客户端与服务器双向密钥对验证

一、

客户端  >>>   服务器

HOST1配置：

root下编辑/etc/ssh/sshd_config 

RSAAuthentication  yes           //启用RSA算法

PubkeyAuthentication   yes　　//启用秘钥对验证

[[email protected] ~]# useradd hadoop         //建立hadoop用户

[[email protected] ~]# passwd hadoop    　//为用户设置密码

更改用户 hadoop 的密码 。　　　　　　

新的 密码：

无效的密码： 密码少于 8 个字符

重新输入新的 密码：

passwd：所有的身份验证令牌已经成功更新。

[[email protected] ~]# su - hadoop     //切换用户到hadoop

上一次登录：五 8月 16 03:44:00 CST 2019pts/0 上

[[email protected] ~]$ pwd

/home/hadoop

[[email protected] ~]$ ssh-keygen -t rsa      　//生成密钥对，加密格式为rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):       //密钥路径

Created directory ‘/home/hadoop/.ssh‘.

Enter passphrase (empty for no passphrase):       //公钥密码，回车即设置空密码（回车）

Enter same passphrase again:         //二次输入公钥密码（回车）

Your identification has been saved in /home/hadoop/.ssh/id_rsa.

Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.

The key fingerprint is:

77:05:b5:65:b7:b6:81:79:79:6d:2d:13:e2:73:65:4e [email protected]

The key‘s randomart image is:

+--[ RSA 2048]----+

|            o.o E|

|           . ooX*|

|            oo***|

|             +o++|

|        S . .  . |

|         . .     |

|                 |

|                 |

|                 |

+-----------------+

[[email protected] ~]$ ssh-copy-id -i .ssh/id_rsa.pub [email protected]  　　//将公钥传给位于host2下的hatoop

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

[email protected]‘s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘[email protected]‘"

and check to make sure that only the key(s) you wanted were added.

[[email protected] ~]$ ssh [email protected]　　　//无需验证密码即可登录

Last login: Thu Aug 15 20:10:32 2019 from 192.168.153.128

[[email protected] ~]$

 二、

服务器 >>> 客户端

root下编辑/etc/ssh/sshd_config 

RSAAuthentication  yes             //启用RSA算法

PubkeyAuthentication   yes　　//启用秘钥对验证

[[email protected] ~]$ mkdir .ssh

[[email protected] ~]$ chmod 700 .ssh/

[[email protected] ~]$ ls -ld .ssh/

drwx------. 2 hadoop hadoop 6 8月  15 20:02 .ssh/

[[email protected] ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):　//密钥路径

Enter passphrase (empty for no passphrase):            //输入公钥密码，回车即空密码（回车）

Enter same passphrase again:　         　//再次输入（回车）

Your identification has been saved in /home/hadoop/.ssh/id_rsa.

Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.

The key fingerprint is:

f3:37:cc:fa:98:d6:ed:79:db:b6:68:13:cf:21:5f:66 [email protected]

The key‘s randomart image is:

+--[ RSA 2048]----+

|                 |

|                 |

|                 |

|                 |

|        S        |

|         o o o .E|

|          ..=.*oo|

|          .=.+o=+|

|         .+.oo+=+|

+-----------------+

[[email protected] ~]$ ssh-copy-id -i .ssh/id_rsa.pub [email protected]　　//将公钥文件传给HOST1

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

[email protected]‘s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh ‘[email protected]‘"

and check to make sure that only the key(s) you wanted were added.

[[email protected] ~]$ ssh [email protected]              //直接登录，无需验证密码

Last login: Fri Aug 16 04:12:03 2019 from 192.168.153.10

[[email protected] ~]$

原文地址：https://www.cnblogs.com/tanxiaojuncom/p/11366057.html