Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Configuration method of Mutual Trust ssh in Linux system

2025-01-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

1. Introduction of ssh mutual trust ssh mutual trust is a pre-set authenticated key file between two machines (terminal-1 and terminal-2). When both parties visit each other, they authenticate automatically without having to enter the password again, so as to achieve mutual trust. Realization principle: 1. Generate authenticated key files on the machines (terminal-1 and terminal-2) on which you want to configure mutual trust. two。 Summarize all the key files into a total certification folder. 3. Send the packaged key to the machines that want to trust each other (terminal-1 and terminal-2) 4. Mutual trust verification

Second, experiment 1. Two machine checks (sam 172.16.211.129 suzzy 172.16.211.130) terminal-1:

[root@sam ~] # hostname

Sam

Terminal-2:

[root@suzzy ~] # hostname

Suzzy

2. From sam machine to suzzy machine (you need to enter the correct password to log in) the password is correct:

[root@sam ~] # ssh suzzy

The authenticity of host 'suzzy (172.16.211.130)' can't be established.

RSA key fingerprint is e0:4b:15:f3:fe:6c:2d:11:f7:ad:7e:a6:d6:65:0e:0d.

Are you sure you want to continue connecting (yes/no)? Yes

Warning: Permanently added 'suzzy,172.16.211.130' (RSA) to the list of known hosts.

Root@suzzy's password:

Last login: Fri Oct 30 15:27:15 2015 from 172.16.211.1

[root@suzzy ~] #

Wrong password:

[root@sam ~] # ssh suzzy

Root@suzzy's password:

Permission denied, please try again.

Root@suzzy's password:

Permission denied, please try again.

Root@suzzy

3. Create the directory used by the trust and modify the permissions (if not). If you have logged in to the other party's machine using ssh, the directory will be created automatically, even if the login is unsuccessful.

[root@sam ~] # rm-rf .ssh

[root@sam ~] # mkdir .ssh

[root@sam ~] # chmod 755.ssh

[root@sam ~] # ls-la

Total 376

Dr-xr-x---. 31 root root 4096 Oct 30 16:05.

Dr-xr-xr-x. 28 root root 4096 Aug 31 15:28..

Drwxr-xr-x. 2 root root 4096 Nov 27 2014 .abrt

... ...

Drwxr-xr-x 2 root root 4096 Oct 30 16:05 .ssh

4. Create a key (default enter) sam machine:

[root@sam] # / usr/bin/ssh-keygen-t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/ root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in / root/.ssh/id_rsa.

Your public key has been saved in / root/.ssh/id_rsa.pub.

The key fingerprint is:

70:d2:c8:c6:01:6d:1c:2b:2e:8c:89:c0:ae:fc:14:2d root@sam

The key's randomart image is:

+-[RSA 2048]-+

|. + o. |

|. Oft = |

|. .. O o |

| | + +.. o + |

| + .oE.. S |

| | O.o |

|. . | |

| | o |

|. | |

+-+

[root@sam .ssh] # ll

Total 8

-rw- 1 root root 1675 Oct 30 17:42 id_rsa

-rw-r--r-- 1 root root 390 Oct 30 17:42 id_rsa.pub

[root@sam .ssh] # / usr/bin/ssh-keygen-t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/ root/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in / root/.ssh/id_dsa.

Your public key has been saved in / root/.ssh/id_dsa.pub.

The key fingerprint is:

9e:12:19:4e:6a:d5:46:64:47:3d:f9:2a:11:e0:49:ad root@sam

The key's randomart image is:

+-[DSA 1024]-+

|. * + o. | |

| | * oo + |

| + =. . O |

| = + E. . | |

| o + S. . | |

|. O.. . | |

|. O. | |

|. | |

| | |

+-+

[root@sam .ssh] # ll

Total 16

-rw- 1 root root 672 Oct 30 17:49 id_dsa

-rw-r--r-- 1 root root 598 Oct 30 17:49 id_dsa.pub

-rw- 1 root root 1675 Oct 30 17:42 id_rsa

-rw-r

Note: suzzy machine is the same as above

[root@suzzy] # ssh-keygen-t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/ root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in / root/.ssh/id_rsa.

