目前很多服务(ceph,openstack等)都需要用到SSH使用ssh-key进行登录,而不能使用密码进行登录。
下面是配置步骤:
一、在SSH Client生成ssh key pair
root@ceph01:~# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 1e:f1:c6:c5:c4:8e:e0:b3:ed:9f:2c:21:24:ce:8a:0d root@ceph01 The key's randomart image is: +--[ RSA 2048]----+ | .. | | . o. | | ... oo | | . ++... | | o oS++ | | E o.ooo | | + . .o . | | . o o. . | | o+ | +-----------------+
二、复制id_rsa.pub内容到 SSH Server 用户的.ssh/authorized_keys 中
root@ceph01:~# ssh-copy-id ceph02 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@ceph02's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'ceph02'" and check to make sure that only the key(s) you wanted were added.
查看SSH Server 用户的.ssh/authorized_keys文件内容
root@ceph02:~/.ssh# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1hXDFOCI0hdsZlvuP9FGLnCd6k6yR51T6WN4+Wr/shJlY6ymcxde2hwBhiGowvKNbhpVA3EHUxtV0W9YH742ymTmUCVBCuGd2zUwB36AR9aiQGFwSd8vulqaybirpsic9iZ4d83cGjdJwSQg5mGhxZpzi4qD8yygdEDkTcczIFj+9zh5BCIlsZXFHU8044wIKBAbp2YvrsCW0L81XvVJZo3OJxggbUYlMhXcws99U7q2JcBUKv9IQYjar9GyYh4DNlllDs56sfR6SDtuT1O6NOtKSCc6jxCpf7EmxgBXIeYQiSUKnwDo3CE4FmvFsmTlkFUkOluJIRGUTbkokw5tJ root@ceph01
三、在SSH Server上修改sshd_config配置文件
Port 22 # Use these options to restrict which interfaces/protocols sshd will bind to #ListenAddress :: #ListenAddress 0.0.0.0 Protocol 2 # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key #Privilege Separation is turned on for security UsePrivilegeSeparation yes # Lifetime and size of ephemeral version 1 server key KeyRegenerationInterval 3600 ServerKeyBits 1024 # Logging SyslogFacility AUTH LogLevel INFO # Authentication: LoginGraceTime 120 PermitRootLogin yes StrictModes yes RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files IgnoreRhosts yes # For this to work you will also need host keys in /etc/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no . . .
四、验证
root@ceph01:~# ssh root@ceph02 Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Wed Jan 11 16:33:23 CST 2017 System load: 0.0 Processes: 113 Usage of /: 3.7% of 40.95GB Users logged in: 2 Memory usage: 2% IP address for eth0: 192.168.20.178 Swap usage: 0% Graph this data and manage this system at: https://landscape.canonical.com/ 215 packages can be updated. 117 updates are security updates. New release '16.04.1 LTS' available. Run 'do-release-upgrade' to upgrade to it. Last login: Wed Jan 11 16:28:49 2017 from 192.168.20.116 root@ceph02:~#