub博客

首页 > Linux操作系统 > Linux操作系统 > Linux 配置双机SSH 信任

Linux 配置双机SSH 信任

原创 Linux操作系统 作者:mibvg 时间:2013-07-31 16:31:53 0 删除 编辑
Linux 配置双机SSH 信任
2013年7月31日,星期三

一、实现原理

使用一种被称为"公私钥"认证的方式来进行ssh登录。"公私钥"认证方式简单的解释是:
首先在客户端上创建一对公私钥(公钥文件:~/.ssh/id_rsa.pub;私钥文件:~/.ssh/id_rsa),然后把公钥放到服务器上(~/.ssh/authorized_keys),自己保留好私钥。当ssh登录时,ssh程序会发送私钥去和服务器上的公钥做匹配。如果匹配成功就可以登录了。

二、实验环境

A机:vrh1/192.168.1.102
B机:vrh2/192.168.1.103

三、Linux/Unix双机建立信任

在vrh1 用户下执行ssh-keygen命令,在需要输入的地方,直接回车,生成建立安全信任关系的证书。

3.1 vrh1上执行生成证书

[root@vrh1 /]# su - oracle
[oracle@vrh1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Created directory '/home/oracle/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
87:0f:5e:55:8e:7a:b6:47:e7:34:ad:27:b4:63:a9:da oracle@vrh1.oracle.com
[oracle@vrh1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
0d:ec:9d:41:00:5d:cc:e7:c2:8a:e8:6c:30:00:90:66 oracle@vrh1.oracle.com

3.2 vrh2上执行

[root@vrh2 /]# su - oracle
[oracle@vrh2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Created directory '/home/oracle/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
83:a3:22:6a:aa:cf:90:74:11:7e:48:58:86:06:7b:aa oracle@vrh2.oracle.com
[oracle@vrh2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
29:3b:dc:1b:49:bb:0e:90:29:a7:d6:6b:26:99:de:b7 oracle@vrh2.oracle.com

3.3 创建一个授权文件保存两台主机的授权信息

[oracle@vrh1 .ssh]$ touch authorized_keys
[oracle@vrh1 .ssh]$ cat id_dsa.pub  >> authorized_keys                #将本机vrh1上的dsa保存到授权文件中
[oracle@vrh1 .ssh]$ cat id_rsa.pub  >> authorized_keys                #将本机vrh1上的rsa保存到授权文件中
[oracle@vrh1 .ssh]$ ssh vrh2 cat ~/.ssh/id_dsa.pub >> authorized_keys #将vrh2上的dsa保存到授权文件中
The authenticity of host 'vrh2 (192.168.1.103)' can't be established. #将vrh2上的rsa保存到授权文件中
RSA key fingerprint is 92:e1:fc:a6:f8:15:37:27:7b:50:41:fa:be:4d:19:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '
vrh2,192.168.1.103' (RSA) to the list of known hosts.
oracle@vrh2'
s password:
[oracle@vrh1 .ssh]$ ssh vrh2 cat ~/.ssh/id_rsa.pub >> authorized_keys #将授权文件拷贝到vrh2主机上
oracle@vrh2's password:
[oracle@vrh1 .ssh]$ scp authorized_keys vrh2:~/.ssh
oracle@vrh2'
s password:
authorized_keys                                 100% 2032     2.0KB/s   00:00

3.4检查vrh1上主机的时间同步情况

[oracle@vrh1 .ssh]$ date;ssh vrh2 date
Mon Jul 29 20:53:44 CST 2013
Mon Jul 29 20:53:44 CST 2013
[oracle@vrh1 .ssh]$ date;ssh vrh2-priv date
Mon Jul 29 20:54:15 CST 2013
Mon Jul 29 20:54:15 CST 2013
[oracle@vrh1 .ssh]$ date;ssh vrh1 date
Mon Jul 29 20:55:36 CST 2013
Mon Jul 29 20:55:36 CST 2013
[oracle@vrh1 .ssh]$ date;ssh vrh1-priv date
Mon Jul 29 20:55:45 CST 2013
Mon Jul 29 20:55:45 CST 2013

5.5检查vrh2上主机的时间同步情况

[oracle@vrh2 ~]$ date;ssh vrh1 date
Mon Jul 29 20:56:50 CST 2013
Mon Jul 29 20:56:50 CST 2013
[oracle@vrh2 ~]$ date;ssh vrh1-priv date
Mon Jul 29 20:56:59 CST 2013
Mon Jul 29 20:56:59 CST 2013
[oracle@vrh2 ~]$ date;ssh vrh2 date
Mon Jul 29 20:57:54 CST 2013
Mon Jul 29 20:57:54 CST 2013
[oracle@vrh2 ~]$ date;ssh vrh2-priv date
Mon Jul 29 20:57:45 CST 2013
Mon Jul 29 20:57:46 CST 2013

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/15693674/viewspace-767572/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2013-07-26

  • 博文量
    8
  • 访问量
    42977