(一)使用client端的xiaoming用户基于密钥认证方式使用ssh登录server端的xiaoming用户和xiaolei
客户端创建xiaoming
[root@client ~]# useradd xiaoming
服务端创建xiaoming和xiaolei
[root@server ssh]# useradd xiaoming
[root@server ssh]# useradd xiaohei
客户端xiaoming创建公私钥
[root@client ~]# su - xiaoming
[xiaoming@client ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/xiaoming/.ssh/id_rsa):
Created directory '/home/xiaoming/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xiaoming/.ssh/id_rsa.
Your public key has been saved in /home/xiaoming/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:DypOa5V1kzZ9YSKcm53wCEBHZx0XNiVd58lQEKhuh6o xiaoming@client
The key's randomart image is:
+---[RSA 2048]----+
| .ooo.ooo=X==|
| ..o=.oo=++|
| ..@ + +.|
| ..X = . |
| oSo.o . |
| o. * . |
| o.. o o |
| o.o . |
| .oE. |
+----[SHA256]-----+
[xiaoming@client ~]$ ll -a ./.ssh/
total 8
drwx------. 2 xiaoming xiaoming 38 Nov 9 18:42 .
drwx------. 3 xiaoming xiaoming 74 Nov 9 18:41 ..
-rw-------. 1 xiaoming xiaoming 1679 Nov 9 18:42 id_rsa
-rw-r--r--. 1 xiaoming xiaoming 397 Nov 9 18:42 id_rsa.pub
[xiaoming@client ~]$
把公钥传输给服务端的xiaoming的家目录下的./.ssh/authorized_keys
[xiaoming@client ~]$ ssh-copy-id xiaoming@10.10.0.128 -p 2222
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/xiaoming/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
(if you think this is a mistake, you may want to use -f option)
在服务端查看文件
[root@server .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDt3LWyP+0jyylTKWy2SjiAgRLuIrbTAbqzvISkwv5z2JRMha/vaEcZCQLXmtxquLkaNbai5rgJGa9lk2DN/claIFCK2zL267h33Sgg7bkSlmf11NNhrWqosnwitNU2jd4F80Om8M3uOrmU4dau2KbGXyIk5KYXzJNvxx/ix9oZbgd4K9vXPdGrlBJNTnpLjcu5P8lY45jDhnmuje/VkdEJ763Rd791u57orrPxs8Hp6CYRDBzHelDIJETu/8v6by294JNEnBPKsMq9KdCjJNpP95rJ4E3p2zw/K0rbYN3u+lIoGcCLiiOiOoSRqAR5gujti2o5Yj4v388JdZ4hCCMz xiaoming@client
尝试进行登录
[xiaoming@client .ssh]$ ssh xiaoming@10.10.0.128
Activate the web console with: systemctl enable --now cockpit.socket
[xiaoming@client .ssh]$ ssh-copy-id -i id_rsa.pub xiaohei@10.10.0.128
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Tue Nov 8 12:58:41 2022
[xiaoming@server ~]$
现在配置xiaohei进行密钥登录
将小明的公钥传输到xiaohei的$HOME/.ssh/authorized_key
[xiaoming@client .ssh]$ ssh-copy-id -i id_rsa.pub xiaohei@10.10.0.128
在服务器查看authorized_keys文件
[xiaohei@server .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkQIsdpQ3XBcFeOd7X233oEByGn3sXI5ZCDwMpDRpXsXDzFLivIunR0jLvkl7oE/c5YkqQr/lkuvg3q5nHaAiYd1xsv8pvmQ0WsvqaIe4/ALDC3Co/cclxKWDNFG6NHaZVI2hYfTDbZ7Q4Nv9BJlIAi64gT5nWqf9KW03xffxQH4bm8BLLFucIanzgQfkm09fwMzt0y54U/IJZeD3gI5k5C0Xrgg7yvj14nvDzhPnJzSpqyIpkvJKR6Qz24FVSq+sR2Pmi92R8HJhGVFQo/MR/TtdVxpAcc+lDLrvSPHbPmcNIN/aiig7hshXspvgDstMBYQzAe/wHGfSt10Erv70n xiaoming@client
[xiaohei@server .ssh]$
在xiaoming@client登录
[xiaoming@client .ssh]$ ssh xiaohei@10.10.0.128
Activate the web console with: systemctl enable --now cockpit.socket
This system is not registered to Red Hat Insights. See https://cloud.redhat.com/
To register this system, run: insights-client --register
Last login: Tue Nov 8 13:08:00 2022
[xiaohei@server ~]$