ssh認證創建步驟:
1、產生一對公鑰,密鑰
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
17:1e:3a:a7:c4:b1:a4:d6:07:ee:63:1b:0a:c9:17:82 root@localhost
連續四次回車,產生一對空密碼的密鑰和公鑰id_rsa , id_rsa.pub
2、將公鑰id.rsa.pub重命名爲authorized_keys (或 authorized_keys2)
mv id_rsa.pub authorized_keys
3、將公鑰authorized_keys拷貝到其他機器的.ssho/目錄即可
rsync -av authorized_keys root@ip:/root/.ssh/
ssh認證使用過程遇到的問題
症狀:正常使用一段時間,沒什麼問題。突然有一天有一臺機器ssh登錄需要密碼,authorized_keys文件存在,也未改動過。重新生成證書也無效。
原因:最後查出原因爲/root目錄的權限改動了,其權限改爲了的drwxrwx---。網上查了一些資料顯示,只要公鑰
authorized_keys對除自己以外其他用戶有寫權限,認證就會失效。
解決方法:將root組的寫權限去掉,就ok了