實驗環境:
10.0.0.9:分發服務器(用於保存SSH生成的密鑰和後期的文件的分發工作)
10.0.0.10、10.0.0.11:節點服務器(用於保存SSH生成的公鑰文件和接收分發服務器的文件)
#分發服務器與節點服務器的系統版本與內核如下 [root@C58/]# cat /etc/redhat-release CentOS release 5.8 (Final) [root@C58/]# uname -a Linux C58 2.6.18-308.el5 #1 SMP Tue Feb 21 20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
IP的分配:
分發服務器IP:10.0.0.9 節點服務器A的IP:10.0.0.10 節點服務器B的IP:10.0.0.11
開始實驗:
1、在分發服務器上面使用SSH生成一對密鑰與公鑰
[root@C58-NFS-Server ~]# ssh-keygen -t rsa #生成以rsa加密算法的公鑰與密鑰 Generating public/private rsa key pair. #默認密鑰存放的位置在當前用戶的根目錄下的.ssh目錄中 Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 9f:82:dc:54:7f:0b:aa:64:d5:56:e5:2d:eb:50:72:76 root@C58-NFS-Server 進入.ssh目錄,查看是否生成密鑰文件 [root@C58-NFS-Server ~]# cd ~/.ssh/ [root@C58-NFS-Server .ssh]# ll total 16 -rw------- 1 root root 1675 Jan 22 21:53 id_rsa -rw-r--r-- 1 root root 401 Jan 22 21:53 id_rsa.pub
2、使用ssh-copy-i將公鑰文件id_rsa.pub發送到節點服務器A上
[root@C58-SSH-Server .ssh]# ssh-copy-id -i id_rsa.pub 10.0.0.10 10 The authenticity of host '10.0.0.10 (10.0.0.10)' can't be established. RSA key fingerprint is 53:23:dc:c0:66:05:e6:34:b1:ee:b2:f6:e5:d5:f1:de. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.10' (RSA) to the list of known hosts. [email protected]'s password: Now try logging into the machine, with "ssh '10.0.0.10'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. #在節點服務器上面查看是否傳輸成功(有authorized_keys,說明成功) [root@C58-SSH-ClientA .ssh]# cd ~/.ssh [root@C58-SSH-ClientA .ssh]# ll total 8 -rw------- 1 root root 401 Jan 22 22:06 authorized_keys
3、進行驗證
#在節點服務器上使用ssh登錄到節點服務器A,驗證是否需要密碼 [root@C58-SSH-Server .ssh]# ssh 10.0.0.10 Last login: Wed Jan 22 22:05:18 2014 from 10.0.0.1 [root@C58-SSH-ClientA ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:B0:82:67 inet addr:10.0.0.10 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feb0:8267/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2803 errors:0 dropped:0 overruns:0 frame:0 TX packets:2301 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:342373 (334.3 KiB) TX bytes:275960 (269.4 KiB) #在節點服務器上使用ssh登錄到節點服務器B,驗證是否需要密碼 [root@C58-SSH-Server .ssh]# ssh 10.0.0.11 #要求輸入密碼 [email protected]'s password: Last login: Wed Jan 22 18:09:28 2014 from 10.0.0.9 [root@C58-SSH-ClientB ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:33:22:7E inet addr:10.0.0.11 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe33:227e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1474 errors:0 dropped:0 overruns:0 frame:0 TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:181772 (177.5 KiB) TX bytes:127440 (124.4 KiB)
4、文件分發測試
#分發文件aa到節點服務器A [root@C58-SSH-Server tmp]# scp -p 22 aa 10.0.0.10:/tmp/ 22: No such file or directory aa 100% 0 0.0KB/s 00:00 [root@C58-SSH-ClientA tmp]# ll total 4 -rw-r--r-- 1 root root 0 Jan 22 18:11 aa #分發文件aa到節點服務器B [root@C58-SSH-Server tmp]# scp -p 22 aa 10.0.0.11:/tmp/ [email protected]'s password: 22: No such file or directory aa 100% 0 0.0KB/s 00:00
注意
該認證只是單向的,即從分發服務器ssh登錄到節點服務器上是無須密碼的,而反過來則需要。
ssh-copy-id所能傳送的只能是公鑰,無法傳送密鑰文件