pi@f1:~$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
Generating public/private dsa key pair.
Created directory '/home/pi/.ssh'.
Your identification has been saved in /home/pi/.ssh/id_dsa.
Your public key has been saved in /home/pi/.ssh/id_dsa.pub.
The key fingerprint is:
f4:37:c8:9e:66:7b:af:23:59:9a:d1:a7:40:b2:13:54 pi@f1
The key's randomart image is:
+---[DSA 1024]----+
| .E |
| . |
| .. |
| .oo.. |
| S=+.o |
| o.ooo.. |
| .=B o |
| o=.+ |
| .o.+. |
+-----------------+
pi@f1:~$
pi@f1:~/.ssh$ ll
總計 16
drwx------ 2 pi pi 4096 6月 26 06:32 .
drwxr-xr-x 3 pi pi 4096 6月 26 06:32 ..
-rw------- 1 pi pi 668 6月 26 06:32 id_dsa
-rw-r--r-- 1 pi pi 595 6月 26 06:32 id_dsa.pub
pi@f1:~$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
pi@f1:~$ ll .ssh
總計 20
drwx------ 2 pi pi 4096 6月 26 06:44 .
drwxr-xr-x 3 pi pi 4096 6月 26 06:39 ..
-rw-r--r-- 1 pi pi 595 6月 26 06:44 authorized_keys
-rw------- 1 pi pi 668 6月 26 06:32 id_dsa
-rw-r--r-- 1 pi pi 595 6月 26 06:32 id_dsa.pub
pi@f1:~$ cat ~/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBANN4E8LhI4A8ymZEkq8vFZoBlNyb1jI5Mx2j53BzfKnMMqkWXxlCkJYkzkIqhuekqIfaCT8c3CARFZ9yMNNzU4hZKOiuU1xR3aKlCfec+wGfEYUgiCmTIL4q5qAs+kfz1LAs1swtPrlAFPb1VqN/WchXhmASeNUXLOMV5tgnfQDnAAAAFQCgeP6cJqjP6mtTA4/CUBSJdXPCqwAAAIBFRWzWiWV81hZzLEShn3qimV3e/SassWkjWhJzHk4tlpR5trM+r+Dj3F4XSPKN7VYOswQExdHYZVccyfG+AY8Yfr9mBTeL6ZxXbjykZVfaL+SJvg0I0ZXx/y6DqTpZ/EkJv8uLd9yQlN9RQw3U9Q3SYLFs4LNUVDN23f74WUQ4kgAAAIA8dED8VkbwCoc8C2xX7mSHr0e32jdqXaNms7z8GrxGZQdVUpApeW1SQqOPSLcRTcwPuvHZUvJs63cidvpketNvMBu8UXo/TCIFUs5EpPmkMZKFacSKVz7XfD4jmpVNfGpwZ//87gUwS9TYijGKNXOEAHFFGi+jrDAco7Hjv7w9Mw== pi@f1
pi@f1:~$ ssh f4 <try ssh 登入其他機器>
The authenticity of host 'f4 (172.20.110.153)' can't be established.
ECDSA key fingerprint is 30:98:7c:8a:39:81:34:83:7e:39:d4:c0:d8:44:7a:b3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'f4,172.20.110.153' (ECDSA) to the list of known hosts.
pi@f4's password:
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Jun 26 03:54:09 2016 from f4
pi@f4:~$ exit <離開>
<登入後會產生known_hosts>
-rw-r--r-- 1 pi pi 666 6月 26 06:47 known_hosts
pi@f1:~$ cat .ssh/known_hosts
|1|J2Ks8jCrK/nLOFpA27MyXeoj/ho=|As8PbHWM6YKa1fyu4qr+kV2EYPw= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYJk9xZfu4nHqTLJy/F6pQmDNKKlicBBnsxKxqCCdH7afRnoRXBOpACtnotzfus2psEvUA2F5nbLfJ9DyHdt0M=
|1|Duy20DuhPYqmit8qz2M/hfV6Dhk=|CFhZWRA2Y/UJ1wqmqgO7M6x5xNQ= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA5/f97V1+fk5xveLVn1x916k8H1GibsLHrW0bfTV2tZlecyYUo1w6PMdg+E1rIzQk7n/A6wi5eFej3y9I6ScMI=
|1|WaSnEvzy76uymZJyK+mBTN2reaI=|ycGjSFE7pAQby2CyFiITBBGwFOM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA5/f97V1+fk5xveLVn1x916k8H1GibsLHrW0bfTV2tZlecyYUo1w6PMdg+E1rIzQk7n/A6wi5eFej3y9I6ScMI=
利用SCP指領抓取憑證
<<ssh login without password work.>> 交憑証ssh login不用password
<先backup>
cp authorized_keys authorized_keys_bak
<從其他host copy來authorized_keys file>
scp pi@f2:~/.ssh/authorized_keys ~
