CenOS7秘钥双向验证的配置
配置密钥对的双向配置
HOST1配置:
root下编辑/etc/ssh/sshd_config
RSAAuthentication yes //启用RSA算法 PubkeyAuthentication yes //启用秘钥对验证
[root@host1 ~]# useradd hadoop //建立一个用户 [root@host1 ~]# passwd hadoop //设置密码 更改用户 hadoop 的密码 。 新的 密码: 无效的密码: 密码少于 8 个字符 重新输入新的 密码: passwd:所有的身份验证令牌已经成功更新。 [root@host1 ~]# su - hadoop 上一次登录:五 8月 16 03:44:00 CST 2019pts/0 上 [hadoop@host1 ~]$ pwd /home/hadoop [hadoop@host1 ~]$ ssh-keygen -t rsa //生成密钥对,加密格式为rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径 Created directory '/home/hadoop/.ssh'. Enter passphrase (empty for no passphrase): //公钥密码,回车即设置空密码(回车) Enter same passphrase again: //二次输入公钥密码(回车) Your identification has been saved in /home/hadoop/.ssh/id_rsa. Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub. The key fingerprint is: 77:05:b5:65:b7:b6:81:79:79:6d:2d:13:e2:73:65:4e hadoop@host1 The key's randomart image is: +--[ RSA 2048]----+ | o.o E| | . ooX*| | oo***| | +o++| | S . . . | | . . | | | | | | | +-----------------+ [hadoop@host1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.50.112 //将公钥传给位于host2下的hatoop /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys hadoop@192.168.50.112's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'hadoop@192.168.50.112'" and check to make sure that only the key(s) you wanted were added. [hadoop@host1 ~]$ ssh hadoop@192.168.50.112 //无需验证密码即可登录 Last login: Thu Aug 15 20:10:32 2019 from 192.168.50.111 [hadoop@host2 ~]$
HOST2配置:
root下编辑/etc/ssh/sshd_config
RSAAuthentication yes //启用RSA算法 PubkeyAuthentication yes //启用秘钥对验证
[hadoop@host2 ~]$ mkdir .ssh [hadoop@host2 ~]$ chmod 700 .ssh/ [hadoop@host2 ~]$ ls -ld .ssh/ drwx------. 2 hadoop hadoop 6 8月 15 20:02 .ssh/ [hadoop@host2 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径 Enter passphrase (empty for no passphrase): //输入公钥密码,回车即空密码(回车) Enter same passphrase again: //再次输入(回车) Your identification has been saved in /home/hadoop/.ssh/id_rsa. Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub. The key fingerprint is: f3:37:cc:fa:98:d6:ed:79:db:b6:68:13:cf:21:5f:66 hadoop@host2 The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | | | S | | o o o .E| | ..=.*oo| | .=.+o=+| | .+.oo+=+| +-----------------+ [hadoop@host2 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.50.111 //将公钥文件传给HOST1 /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys hadoop@192.168.50.111's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'hadoop@192.168.50.111'" and check to make sure that only the key(s) you wanted were added. [hadoop@host2 ~]$ ssh hadoop@192.168.50.111 //直接登录,无需验证密码 Last login: Fri Aug 16 04:12:03 2019 from 192.168.50.112 [hadoop@host1 ~]$
本帖子也是纯手工制作,转载请标明出处-----------burukku(づ。◕ᴗᴗ◕。)づ