CenOS7秘钥双向验证的配置
配置密钥对的双向配置
HOST1配置:
root下编辑/etc/ssh/sshd_config
RSAAuthentication yes //启用RSA算法
PubkeyAuthentication yes //启用秘钥对验证
[root@host1 ~]# useradd hadoop //建立一个用户
[root@host1 ~]# passwd hadoop //设置密码
更改用户 hadoop 的密码 。
新的 密码:
无效的密码: 密码少于 8 个字符
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
[root@host1 ~]# su - hadoop
上一次登录:五 8月 16 03:44:00 CST 2019pts/0 上
[hadoop@host1 ~]$ pwd
/home/hadoop
[hadoop@host1 ~]$ ssh-keygen -t rsa //生成密钥对,加密格式为rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径
Created directory '/home/hadoop/.ssh'.
Enter passphrase (empty for no passphrase): //公钥密码,回车即设置空密码(回车)
Enter same passphrase again: //二次输入公钥密码(回车)
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
77:05:b5:65:b7:b6:81:79:79:6d:2d:13:e2:73:65:4e hadoop@host1
The key's randomart image is:
+--[ RSA 2048]----+
| o.o E|
| . ooX*|
| oo***|
| +o++|
| S . . . |
| . . |
| |
| |
| |
+-----------------+
[hadoop@host1 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.50.112 //将公钥传给位于host2下的hatoop
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@192.168.50.112's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'hadoop@192.168.50.112'"
and check to make sure that only the key(s) you wanted were added.
[hadoop@host1 ~]$ ssh hadoop@192.168.50.112 //无需验证密码即可登录
Last login: Thu Aug 15 20:10:32 2019 from 192.168.50.111
[hadoop@host2 ~]$
HOST2配置:
root下编辑/etc/ssh/sshd_config
RSAAuthentication yes //启用RSA算法
PubkeyAuthentication yes //启用秘钥对验证
[hadoop@host2 ~]$ mkdir .ssh
[hadoop@host2 ~]$ chmod 700 .ssh/
[hadoop@host2 ~]$ ls -ld .ssh/
drwx------. 2 hadoop hadoop 6 8月 15 20:02 .ssh/
[hadoop@host2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): //密钥路径
Enter passphrase (empty for no passphrase): //输入公钥密码,回车即空密码(回车)
Enter same passphrase again: //再次输入(回车)
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
f3:37:cc:fa:98:d6:ed:79:db:b6:68:13:cf:21:5f:66 hadoop@host2
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| |
| S |
| o o o .E|
| ..=.*oo|
| .=.+o=+|
| .+.oo+=+|
+-----------------+
[hadoop@host2 ~]$ ssh-copy-id -i .ssh/id_rsa.pub hadoop@192.168.50.111 //将公钥文件传给HOST1
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
hadoop@192.168.50.111's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'hadoop@192.168.50.111'"
and check to make sure that only the key(s) you wanted were added.
[hadoop@host2 ~]$ ssh hadoop@192.168.50.111 //直接登录,无需验证密码
Last login: Fri Aug 16 04:12:03 2019 from 192.168.50.112
[hadoop@host1 ~]$
CenOS7秘钥双向验证的配置的更多相关文章
- 构建秘钥对验证的SSH体系
构建秘钥对验证的SSH 体系 首先先要在ssh 客户端以root用户身份创建秘钥对 客户端将创建的公钥文件上传至ssh服务器 服务器将公钥信息导入用户root的公钥数据库文件 客户端以root用户身份 ...
- Git秘钥生成以及Gitlab配置
安装Git:详见http://www.cnblogs.com/xiuxingzhe/p/9300905.html 开通gitlab(开通需要咨询所在公司的gitlab管理员)账号后,本地Git仓库和g ...
- Git秘钥生成以及Gitlab配置(附以下问题解决方法:Key is invalid Fingerprint cannot be generated)
在进行Git密钥配置时,总是提示: “The form contains the following errors:Key is invalidFingerprint cannot be genera ...
