linux配置无秘钥登陆

                                linux配置无秘钥登陆

                                                    作者:尹正杰

版权声明:原创作品,谢绝转载!否则将追究法律责任。

 

  最近有点心烦,很少写博客了,后期的3个月里,估计更新的频率也不会太高,请见谅,今天给大家共享一下linux不用秘钥就可以访问服务器的一种方法,这样工作起来比较方便,如果感兴趣的小伙伴们可以看一下,具体配置内容如下:

 

操作环境:

       首先,我要明确一下我的系统环境,都是2台centos6.6的操作系统,内核都是2.6的.

 

1 [root@yinzhengjie ~]# uname -a
2 Linux yinzhengjie 2.6.32-504.el6.x86_64 #1 SMP Wed Oct 15 04:27:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
3 [root@yinzhengjie ~]# 
4 [root@yinzhengjie ~]# cat /etc/redhat-release 
5 CentOS release 6.6 (Final)
6 [root@yinzhengjie ~]#

 

 
第一台机器:
 
#1>.创建秘钥对
[root@yinzhengjie .ssh]# ifconfig em1 | grep "inet addr" | awk '{print $2}' | awk -F ":" '{print $2}'
192.168.2.45
[root@yinzhengjie .ssh]#
[root@yinzhengjie .ssh]# ssh-keygen -t dsa
[root@yinzhengjie .ssh]# ll
总用量 8
-rw-------. 1 root root 668 2月 27 11:14 id_dsa
-rw-r--r--. 1 root root 606 2月 27 11:14 id_dsa.pub
[root@yinzhengjie .ssh]#
passphrase(密钥保护) 保留为空,否则使用ssh时将要求输入passphrase(密钥保护)
2>.共享秘钥对
[root@yinzhengjie .ssh]# scp id_dsa.pub 172.30.1.60:/root/.ssh/zabbix.key.pub
 
3>.授权
[root@yinzhengjie .ssh]# cat id_dsa.pub > authorized_keys
[root@yinzhengjie .ssh]# cat yinzhengjie.key.pub >> authorized_keys
 
4.测试登陆(在执行此操作之前。要确定另外的一台服务器已经完成了以上的三个操作)
[root@yinzhengjie ~]# ssh 172.30.1.60
reverse mapping checking getaddrinfo for bogon [172.30.1.60] failed - POSSIBLE BREAK-IN ATTEMPT!
Last login: Mon Feb 27 03:43:22 2017 from 192.168.2.45
-bash: “#Add: command not found
-bash: “#Add: command not found
[root@yinzhengjie ~]# ifconfig eth0 | grep "inet addr"| awk -F ":" '{print $2}' | awk '{print $1}'
172.30.1.60
[root@yinzhengjie ~]#
5.查看日志情况
[root@yinzhengjie ~]# more /var/log/secure
Feb 27 11:39:01 bogon sshd[18831]: Received disconnect from 172.30.1.60: 11: disconnected by user
Feb 27 11:39:01 bogon sshd[18831]: pam_unix(sshd:session): session closed for user root
Feb 27 11:39:02 bogon sshd[18897]: reverse mapping checking getaddrinfo for bogon [172.30.1.60] failed - POSSIBLE BREAK-IN ATTEMPT!
Feb 27 11:39:02 bogon sshd[18897]: Accepted publickey for root from 172.30.1.60 port 37244 ssh2
Feb 27 11:39:02 bogon sshd[18897]: pam_unix(sshd:session): session opened for user root by (uid=0)
Feb 27 11:39:35 bogon sshd[18897]: Received disconnect from 172.30.1.60: 11: disconnected by user
Feb 27 11:39:35 bogon sshd[18897]: pam_unix(sshd:session): session closed for user root
[root@yinzhengjie ~]#
 
 
第二台机器:
#1>.创建秘钥对
[root@yinzhengjie .ssh]# ifconfig eth0 | grep "inet addr"| awk -F ":" '{print $2}' | awk '{print $1}'
172.30.1.60
[root@yinzhengjie .ssh]# ssh-keygen -t dsa
2>.共享秘钥对
[root@yinzhengjie .ssh]# scp id_dsa.pub 192.168.2.45:/root/.ssh/yinzhengjie.key.pub
3>.授权
[root@yinzhengjie .ssh]# cat id_dsa.pub > authorized_keys
[root@yinzhengjie .ssh]# cat yinzhengjie.key.pub >> authorized_keys
4.测试登陆(在执行此操作之前。要确定另外的一台服务器已经完成了以上的三个操作)
[root@yinzhengjie .ssh]# ssh 192.168.2.45
reverse mapping checking getaddrinfo for bogon [192.168.2.45] failed - POSSIBLE BREAK-IN ATTEMPT!
Last login: Mon Feb 27 11:33:39 2017 from 192.168.2.45
[root@yinzhengjie ~]# exit
logout
Connection to 192.168.2.45 closed.
[root@yinzhengjie .ssh]# ifconfig eth0 | grep "inet addr"| awk -F ":" '{print $2}' | awk '{print $1}'
172.30.1.60
[root@yinzhengjie .ssh]#
 
  我不建议直接用root用户,为了运维的安全性。我们可以用sudo提权:
  [root@data-ana ~]# more /etc/ssh/sshd_config  | grep -v "^#" | grep -v "^$"
               

  一般不建议用root用户远程登陆,我们可以借助sudo的配置文件
  [root@data-ana ~]# more /etc/sudoers | grep -v "^#" | grep -v "^$"

              

  不过以现在的网络安全性的要求,以上的三种方法都挺实用的,不过现在很多企业都开始推崇实用ldap或堡垒机等等。

发布了139 篇原创文章 · 获赞 45 · 访问量 17万+

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 大白 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览