ssh无密码登陆
以下做法在solaris 10,redhat as 5.0上测试通过。hosta和hostb都必须同步完成以下操作,以hosta为例
================================================================
1、创建密钥对
# who am i
root pts/1 2008-04-30 12:08 (172.16.10.220)
# cd ~/.ssh
# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
0a:13:25:19:a2:59:2c:b1:49:e6:62:90:57:07:e5:f7 root@hosta
passphrase(密钥保护) 保留为空,否则使用ssh时将要求输入passphrase(密钥保护)
2、发布公钥和获取公钥
# scp id_dsa.pub hostb:/root/.ssh/hosta.key.pub
root@hostb's password:
id_dsa.pub 100%600 0.6KB/s 00:00
# scp hostb:/root/.ssh/id_dsa.pub /root/.ssh/hostb.key.pub
root@hostb's password:
id_dsa.pub 100%600 0.6KB/s 00:00
3、对公钥授权
# cat id_dsa.pub >>authorized_keys2
# cat hostb.key.pub >>authorized_keys2
如果是ssh v1版本,比如solaris 9,就使用authorized_keys文件
4、使用密钥对登录
# ssh hostb
Last login: Sun Apr 27 00:04:49 2008 from 172.16.10.220
# exit
logout
Connection to hostb closed.
5、查看日志
# more /var/log/secure
Apr 27 10:26:47 hosta sshd: Accepted password for root from 172.16.10.220 port 239
5 ssh2
Apr 27 10:26:47 hosta sshd: pam_unix(sshd:session): session opened for user root b
y (uid=0)
Apr 27 10:41:51 hosta sshd: Accepted password for root from 172.16.10.220 port 24
08 ssh2
Apr 27 10:41:51 hosta sshd: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 12:42:15 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 27 13:08:32 hosta sshd: Accepted password for root from 172.16.10.2 port 4324
7 ssh2
Apr 27 13:08:32 hosta sshd: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:08:33 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 27 13:08:52 hosta sshd: Accepted password for root from 172.16.10.2 port 4324
8 ssh2
Apr 27 13:08:52 hosta sshd: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:08:52 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 27 13:09:15 hosta sshd: Accepted password for root from 172.16.10.2 port 4324
9 ssh2
Apr 27 13:09:15 hosta sshd: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:09:15 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 27 13:09:25 hosta sshd: Accepted password for root from 172.16.10.2 port 4325
0 ssh2
Apr 27 13:09:25 hosta sshd: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:09:25 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 27 13:51:27 hosta sshd: Accepted password for root from 172.16.10.220 port 4248 ssh2
Apr 27 13:51:27 hosta sshd: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 27 13:53:54 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 27 15:13:48 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 27 15:22:20 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 27 23:37:48 hosta sshd: Accepted password for root from 172.16.10.220 port 4948 ssh2
Apr 27 23:37:48 hosta sshd: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 28 04:30:58 hosta sshd: pam_unix(sshd:session): session closed for user root
Apr 30 12:08:32 hosta sshd: Accepted password for root from 172.16.10.220 port 1637 ssh2
Apr 30 12:08:32 hosta sshd: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 30 12:11:05 hosta useradd: new group: name=mysql, GID=503
Apr 30 12:11:05 hosta useradd: new user: name=mysql, UID=503, GID=503, home=/home/mysql, shell=/bin/bash
Apr 30 12:22:18 hosta sshd: Accepted password for root from 172.16.10.2 port 47224 ssh2
Apr 30 12:22:18 hosta sshd: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 30 12:22:18 hosta sshd: pam_unix(sshd:session): session closed for user root
6、查看ssh的详细操作记录(ssh -v, scp -v or sftp -v ...)
# scp -v /root/install.log hostb:/root
Executing: program /usr/bin/ssh host hostb, user (unspecified), command scp -v -t /root
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to hostb port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/58855/showart_1019731.html 你好,我使用你的方法在solaris上测试没有通过,使用了另外的方法测试发现存在问题,请见http://bbs.chinaunix.net/forum.php?mod=viewthread&tid=3724051。
劳驾帮忙看看什么原因,谢谢
页:
[1]