1. linux生成秘钥的命令
ssh-keygen
2. 实现无秘钥共享登录的命令
ssh-copy-id 10.24.103.1
3. 设置完之后 就会出现known_hosts 列表 ssh 就可以直接登录了
root@ubuntu16:~/.ssh# ssh 10.24.34.1 Last login: Tue May 22 09:17:53 2018 from 10.72.143.153 [root@db-test01 ~]#
4. 证书文件的说明 openssl 可以生成 秘钥 生成证书 生成公钥等信息,主要说明:
1. der 是秘钥或者是证书的存放格式之一, der是二进制格式存放的. 2. cer、crt是证书的后缀名,其中cer 是微软平台的后缀,crt是linux平台的后缀 3. csr: certificates signing request 证书签名申请,一般是用来通过私钥来生成证书用的 包含comman name还有域名以及国家地址等信息。 4. pem: 一种存放格式,一般是base64存放,一般用来存放证书,或者是私钥,但是可能同时存放证书和私钥。如果是密钥 会议 begin private key 开头来进行显示。 5. key: 密钥的后缀名,一般只存放密钥 需要自己存放。 6. pub: 公钥的后缀名,一般存在与证书中,可以用来进行公钥加密,然后自己私钥解密进行处理。
5. 查看证书内容的命令
openssl x509 -in ca.crt -text
6. 自己的一个kubeadm的证书信息。。
Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=kubernetes Validity Not Before: May 19 06:00:14 2018 GMT Not After : May 16 06:00:14 2028 GMT Subject: CN=kubernetes Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:d6:f1:5e:8b:c0:6f:f2:68:e8:89:fc:8f:bd:61: d3:8a:90:06:cd:2d:70:ad:4e:ba:bb:fb:f5:73:a5: 15:0c:46:89:02:53:56:ae:3f:50:15:31:33:3c:68: 89:08:21:d2:38:ef:9a:2e:ce:75:cd:95:4c:d7:6e: 99:93:a7:ff:e7:0f:bb:65:9d:53:5c:c6:36:4a:0d: db:15:7f:85:2b:5c:cb:84:5a:6f:80:31:d3:ec:77: b0:a2:82:11:c5:e2:c9:57:9b:32:79:ef:ea:ce:4e: 7b:6f:6e:23:f8:40:f9:6d:55:b6:7c:c6:d6:b6:63: 8b:bc:91:8f:a9:d9:3d:fb:2e:5e:77:7b:94:f8:05: 54:54:e5:32:58:b5:d5:49:2d:c8:45:fc:90:b5:be: e8:92:f2:ca:73:98:16:0b:97:f2:98:ee:8f:01:f9: 95:e6:24:e0:69:49:58:21:79:32:db:34:7a:f4:59: 2d:42:d8:5d:30:7f:cf:8e:83:ff:31:2e:1f:5b:08: 77:29:4b:64:d5:3b:8c:f3:41:f8:a5:75:13:45:66: 79:57:68:94:c5:73:db:c2:1f:62:61:21:19:02:0c: de:e2:5c:30:4e:1e:63:54:41:51:35:f5:4e:5b:78: 35:c2:c9:cf:64:82:a1:fa:39:0c:c4:77:95:0e:c2: 9c:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 60:65:01:c8:e8:f2:3c:77:0c:a8:3e:bb:e1:cf:3b:ac:20:c1: 7d:37:9c:7f:6b:b3:6d:04:6f:8a:57:89:49:11:26:a3:e2:0a: 43:b3:62:7a:9a:62:e2:a3:30:5f:05:a1:e5:05:79:b8:75:f8: 2a:6e:85:5e:52:1c:f6:18:97:e4:3f:0f:ec:6d:2d:ce:5e:e1: 48:74:57:31:6b:e7:56:cb:5f:bb:50:a8:c8:73:a9:96:78:b3: 81:d4:98:71:54:ae:b4:4e:76:5e:c1:82:71:50:61:f1:05:15: 32:5e:f4:00:df:f1:ed:0f:58:00:90:59:ea:e8:3e:33:b4:57: af:ac:85:2b:a2:7d:02:e8:63:9e:7e:54:31:b3:8e:a3:59:ca: 34:46:4f:d0:20:3c:f2:2d:ee:4f:2e:1c:db:62:00:33:7d:68: 75:26:ee:d9:06:c5:ee:07:2f:aa:ac:27:0f:6d:84:c0:ae:e4: 6c:28:97:5c:cb:c3:ed:fa:4e:fe:2d:6f:67:d9:56:d4:3a:5a: 31:f1:10:02:75:45:8a:56:85:22:a5:57:38:d0:e5:95:72:12: 1f:a1:ea:cf:cc:5c:63:e6:12:74:61:dd:4d:a1:e9:be:dc:31: 24:3c:20:f7:75:78:bd:7d:26:9e:6e:be:ce:ee:8e:92:37:8c: fb:ee:21:05 -----BEGIN CERTIFICATE----- MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl cm5ldGVzMB4XDTE4MDUxOTA2MDAxNFoXDTI4MDUxNjA2MDAxNFowFTETMBEGA1UE AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANbx XovAb/Jo6In8j71h04qQBs0tcK1Ourv79XOlFQxGiQJTVq4/UBUxMzxoiQgh0jjv mi7Odc2VTNdumZOn/+cPu2WdU1zGNkoN2xV/hStcy4Rab4Ax0+x3sKKCEcXiyVeb Mnnv6s5Oe29uI/hA+W1VtnzG1rZji7yRj6nZPfsuXnd7lPgFVFTlMli11UktyEX8 kLW+6JLyynOYFguX8pjujwH5leYk4GlJWCF5Mts0evRZLULYXTB/z46D/zEuH1sI dylLZNU7jPNB+KV1E0VmeVdolMVz28IfYmEhGQIM3uJcME4eY1RBUTX1Tlt4NcLJ z2SCofo5DMR3lQ7CnA0CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB /wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGBlAcjo8jx3DKg+u+HPO6wgwX03 nH9rs20Eb4pXiUkRJqPiCkOzYnqaYuKjMF8FoeUFebh1+CpuhV5SHPYYl+Q/D+xt Lc5e4Uh0VzFr51bLX7tQqMhzqZZ4s4HUmHFUrrROdl7BgnFQYfEFFTJe9ADf8e0P WACQWeroPjO0V6+shSuifQLoY55+VDGzjqNZyjRGT9AgPPIt7k8uHNtiADN9aHUm 7tkGxe4HL6qsJw9thMCu5Gwol1zLw+36Tv4tb2fZVtQ6WjHxEAJ1RYpWhSKlVzjQ 5ZVyEh+h6s/MXGPmEnRh3U2h6b7cMSQ8IPd1eL19Jp5uvs7ujpI3jPvuIQU= -----END CERTIFICATE-----