最近在使用VMware vSphere ESXI 5.5的时候,发现可以基于ssh远程管理ESXI主机,但是每次登录的时候,都要求输入密码,后来上去查了一下主机的ssh服务端配置发现,原生服务中没有开启对于公密钥登录方式,于是试着添加了关于公密钥登录的配置,重启ssh服务试了一下,发现这次可以了。这里其中的配置记录如下,以方便有类似问题的小伙伴们参考。
首先我们来查看 一下ssh服务配置文件/etc/ssh/sshd_config的内容:
~ # cat /etc/ssh/sshd_config
# running from inetd
# Port 2200
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation no
SyslogFacility auth
LogLevel info
PermitRootLogin yes
PrintMotd yes
PrintLastLog no
TCPKeepAlive yes
X11Forwarding no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc
MACs hmac-sha1,hmac-sha1-96
UsePAM yes
# only use PAM challenge-response (keyboard-interactive)
PasswordAuthentication no
Banner /etc/issue
Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server
#AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys
# Timeout value of 10 mins. The default value of ClientAliveCountMax is 3.
# Hence, we get a 3 * 200 = 600 seconds timeout if the client has been
# unresponsive.
ClientAliveInterval 200
~ #
我们可以看到里面没有开启对于公密钥登录方式,现在我们为该文件做一些修改,修改后的文件如下:
~ # cat /etc/ssh/sshd_config
# running from inetd
# Port 2200
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation no
SyslogFacility auth
LogLevel info
PermitRootLogin yes
PrintMotd yes
PrintLastLog no
TCPKeepAlive yes
X11Forwarding no
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc
MACs hmac-sha1,hmac-sha1-96
UsePAM yes
# only use PAM challenge-response (keyboard-interactive)
PasswordAuthentication no
Banner /etc/issue
Subsystem sftp /usr/lib/vmware/openssh/bin/sftp-server
#AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
RSAAuthentication yes
PubkeyAuthentication yes
# Timeout value of 10 mins. The default value of ClientAliveCountMax is 3.
# Hence, we get a 3 * 200 = 600 seconds timeout if the client has been
# unresponsive.
ClientAliveInterval 200
~ #
这里,我们注释掉了原配置文件第34行#AuthorizedKeysFile /etc/ssh/keys-%u/authorized_keys
,追加了如第35~37行的内容:
AuthorizedKeysFile .ssh/authorized_keys
RSAAuthentication yes
PubkeyAuthentication yes
修改完成后,我们重新启动一下ssh服务:
~ # ls -la /etc/init.d/
total 224
drwxr-xr-x 1 root root 512 Oct 31 11:19 .
drwxr-xr-x 1 root root 512 Nov 12 15:38 ..
-r-xr-xr-x 1 root root 1420 Aug 23 2014 DCUI
-r-xr-xr-x 1 root root 4386 Aug 23 2014 ESXShell
-r-xr-xr-x 1 root root 2259 Aug 23 2014 SSH
-r-xr-xr-x 1 root root 912 Aug 23 2014 cdp
-r-xr-xr-x 1 root root 2053 Aug 23 2014 clomd
-r-xr-xr-x 1 root root 1771 Aug 23 2014 cmmdsd
-r-xr-xr-x 1 root root 949 Aug 23 2014 dcbd
-r-xr-xr-x 1 root root 5989 Aug 23 2014 hostd
-r-xr-xr-x 1 root root 1356 Aug 23 2014 lacp
-r-xr-xr-x 1 root root 1156 Aug 23 2014 lbtd
-r-xr-xr-x 1 root root 1029 Aug 23 2014 lsassd
-r-xr-xr-x 1 root root 881 Aug 23 2014 lwiod
-r-xr-xr-x 1 root root 1187 Aug 23 2014 memscrubd
-r-xr-xr-x 1 root root 914 Aug 23 2014 netlogond
-r-xr-xr-x 1 root root 1196 Aug 23 2014 nscd
-r-xr-xr-x 1 root root 1772 Aug 23 2014 ntpd
-r-xr-xr-x 1 root root 1755 Aug 23 2014 osfsd
-r-xr-xr-x 1 root root 1732 Aug 23 2014 rhttpproxy
-r-xr-xr-x 1 root root 1249 Aug 23 2014 sdrsInjector
-r-xr-xr-x 1 root root 1247 Aug 23 2014 sensord
-r-xr-xr-x 1 root root 12647 Aug 23 2014 sfcbd
-r-xr-xr-x 1 root root 17558 Aug 23 2014 sfcbd-watchdog
-r-xr-xr-x 1 root root 2052 Aug 23 2014 slpd
-r-xr-xr-x 1 root root 1143 Aug 23 2014 smartd
-r-xr-xr-x 1 root root 5239 Aug 23 2014 snmpd
-r-xr-xr-x 1 root root 1266 Aug 23 2014 storageRM
-r-xr-xr-x 1 root root 1830 Aug 23 2014 swapobjd
-r-xr-xr-x 1 root root 4483 Aug 23 2014 usbarbitrator
-r-xr-xr-x 1 root root 1188 Aug 23 2014 vmamqpd
-r-xr-xr-x 1 root root 5135 Aug 23 2014 vmfstraced
-r-xr-xr-x 1 root root 1050 Aug 23 2014 vobd
-r-xr-xr-x 1 root root 1097 Aug 23 2014 vprobed
-r-xr-xr-x 1 root root 1320 Aug 23 2014 vpxa
-r-xr-xr-x 1 root root 16929 Aug 23 2014 vsantraced
-r-xr-xr-x 1 root root 1895 Aug 23 2014 vsanvpd
-r-xr-xr-x 1 root root 3081 Aug 23 2014 wsman
-r-xr-xr-x 1 root root 4813 Jun 26 2013 xorg
~ # /etc/init.d/SSH restart
~ #
参考文献
- https://blog.csdn.net/shida_csdn/article/details/82880899