Linux配置免秘钥

最新推荐文章于 2023-12-05 17:39:06 发布

运维中文社区

最新推荐文章于 2023-12-05 17:39:06 发布

阅读量249

点赞数

本文链接：https://blog.csdn.net/weixin_40074744/article/details/100563090

版权

640?wx_fmt=jpeg

一般在服务器上免秘钥分为两种：ssh 免秘钥和切换用户免秘钥。首先我们来配置一下 ssh 的免秘钥。

从当前服务器配置到 192.168.43.36 在 ssh 的时候免秘钥。首先生成秘钥，然后将公钥复制过去即可。

[root@k8s-master-01 ~]# echo -e "\n" |ssh-keygen -t dsa -N ""
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:fTz8Wmp4M6GjXc21g71eDTfUmPNDMl1MKKSK1xnwa+o root@k8s-master-01
The key's randomart image is:
+---[DSA 1024]----+
| . .. +o|
| o .. oo+|
| + +++.|
| . + * =o |
| . S * = .o+|
| . o ..=o+=|
| . o.o=+o|
| . .+.=+ +|
| E..+oo.o |
+----[SHA256]-----+
[root@k8s-master-01 ~]# ssh-copy-id -i .ssh/id_dsa.pub root@192.168.43.36
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.43.36's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@192.168.43.36'"
and check to make sure that only the key(s) you wanted were added.

[root@k8s-master-01 ~]# ssh root@192.168.43.36
Last login: Thu Aug 15 22:17:04 2019 from 192.168.43.1
[root@k8s-master-02 ~]# exit
logout
Connection to 192.168.43.36 closed.

具体实验如图：

640?wx_fmt=png

接下来我们来配置一下用户切换时免秘钥，也就是用 sudo 切换 root 的时候，是去需要输入密码的。

我们先去尝试创建一个组 tigergaotest，和用户 tigergaotest。然后先进行尝试去切换执行 sudo su - root 或者 sudo su - 的时候就会提示要输入密码。

配置用户免秘钥的时候是在 /etc/sudoers 文件中，最后有一句 #includedir /etc/sudoers.d，说明这个文件是包含 sudoers.d 的。我们只需要在 sudoers.d 目录下进行创建 tigergaotest文件并赋权，向里面进行配置即可。

[root@k8s-master-01 ~]# groupadd tigergaotest
[root@k8s-master-01 ~]# useradd -m -s /bin/bash -d /home/tigergaotest -g tigergaotest tigergaotest
[root@k8s-master-01 ~]# id tigergaotest
uid=1001(tigergaotest) gid=1001(tigergaotest) groups=1001(tigergaotest)
[root@k8s-master-01 ~]# su - tigergaotest
[tigergaotest@k8s-master-01 ~]$ su - root
Password:
[root@k8s-master-01 ~]# sed -n '$p' /etc/sudoers
#includedir /etc/sudoers.d
[root@k8s-master-01 ~]# cd /etc/sudo
sudo.conf sudoers sudoers.d/ sudo-ldap.conf
[root@k8s-master-01 ~]# cd /etc/sudo
sudo.conf sudoers sudoers.d/ sudo-ldap.conf
[root@k8s-master-01 ~]# cd /etc/sudoers
sudoers sudoers.d/
[root@k8s-master-01 ~]# cd /etc/sudoers
sudoers sudoers.d/
[root@k8s-master-01 ~]# cd /etc/sudoers
sudoers sudoers.d/
[root@k8s-master-01 ~]# cd /etc/sudoers.d/
[root@k8s-master-01 sudoers.d]# ls
sudo-tigergao
[root@k8s-master-01 sudoers.d]# touch sudo-tigergaotest
[root@k8s-master-01 sudoers.d]# ls -lrt
total 4
-rwxr-xr-x. 1 root root 32 Aug 5 04:02 sudo-tigergao
-rw-r--r-- 1 root root 0 Aug 16 02:38 sudo-tigergaotest
[root@k8s-master-01 sudoers.d]# vim sudo-tigergaotest
[root@k8s-master-01 sudoers.d]# chmod +x sudo-tigergaotest
[root@k8s-master-01 sudoers.d]# ls -lrt
total 8
-rwxr-xr-x. 1 root root 32 Aug 5 04:02 sudo-tigergao
-rwxr-xr-x 1 root root 36 Aug 16 02:38 sudo-tigergaotest
[root@k8s-master-01 sudoers.d]# su - tigergaotest
Last login: Fri Aug 16 02:35:03 EDT 2019 on pts/0
[tigergaotest@k8s-master-01 ~]$ sudo su - root
Last login: Fri Aug 16 02:36:30 EDT 2019 on pts/0