linux配置无秘钥登陆
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
最近有点心烦,很少写博客了,后期的3个月里,估计更新的频率也不会太高,请见谅,今天给大家共享一下linux不用秘钥就可以访问服务器的一种方法,这样工作起来比较方便,如果感兴趣的小伙伴们可以看一下,具体配置内容如下:
首先,我要明确一下我的系统环境,都是2台centos6.6的操作系统,内核都是2.6的.
第一台机器:
#1>.创建秘钥对
[[email protected] .ssh]# ifconfig em1 | grep "inet addr" | awk ‘{print $2}‘ | awk -F ":" ‘{print $2}‘
192.168.2.45
[[email protected] .ssh]#
[[email protected] .ssh]# ssh-keygen -t dsa
[[email protected] .ssh]# ll
总用量 8
-rw-------. 1 root root 668 2月 27 11:14 id_dsa
-rw-r--r--. 1 root root 606 2月 27 11:14 id_dsa.pub
[[email protected] .ssh]#
passphrase(密钥保护) 保留为空,否则使用ssh时将要求输入passphrase(密钥保护)
2>.共享秘钥对
[[email protected] .ssh]# scp id_dsa.pub 172.30.1.60:/root/.ssh/zabbix.key.pub
3>.授权
[[email protected] .ssh]# cat id_dsa.pub > authorized_keys
[[email protected] .ssh]# cat yinzhengjie.key.pub >> authorized_keys
4.测试登陆(在执行此操作之前。要确定另外的一台服务器已经完成了以上的三个操作)
[[email protected] ~]# ssh 172.30.1.60
reverse mapping checking getaddrinfo for bogon [172.30.1.60] failed - POSSIBLE BREAK-IN ATTEMPT!
Last login: Mon Feb 27 03:43:22 2017 from 192.168.2.45
-bash: “#Add: command not found
-bash: “#Add: command not found
[[email protected] ~]# ifconfig eth0 | grep "inet addr"| awk -F ":" ‘{print $2}‘ | awk ‘{print $1}‘
172.30.1.60
[[email protected] ~]#
5.查看日志情况
[[email protected] ~]# more /var/log/secure
Feb 27 11:39:01 bogon sshd[18831]: Received disconnect from 172.30.1.60: 11: disconnected by user
Feb 27 11:39:01 bogon sshd[18831]: pam_unix(sshd:session): session closed for user root
Feb 27 11:39:02 bogon sshd[18897]: reverse mapping checking getaddrinfo for bogon [172.30.1.60] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 27 11:39:02 bogon sshd[18897]: Accepted publickey for root from 172.30.1.60 port 37244 ssh2
Feb 27 11:39:02 bogon sshd[18897]: pam_unix(sshd:session): session opened for user root by (uid=0)
Feb 27 11:39:35 bogon sshd[18897]: Received disconnect from 172.30.1.60: 11: disconnected by user
Feb 27 11:39:35 bogon sshd[18897]: pam_unix(sshd:session): session closed for user root
[[email protected] ~]#
第二台机器:
#1>.创建秘钥对
[[email protected] .ssh]# ifconfig eth0 | grep "inet addr"| awk -F ":" ‘{print $2}‘ | awk ‘{print $1}‘
172.30.1.60
[[email protected] .ssh]# ssh-keygen -t dsa
2>.共享秘钥对
[[email protected] .ssh]# scp id_dsa.pub 192.168.2.45:/root/.ssh/yinzhengjie.key.pub
3>.授权
[[email protected] .ssh]# cat id_dsa.pub > authorized_keys
[[email protected] .ssh]# cat yinzhengjie.key.pub >> authorized_keys
4.测试登陆(在执行此操作之前。要确定另外的一台服务器已经完成了以上的三个操作)
[[email protected] .ssh]# ssh 192.168.2.45
reverse mapping checking getaddrinfo for bogon [192.168.2.45] failed - POSSIBLE BREAK-IN ATTEMPT!
Last login: Mon Feb 27 11:33:39 2017 from 192.168.2.45
[[email protected] ~]# exit
logout
Connection to 192.168.2.45 closed.
[[email protected] .ssh]# ifconfig eth0 | grep "inet addr"| awk -F ":" ‘{print $2}‘ | awk ‘{print $1}‘
172.30.1.60
[[email protected] .ssh]#