简单使用SSH密钥认证.doc

A机器（ssh连接发起端，即客户端）：添加一个测试用户aaarootA # useradd aaasu成aaarootA # su - aaaaaaA $ ssh-keygen创建rsa密钥对 aaaA $ ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/aaa/.ssh/id_rsa): 密钥文件的保存位置Created directory /home/aaa/.ssh.默认的密钥文件存放目录Enter passphrase (empty for no passphrase):密钥文件的保护密码Enter same passphrase again: Your identification has been saved in /home/aaa/.ssh/id_rsa.生成的私钥Your public key has been saved in /home/aaa/.ssh/id_rsa.pub.生成的公钥The key fingerprint is:81:d7:de:e7:cb:7c:4e:16:d6:76:da:9d:30:25:76:09 aaaA.aaaA $ lltotal 32Kdrwx- 3 aaa aaa 4.0K Sep 17 16:09 .drwxr-xr-x 4 root root 4.0K Sep 17 16:09 .-rw-r-r- 1 aaa aaa 304 Sep 17 16:09 .bash_logout-rw-r-r- 1 aaa aaa 191 Sep 17 16:09 .bash_profile-rw-r-r- 1 aaa aaa 124 Sep 17 16:09 .bashrc-rw-r-r- 1 aaa aaa 383 Sep 17 16:09 .emacsdrwx- 2 aaa aaa 4.0K Sep 17 16:09 .ssh创建出的.ssh目录默认权限为700注意生成的私钥文件的默认权限是rw-，即600（确保他人不能查看）aaaA $ ll .ssh/total 16Kdrwx- 2 aaa aaa 4.0K Sep 17 16:09 .drwx- 3 aaa aaa 4.0K Sep 17 16:09 .-rw- 1 aaa aaa 951 Sep 17 16:09 id_rsa私钥文件-rw-r-r- 1 aaa aaa 231 Sep 17 16:09 id_rsa.pub公钥文件B机器（ssh的被连接端，即服务端）：添加bbb用户rootB # useradd bbbsu成bbbrootB # su - bbb手工在家目录下建立.ssh目录（如果不使用ssh-keygen工具的话）bbbB $ mkdir .sshbbbB $ ls -altotal 28drwx- 3 bbb bbb 4096 Sep 17 16:52 .drwxr-xr-x 4 root root 4096 Sep 17 16:52 .-rw-r-r- 1 bbb bbb 304 Sep 17 16:52 .bash_logout-rw-r-r- 1 bbb bbb 191 Sep 17 16:52 .bash_profile-rw-r-r- 1 bbb bbb 124 Sep 17 16:52 .bashrcdrwxrwxr-x 2 bbb bbb 4096 Sep 17 16:52 .ssh修改.ssh目录的权限为700（非常重要！）bbbB $ chmod 700 .sshbbbB $ ls -altotal 28drwx- 3 bbb bbb 4096 Sep 17 16:52 .drwxr-xr-x 4 root root 4096 Sep 17 16:52 .-rw-r-r- 1 bbb bbb 304 Sep 17 16:52 .bash_logout-rw-r-r- 1 bbb bbb 191 Sep 17 16:52 .bash_profile-rw-r-r- 1 bbb bbb 124 Sep 17 16:52 .bashrcdrwx- 2 bbb bbb 4096 Sep 17 16:52 .ssh确认权限为700在.ssh目录里创建authorized_keys文件，并将A机器上aaa用户的公钥(id_rsa.pub)内容写入此文件（关键操作！）bbbB $ cd .ssh/bbbB .ssh$ vi authorized_keys粘贴aaa的id_rsa.pub内容进来修改authorized_keys的权限为400（非常重要！）bbbB .ssh$ chmod 400 authorized_keysbbbB .ssh$ ls -l authorized_keys -r- 1 bbb bbb 231 Sep 17 16:53 authorized_keys确认权限为400配置结束。测试：从A机器上，在aaa用户下，使用bbb帐号登录B机器。aaaA $ ssh -l bbb xxx.xxx.xxx.xxxEnter passphrase for key /home/aaa/.ssh/id_rsa: 会提示输入私钥保护密码（在创建密钥对时输的密码，输入正确后进入系统）bbbB $ 安全的关键点在于如何