• 客户端与服务器双向密钥对验证


    一、

    客户端  >>>   服务器

    HOST1配置:

    root下编辑/etc/ssh/sshd_config 

    RSAAuthentication  yes           //启用RSA算法

    PubkeyAuthentication   yes  //启用秘钥对验证

    [root@host1 ~]# useradd hadoop         //建立hadoop用户

    [root@host1 ~]# passwd hadoop     //为用户设置密码

    更改用户 hadoop 的密码 。      

    新的 密码:

    无效的密码: 密码少于 8 个字符

    重新输入新的 密码:

    passwd:所有的身份验证令牌已经成功更新。

    [root@host1 ~]# su - hadoop     //切换用户到hadoop

    上一次登录:五 8月 16 03:44:00 CST 2019pts/0 上

    [hadoop@host1 ~]$ pwd

    /home/hadoop

    [hadoop@host1 ~]$ ssh-keygen -t rsa       //生成密钥对,加密格式为rsa

    Generating public/private rsa key pair.

    Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):       //密钥路径

    Created directory '/home/hadoop/.ssh'.

    Enter passphrase (empty for no passphrase):       //公钥密码,回车即设置空密码(回车)

    Enter same passphrase again:         //二次输入公钥密码(回车)

    Your identification has been saved in /home/hadoop/.ssh/id_rsa.

    Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.

    The key fingerprint is:

    77:05:b5:65:b7:b6:81:79:79:6d:2d:13:e2:73:65:4e hadoop@host1

    The key's randomart image is:

    +--[ RSA 2048]----+

    |            o.o E|

    |           . ooX*|

    |            oo***|

    |             +o++|

    |        S . .  . |

    |         . .     |

    |                 |

    |                 |

    |                 |

    +-----------------+

    [hadoop@host1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.153.10    //将公钥传给位于host2下的hatoop

    /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

    /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

    hadoop@192.168.153.10's password:

    Number of key(s) added: 1

    Now try logging into the machine, with:   "ssh 'hadoop@192.168.153.10'"

    and check to make sure that only the key(s) you wanted were added.

    [hadoop@host1 ~]$ ssh hadoop@192.168.153.10   //无需验证密码即可登录

    Last login: Thu Aug 15 20:10:32 2019 from 192.168.153.128

    [hadoop@host2 ~]$

     二、

     服务器 >>> 客户端

    root下编辑/etc/ssh/sshd_config 

    RSAAuthentication  yes             //启用RSA算法

    PubkeyAuthentication   yes  //启用秘钥对验证

    [hadoop@host2 ~]$ mkdir .ssh                        

    [hadoop@host2 ~]$ chmod 700 .ssh/

    [hadoop@host2 ~]$ ls -ld .ssh/

    drwx------. 2 hadoop hadoop 6 8月  15 20:02 .ssh/

    [hadoop@host2 ~]$ ssh-keygen -t rsa

    Generating public/private rsa key pair.

    Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径

    Enter passphrase (empty for no passphrase):            //输入公钥密码,回车即空密码(回车)

    Enter same passphrase again:           //再次输入(回车)

    Your identification has been saved in /home/hadoop/.ssh/id_rsa.

    Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.

    The key fingerprint is:

    f3:37:cc:fa:98:d6:ed:79:db:b6:68:13:cf:21:5f:66 hadoop@host2

    The key's randomart image is:

    +--[ RSA 2048]----+

    |                 |

    |                 |

    |                 |

    |                 |

    |        S        |

    |         o o o .E|

    |          ..=.*oo|

    |          .=.+o=+|

    |         .+.oo+=+|

    +-----------------+

    [hadoop@host2 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.153.128  //将公钥文件传给HOST1

    /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

    /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

    hadoop@192.168.153.128's password:

    Number of key(s) added: 1

    Now try logging into the machine, with:   "ssh 'hadoop@192.168.153.128'"

    and check to make sure that only the key(s) you wanted were added.

    [hadoop@host2 ~]$ ssh hadoop@192.168.153.128              //直接登录,无需验证密码

    Last login: Fri Aug 16 04:12:03 2019 from 192.168.153.10

    [hadoop@host1 ~]$ 

    本文为作者 三岁半的胖啊 的原创,转载请标明出处 链接:https://home.cnblogs.com/u/tanxiaojuncom/
  • 相关阅读:
    mysql 的锁
    vsphere虚拟机连网
    三种响应式文字(废弃)
    学习笔记(六)
    优秀 H5 案例收集 vol.3(不定期更新)
    优秀 H5 案例收集 Vol.2(不定期更新)
    优秀 H5 案例收集 vol.1(不定期更新)
    手机调取摄像头问题(getUserMedia)
    ES6 随记(3.3)-- 数组的拓展
    input-file 部分手机不能拍照问题
  • 原文地址:https://www.cnblogs.com/tanxiaojuncom/p/11366057.html
Copyright © 2020-2023  润新知