2017年12月5日 星期二

OpenSSH 自動登入設定


安裝OpenSSH Server 自動產生Server公鑰和私鑰
ubuntu@myHDP2:~$ sudo apt-get install ssh
Reading package lists... Done
Building dependency tree
Reading state information... Done
ssh is already the newest version (1:7.2p2-4ubuntu2.2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

產生Client公鑰和私鑰 請改用RSA keygen
ubuntu@myHDP2:~$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
Generating public/private dsa key pair.
Created directory '/home/ubuntu/.ssh'.
Your identification has been saved in /home/ubuntu/.ssh/id_dsa.
Your public key has been saved in /home/ubuntu/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:Ef0CZ52Uso+FbQiEE******@HostName
The key's randomart image is:
+---[DSA 1024]----+
|..E o **=. o.o   |
|.  * ooO+o= +    |
|. + + =.== B     |
| o * + + .= =    |
|  * o . S  *     |
| *     .  . .    |
|. o              |
|                 |
|                 |
+----[SHA256]-----+

ubuntu@myHDP2:~/.ssh$ ls
 id_dsa 私
 id_dsa.pub 公鑰


將公鑰附加Append到存放Client端公鑰的authorized_keys中
ubuntu@myHDP2:~$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
ubuntu@myHDP2:~$ cat ~/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAM3c31QwgDvol5tDdkqrdJ1Non46OlRu5sfELuaSpoEnr9mXM4dYgR4/0W4GE4Q0ZM14JYfuKesaPJOReRqQvcMGaF0RJoBmc0iq9gUNS8qABAvLXWyPARC61DVwWTVo7ZOLwVw76djTYPZ1/n5jIQ*****

Test
ubuntu@myHDP2:~/.ssh$ ssh myHDP2
The authenticity of host 'myhdp2 (172.16.1.222)' can't be established.
ECDSA key fingerprint is SHA256:kQwon1lvQlotiOU3nXQ/n2NTxDXOr0QEgOcQNcKm5e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'myhdp2,172.16.1.222' (ECDSA) to the list of known hosts.
ubuntu@myhdp2's password:
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-1041-aws x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
Last login: Fri Dec  8 02:30:58 2017

ubuntu@myHDP2:~/.ssh$ ls
authorized_keys  id_dsa  id_dsa.pub  known_hosts (多出來的檔案)

ubuntu@myHDP2:~/.ssh$ sudo cat known_hosts
[sudo] password for ubuntu:
|1|CkPVIE66uAzvyoP9TsJdgdYOuss=|2oz6mj1mDpbGiN/x7/atFA1HH2Q= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNxFd67hUBDZRzj8/7RE/IM4zOdLHmnu2OnbiUlWbv3qIFIUqW8Sb+5ounMGR6vgCd7blESzLheqqhtagbYihKI=
|1|SPYBtv/+cw1NvZT5F/5QLoqdeF4=|8MXFgE5iCNC+nfG09LLV8hOxYZw= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNxFd67hUBDZRzj8/7RE/IM4zOdLHmnu2OnbiUlWbv3qIFIUqW8Sb+5ounMGR6vgCd7blESzLheqqhtagbYihKI=



將 public key(id_dsa.pub) 拷貝到遠端的電腦後, 加到那 user 的 .ssh/authorized_keys 中.
之後連線時, 就會用本機的 private key(id_rsa) 與遠端電腦的 public key(authorized_keys) 做認證, 確認完成就可以直接登入, 不需輸入帳號密碼, 而且也比較安全.
要關閉使用密碼登入, 只允許使用 Key 來做登入, 可修改此檔案的下述兩個參數: vim /etc/ssh/sshd_config
  • PubkeyAuthentication yes
  • PasswordAuthentication no
Edit ssh_config file
ubuntu@myHDP2:~$ sudo vi /etc/ssh/ssh_config


#   ConnectTimeout 0
#   StrictHostKeyChecking ask
        StrictHostKeyChecking no

Test by $ ssh hostname
ubuntu@myHDP2:~$ ssh myHDP2

Permission denied (publickey)!!!? 試了好幾次都是
改用RSA key重做成功!!!

ssh login不用敲password 直接登入





標籤: , ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)

check_systemv1.1

 check_systemv1.1.bat 可用於電腦資產盤點 @echo off REM 後續命令使用的是:UTF-8編碼 chcp 65001 echo ***Thanks for your cooperation*** echo ***感謝你的合作*** timeout 1...