- ssl/https双向验证的配置
1.SSL认证 不需要特别配置,相关证书库生成看https认证中的相关部分 2.HTTPS认证 一.基本概念 1.单向认证,就是传输的数据加密过了,但是不会校验客户端的来源 2.双向认证,如果客户端 ...
- ssl https双向验证的配置与证书库的生成
1.SSL认证 不须要特别配置,相关证书库生成看https认证中的相关部分 2.HTTPS认证 一.基本概念 1.单向认证,就是传输的数据加密过了,可是不会校验client的来源 2.双向认证,假设 ...
- nginx配置ssl双向验证 nginx https ssl证书配置
1.安装nginx 参考<nginx安装>:http://www.ttlsa.com/nginx/nginx-install-on-linux/ 如果你想在单IP/服务器上配置多个http ...
- Android中保存静态秘钥实践(转)
本文我们将讲解一个Android产品研发中可能会碰到的一个问题:如何在App中保存静态秘钥以及保证其安全性.许多的移动app需要在app端保存一些静态字符串常量,其可能是静态秘钥.第三方appId等. ...
- soapui测试https双向验证p12项目
1.准备好p12 和jsk秘钥文件 2.配置soapui ssl 其中: 1:jks就是放在trustStore那里,密码填写为 106075 2:p12放到keystore,密码填写:180000 ...
- git生成SSH秘钥
1.进入git bash , 输入 cd ~/.ssh/ ,没有的话,自己创建 mkdir ~/.ssh , 然后进入该文件夹完成生成秘钥步骤 2.配置全局的name和email,这里是的你githu ...
随机推荐
- 图片加载框架之fresco
FaceBook推出的图片处理框架主页: https://github.com/facebook/fresco中文文档:http://fresco-cn.org/docs/index.html 功能 ...
- linux 基础 yum 安装
ls /dev/cdrom mkdir /mnt/cdrom mount -r /dev/cdrom /mnt/cdrom
- FormGroup验证不起作用
读文件来动态地生成FormGroup 类似下面的代码 private formAttrs: FormGroup; for (var i = 0; i < this.array.length; i ...
- MVC - 单点登录中间件 (转)
http://www.cnblogs.com/wangrudong003/p/6435013.html 本章将要和大家分享的是一个单点登录中间件,中间件听起来高深其实这里只是吧单点登录要用到的逻辑和处 ...
- 利用python列出当前目录下的所有文件
问题 当一个目录下有很多文件夹或者文件,我们想分析各个文件的名字,这时就可以写一个函数,列出当前目录下所有文件名字. 代码 src_dir = r'./' # 源文件目录地址 def list_all ...
- Xcode8.1 真机测试 ,添加iOS10.3的idk到Xcode8.1中
1.下载iOS10.3的idk包; 2.解压, 找到路径 Finder -> 应用程序 -> 右键Xcode -> 显示包内容 -> Contents -> Develo ...
- Pycharm从虚拟环境切换到本地环境
切换到本地: 点击左上角File – settings , 在打开的对话框中选择:Project xxx (xxx是你项目的名称) – Project Interpreter ,在右边可以看到解释器, ...
- webdriervAPI(多窗口切换)
两个方法 driver.current_window_handle 获取当前窗口句柄 driver.window_handles 获取所有窗口句柄 from selenium import webdr ...
- 【C/C++】对于可重入、线程安全、异步信号安全几个概念的理解
由于前段时间,程序偶尔异常挂起不工作,检查后发现时死锁了,原因就是:在信号处理函数里面调用了fprintf. printf等io函数是需要对输出缓冲区加锁,这类函数对本身是线程安全的,但是对信号处理函 ...
- 【Python开发】python集成开发环境IDE搭建
http://blog.csdn.net/pipisorry/article/details/39854707 使用的系统及软件 Ubuntu / windows Python 2.7 / pytho ...