Shulou(Shulou.com)05/31 Report--

How to carry out sshkey key authentication in Linux SSH service, many novices are not very clear about this, in order to help you solve this problem, the following small series will explain in detail for everyone, there are people who need this to learn, I hope you can harvest.

SSH service features and simple configuration, in the actual production environment, often use sshkey key authentication to implement data distribution operations, but also batch operation of intranet servers, the implementation of secret-free authentication to push data distribution

The topology diagram of actual production structure is as follows

complete configuration process

Only one or two servers for the entire configuration environment

I. Actual environment view

distribution server

[root@Centos ~]# cat /etc/redhat-release

CentOS release 6.5 (Final)

[root@localhost ~]# uname -r

2.6.32-431.el6.x86_64

node server

[root@localhost ~]# cat /etc/redhat-release

CentOS release 6.5 (Final)

[root@localhost ~]# uname -r

2.6.32-431.el6.x86_64

Second, the server adds a system account

Distribution server configuration account and password

[root@Centos ~]# useradd fenfa

[root@Centos ~]# echo "123456"|passwd --stdin fenfa

Changing password for user fenfa.

passwd: all authentication tokens updated successfully.

Node server configuration account and password

[root@localhost ~]# useradd fenfa

[root@localhost ~]# echo "123456"|passwd --stdin fenfa

Changing password for user fenfa.

passwd: all authentication tokens updated successfully

III. Generating key pairs

Note that this action requires switching to the user created (Distributor action)

[root@Centos ~]# su - fenfa

[fenfa@Centos ~]$ whoami

fenfa

[fenfa@Centos ~]$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/fenfa/.ssh/id_dsa):

key stored in this file

Created directory '/home/fenfa/.ssh'. The system automatically creates this directory

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/fenfa/.ssh/id_dsa. private key

Your public key has been saved in /home/fenfa/.ssh/id_dsa.pub. public key

The key fingerprint is:

07:06:7a:22:ec:11:72:ae:06:36:de:1c:17:15:90:50 fenfa@Centos

The key's randomart image is:

+--[ DSA 1024]----+

|. o.oE=o. |

| = . o.. |

|.o=.o.. o |

|+o+ooo . . |

|.o.o S . |

|. . |

| |

| |

| |

+-----------------+

[fenfa@Centos ~]$ cd /home/fenfa/.ssh

[fenfa@Centos ~]$ ls -ld .ssh

drwx------. 2 fenfa fenfa 4096 Aug 27 17:09 .ssh permissions 700

[fenfa@Centos .ssh]$ ls -ll

total 8

-rw-------. 1 fenfa fenfa 672 Aug 27 16:47 id_dsa

-rw-r--r--. 1 fenfa fenfa 602 Aug 27 16:47 id_dsa.pub

Note here the permissions for two files: id_dsa 600 id_dsa.pub 644

[fenfa@Centos ~]$ cat /home/fenfa/.ssh/id_dsa

-----BEGIN DSA PRIVATE KEY-----

MIIBvAIBAAKBgQCtz936+YRJaeXBdaVxAtCXOy7IzpUbKSLLA+IC2bg6xLOGS8U+

5qvI73eQqr2yB0HIowEfVSX51zAZShj3SPe3dO89UjD2R+PHL9ORPx2MNLed9MVS

gVFOd12OmsAJ+CDsoFV8J1iF0rjbfZ1XDwCPtktWfG5xnOwjtKSHt9aNVQIVAJ4j

t8J7fuQq40QH6KQ3iEwrupVHAoGAXO3Gel3jQTjN4HJAoWW1zloHlZiD8IkJ6Uz+

LJl6uKFh3klhT+2G9ndOezQlpcMPh/8EOADPZwo+wFRCcKrXoe9ugl/YKb0ERZrn

7ZwEe/uvg1ciW9bCeigni24PMEtiPCd8vDpaSKCkdp7EEvAX/HjaVkUNdALqMl0j

s93UAlICgYEAhQEfTIzZitAyx72z7Bdwtc3FLiPgIGu2vX2mu0xRz4sMHbBOBRi2

a+LFvrwCSfizXO1HBB+giAH2GUFu4BRfxfwHcBRtGtynjMsNlfvU72JBvVVE8puv

BW4A3+5dSUW1skllBuFzkbLQOnhi7SFboSGIXqRSI3NAfutPJ/5Id8MCFQCNVrXo

HcHsd+7aKJql1oW10MHxBQ==

-----END DSA PRIVATE KEY-----

IV. Distribution key (public key)

Command format distributed

ssh-copy-id -i Keyname User @ Remote Host IP Address-------------

ssh-copy-id -i Key Name "-p port User @ Remote Host IP Address"--For ssh Non-default port

[fenfa@Centos ~]$ cd .ssh

[fenfa@Centos .ssh]$ ssh-copy-id -i id_dsa.pub fenfa@192.168.1.3

The authenticity of host '192.168.1.3 (192.168.1.3)' can't be established.

RSA key fingerprint is 86:41:46:5c:d9:e0:98:a5:15:ee:b4:01:a5:37:49:c4.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.3' (RSA) to the list of known hosts.

fenfa@192.168.1.3's password:

Now try logging into the machine, with "ssh 'fenfa@192.168.1.3'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Node server tests for successful distribution

[root@localhost ~]# tree /home/fenfa/.ssh/

/home/fenfa/.ssh/

+-- authorized_keys

0 directories, 1 file

Distribution successful

V. Dissemination of data

Manual distribution

[fenfa@Centos ~]$ scp -P22 -r -p /tmp/text/ fenfa@192.168.1.3:~

123.txt 100% 0 0.0KB/s 00:00

Node Server Test

[root@localhost fenfa]# tree /home/fenfa/

/home/fenfa/

+-- text

+-- 123.txt

1 directory, 1 file

Script distribution

Commands can be written into scripts for execution

[fenfa@Centos ~]$ vi fenfa.sh

scp -P22 -r -p /tmp/text/ fenfa@192.168.1.3:/tmp/fenfadir/

[fenfa@Centos ~]$ ./ fenfa.sh

123.txt 100% 0 0.0KB/s 00:00

[fenfa@localhost fenfadir]$ pwd

/tmp/fenfadir

[fenfa@localhost fenfadir]$ tree

.

+-- text

+-- 123.txt

1 directory, 1 file

Distribution successful

If it is necessary to distribute some data to the node server every day in the production environment, you can put this script into a scheduled task, and the system will automatically execute it every day. However, it is best to execute it regularly when the service concurrency is not high, so as not to affect normal business access.

Did reading the above help you? If you still want to have further understanding of related knowledge or read more related articles, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.