pi@f1:~$ cat authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBALhK3oOhL452rLWR1qGzAP99hNpne+/ZzzKNNPiiqxI2Ruxy3N4O1ausvqQF89M9AGt8MHmCyvMd+/HXzzUIuNEh1+cMLmXyNfdAPGHd0GiLoC/thXR8WQHgutY37w1LovMgDhoBR518j2pKTdwyMGgkeXUlwluVkJBdLImoDhOdAAAAFQCTOyOkWJWtXcuyd/DhXlh65r8PWQAAAIEAiGr5CWPbz5OK0wUjgaftZ/H4FctGF1c+aA9oEnvdClkBxRI0HstRfylrZOdyLt6Iz/J4A7uS+wGDNyr4QFHLrap+pmm/bVHNy3y4PGCgGWPJYAHeEhtkSp3wrf5w0jjWrupj2vfe8JZR3UqsrrSTieRrdWcpVTDBQtCd0fqnmFkAAACBAKFF6v/3SdnExgVpHlvfrCGkCKvpgdonrJHELKF8xkzfOfeY9PR5wk+5ErqWWTO/l0dGL/q8h1Y1G/63NBOw/Enhfh+YuqTHtZWqWC9weHR1mjERvoCj3HcHwrV2S84838+Et54mfImLKvcB0FJ0HnvsY4VvwjoJHXjUPTMmK7pj pi@f2 <這是f2的authorized_keys>
<cat and import到f2的 authorized_keys file>
pi@f1:~$ cat ~/authorized_keys >> ~/.ssh/authorized_keys
<check f2 f4的都進來了>
pi@f1:~/.ssh$ cat authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBANN4E8LhI4A8ymZEkq8vFZoBlNyb1jI5Mx2j53BzfKnMMqkWXxlCkJYkzkIqhuekqIfaCT8c3CARFZ9yMNNzU4hZKOiuU1xR3aKlCfec+wGfEYUgiCmTIL4q5qAs+kfz1LAs1swtPrlAFPb1VqN/WchXhmASeNUXLOMV5tgnfQDnAAAAFQCgeP6cJqjP6mtTA4/CUBSJdXPCqwAAAIBFRWzWiWV81hZzLEShn3qimV3e/SassWkjWhJzHk4tlpR5trM+r+Dj3F4XSPKN7VYOswQExdHYZVccyfG+AY8Yfr9mBTeL6ZxXbjykZVfaL+SJvg0I0ZXx/y6DqTpZ/EkJv8uLd9yQlN9RQw3U9Q3SYLFs4LNUVDN23f74WUQ4kgAAAIA8dED8VkbwCoc8C2xX7mSHr0e32jdqXaNms7z8GrxGZQdVUpApeW1SQqOPSLcRTcwPuvHZUvJs63cidvpketNvMBu8UXo/TCIFUs5EpPmkMZKFacSKVz7XfD4jmpVNfGpwZ//87gUwS9TYijGKNXOEAHFFGi+jrDAco7Hjv7w9Mw== pi@f1
ssh-dss AAAAB3NzaC1kc3MAAACBAOrR8YAsS+7oNa9dzKKXnZ4jLJ8BRqMFPyUFoQ84G4TiT0nwFlU0+lE1JEVDV5NZP1j0IkwEg8SI9BVzQjX5xJb6+++2pR1uA/w60Z/dflxEkiJyKHLQwPsjOoNHZiEU7/FggMXioTZgrcqdvmOFp8ZYK4qq+aKU+G/5QMuBr5I7AAAAFQC3YT1QJb/BGoRhwo9gaN2c9jpFCQAAAIEA3S740E+OCCB0E3zgrbRuZ+5GfqOshKTZDw3LiJJzP/UQoN0JmwCtpiM1GMkvOY/VM856H1XIAtgolfdqy55o1JdJouRp8zBbIqJXq1VGn0NPZpQw47FFWLJWscOW6UnJywv39cMeHJ2oVccga0Q0fXE/ThK/uOF6An3egwrzA10AAACAcZQwL9svB5Wvgb8QYHaGGiAmkbHgUcs1kb5M9R5+Q1wrTLa7LuSJsr2HgNNkHGiIkaJUZMbZU5aJnb3uBSudls+DRn+khUrVkxDVPBvl3OwKGXlwUgQrFjctx5/MRN/khITwKNd+jEXub+if+ZrIAR4/RfY5Qe3qWOMAreDenDQ= pi@f4
ssh-dss AAAAB3NzaC1kc3MAAACBALhK3oOhL452rLWR1qGzAP99hNpne+/ZzzKNNPiiqxI2Ruxy3N4O1ausvqQF89M9AGt8MHmCyvMd+/HXzzUIuNEh1+cMLmXyNfdAPGHd0GiLoC/thXR8WQHgutY37w1LovMgDhoBR518j2pKTdwyMGgkeXUlwluVkJBdLImoDhOdAAAAFQCTOyOkWJWtXcuyd/DhXlh65r8PWQAAAIEAiGr5CWPbz5OK0wUjgaftZ/H4FctGF1c+aA9oEnvdClkBxRI0HstRfylrZOdyLt6Iz/J4A7uS+wGDNyr4QFHLrap+pmm/bVHNy3y4PGCgGWPJYAHeEhtkSp3wrf5w0jjWrupj2vfe8JZR3UqsrrSTieRrdWcpVTDBQtCd0fqnmFkAAACBAKFF6v/3SdnExgVpHlvfrCGkCKvpgdonrJHELKF8xkzfOfeY9PR5wk+5ErqWWTO/l0dGL/q8h1Y1G/63NBOw/Enhfh+YuqTHtZWqWC9weHR1mjERvoCj3HcHwrV2S84838+Et54mfImLKvcB0FJ0HnvsY4VvwjoJHXjUPTMmK7pj pi@f2
<把新的組合authorized_keys scp到其他host>
pi@f1:~/.ssh$ scp /home/pi/.ssh/authorized_keys pi@f2:~/.ssh
pi@f1:~/.ssh$ scp /home/pi/.ssh/authorized_keys pi@f4:~/.ssh
authorized_keys 0% 0 0.0KB/s --:--
authorized_keys 100% 1785 1.7KB/s 00:00
<認識ssh不用password>
pi@f1:~/.ssh$ ssh f2
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Jun 26 09:35:54 2016 from f1
沒有留言:
張貼留言