Your public key has been saved in / root/.ssh/id_rsa.pub.

The key fingerprint is:

D9:d1:27:75:5b:85:a2:af:77:75:83:74:d1:2a:02:35 root@suzzy

The key's randomart image is:

+-[RSA 2048]-+

| | .E. * |

|. O.o+ |

|. O. O. |

| | oo..+.. | | |

| | S.O.O. |

|. .o |

|. .o |

|. . . | |

|. . | |

+-+

[root@suzzy] # ssh-keygen-t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/ root/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in / root/.ssh/id_dsa.

Your public key has been saved in / root/.ssh/id_dsa.pub.

The key fingerprint is:

C4:94:b1:87:9a:34:1d:35:cb:51:03:12:f1:86:b7:fe root@suzzy

The key's randomart image is:

+-[DSA 1024]-+

| | B*=oo |

| + .O +. | |

| | o B B |

|. = +. | |

| o S. | |

|. | |

|. | |

|. | |

| | E |

+

5. Copy the contents of the public key files id_rsa.pub and id_dsa.pub on each host into the ~ / .ssh/authorized_keys file. And put this file in all the machines. Note that when you use ssh to access the remote host for the first time, its RSA key is unknown, so prompt for confirmation. After confirmation, SSH will record the RSA key of the remote host, and you will not need a password to connect to the host later.

[root@sam .ssh] # cat ~ / .ssh/id_rsa.pub > > ~ / .ssh/authorized_keys

[root@sam .ssh] # cat ~ / .ssh/id_dsa.pub > > ~ / .ssh/authorized_keys

[root@sam .ssh] # ssh root@suzzy cat ~ / .ssh/id_rsa.pub > > ~ / .ssh/authorized_keys

The authenticity of host 'suzzy (172.16.211.130)' can't be established.

RSA key fingerprint is e0:4b:15:f3:fe:6c:2d:11:f7:ad:7e:a6:d6:65:0e:0d.

Are you sure you want to continue connecting (yes/no)? Yes

Warning: Permanently added 'suzzy,172.16.211.130' (RSA) to the list of known hosts.

Root@suzzy's password:

[root@sam .ssh] # ssh root@suzzy cat ~ / .ssh/id_dsa.pub > > ~ / .ssh/authorized_keys

Root@suzzy

6. Check the total key file

[root@sam .ssh] # ls-l authorized_keys

-rw-r--r-- 1 root root 1980 Oct 30 18:19 authorized_keys

[root@sam .ssh] # cat authorized_keys

Ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzxsnq3tyb50Z+uRGp0tFpMOSTqZpvOvcyrB0S2vbL0YdUl4oJg2xnwo6duteS5EHzoVKzRjSdfrDM5owKRVsWJnufAA/o6z0kiiYje6Cvfd5hlw/jgJtU1TVuzZsj+bwnCzWuSKfkkM/uhBvWk9UQe0GuTClUn4bxuXuFNGwWuDi020pwwNLdUbEtH93rhWFGskUrj9s2RLd3eDquT18TQzNGwwG0PrbedxyT57aVdbqKyLnxMDx/eOHKW4dWZQMIaUe/n73rjuGG43F6oRFk3R52bMSdOqYqljUSI5FmtBAAO1AyTALldg09rdg6PqTlYyQvLt1T9JVok6BLm9nHQ== root@sam

Ssh-dss AAAAB3NzaC1kc3MAAACBAPR47OE9s4nnzVEpoH6/rPgJexROcNSwMPJeF9QSXpuIcbUNmLocrab8xQ33rfFkjUOAaf5PG9AJa3T0FReobaEA8uRui4NjJJ74/Bjs+Rm6Lg9FAeboIwBAuEyIG4VcoFXCf7bpplg6+hiRd4oNkuDA+GJdVMyBqWvborAIhuPJAAAAFQCnj9Ft5BQs5tzP6uoV0pBvx7lEAQAAAIEA15+u2GTGGiEMeeCCOwu4kQNjKUGHrZsMBepbOmaBImBeYJP3Q76dpSxjJpPjQ/bk61oVHnKjceuXwpmiND08BvjrGAtw15q2wodKdr0EnRjFQ/8MIWsfSgkBx1ngWDvAD+YqZI1V9imnUUEU+Xlq84PDxDKn45tZ2sauSkYWrhwAAACBAK3I2fkbaLwd/3gWcXkMoA7jm2euYB48DXm2NMYe0WddI/lN+LocRKEf9ZEwts48tw7G/lwcD+eP6jWPYNnSBr8xavjt3ZtVlGnuUlU4yuzUFvtBC8AnG7nyihEFM7lM+V2N0Tx/83K6gRXFGDoOpT4/xfEFxlVFsLdfuuodHhh4 root@sam

Ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1H5kArvHN1jagQEUIwTHBEQXI0CHNgMJMZrnIlgNY2ssSFKfJdCdA8bfBtoIesfBSLfyQHFFqwh6CZqfXTlhL6JLlVL0anUnpEHX9v5B1vrNIfsQTXhfjXpyJOJNd1pWFweOQLq/fSvuoWvxQQESBloN8rUFs+eXvxMYi4y5rfQ+9MkJ6y+6HA1JB2KlHadzoA0vbZ4JxS/gcifhAzCv0goEw6ulNwHxdgx4Sp3EG+i8QxlSjV3BJ16FknaMRV8eMy8+pRibY6dWB+FW7sV5rQoT9/2PaqgUf0rMvCPzDE4aNpPYPXiU53dX+691iarmQo1Km26YHu7gDPsGbxa+lw== root@suzzy

Ssh-dss AAAAB3NzaC1kc3MAAACBAI4e0Ul5sHev0cAc0uwTgIU9x7oNTQq0YYSdBySfJ1iqpeKM5B1nf4y8C6o+m8IOh6C6BH7Jx3oLyW0oBetlfGroU3WHVSC2D/lAY9CywvRqmLB96OFICJG7NMU48vfFTyYj7m4ARo/gFnhF6svY65tUkrZgf7vxX8F+PNH66YDdAAAAFQCVKW/d0cQ6HBwIZheTbZ+mwkDEYwAAAIAEG0tEw2CKvysYNglifESkHmNw8DqgFvZ0azXTkr8OVxfNKB/h9lzV7U+IyIMMcsSfZaukGVntTtg0RVFPTMq/5rhUrupUWfRNgm0vgTGS2v5JPc5xYdoqZXQS8EIFvndkDyqGU233aievALTITY6bCyt4Nks95obUrSDl4T5ZnAAAAIAv5IVdJ8l2XKNdWMCSJXPhzepDtuzXbx5hKMRoNtoi+Qz8s/uAn3wEJC4qB7zjTnZQcfOdoV0R0JegvI46GO1D3sQhtUy76I2DlwXr0HjrOd/+UXQzfXf3rY3/B4rCTuGjwbbuAZeJVS+joV+MkeaiFrXoXisXjFDOoUiAIX1amw== root@suzzy

7. Transfer the total key file to the corresponding directory of another machine

[root@sam .ssh] # scp authorized_keys root@suzzy:~/.ssh/

Root@suzzy

8. Test the connection (YES is still required for the first time, but not for the second time)

[root@sam ~] # ssh suzzy

Last login: Fri Oct 30 18:25:38 2015 from sam

[root@suzzy ~] # ssh sam

Last login: Fri Oct 30 18:26:34 2015 from suzzy

[root@sam ~] #

9. Change the authorized_keys file permissions to 600 for security, and each one needs to be changed.

[root@sam ~] # cd .ssh

[root@sam .ssh] # ls-l authorized_keys

-rw-r--r-- 1 root root 1980 Oct 30 18:19 authorized_keys

[root@sam .ssh] # chmod 600 authorized_keys

[root@sam .ssh] # ls-l authorized_keys

-rw

3. To sum up, this mutual trust operation needs to be done manually before Oracle 10g configures RAC (real application cluster). Starting from 11G installation, it can be configured by buttons in the graphical interface, which is quite easy, but we should still master this skill. When you need secret-free login, you still need to configure it manually. You can't lose your housekeeping skills.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 201

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report