关于AS5 SSH支持key认证的完全解决方案

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtUOq6yotBEkldfBFZalh4FrFtX6wERChbLn7igQI4aofBNThWgIlBPfaThncfhs2Vu9DSBxExyGje/evcu/TyQRVBTuejEQnF4RPB+5fNMS+Qq48pdS33Rd/yt4m+Np/eGYDYW/ch5r/MRm5nek/WCW2MPAQbqrSZ7prj++SnMlavZDlAVsgHbY3GLYDD/7UbFJvewbY099zjSrW7yqIPdF9nACIg0dN+aMRtezJwr+NvOFZwrUuuz/ek1iCl2Q6soxRAkOTWbkE5bnF5LJJWtOox+ZxDu/mAry0dSv3eH0NMs6NPfBkwE5pyE9HG47r7k6kp7qKsuKCysk+MASNaQ== root@client

在客户端输入

[root@client .ssh]# ssh root@192.168.15.64  

Last login: Wed Feb 24 00:13:09 2010 from 192.168.15.50

注意:Enter file in which to save the key (/root/.ssh/id_rsa): 直接回车---这个地方不能输入名称,不然无密码登陆会报以下错误:

Permission denied (publickey,gssapi-with-mic

可以等生成后再做修改

===================================================================

[root@server ~]#     连接成功

提示：由于生成密钥的口令的密码为空，可以利用scp远程加密备份，scp是有Security的文件copy，基于ssh登录。操作起来比较方便，比如要把当前一个文件copy到远程另外一台主机上，可以如下命令。

[root@clinet .ssh]# scp id_dsa.pub root@192.168.15.64:/home/  

reverse mapping checking getaddrinfo for macbook_air failed - POSSIBLE BREAK-IN ATTEMPT!

id_dsa.pub                                    100% 601     0.6KB/s   00:00

[root@server .ssh]# ll /home/

total 4

-rw-r--r-- 1 root root 601 Feb 24 00:25 id_dsa.pub   说明拷贝成功

如果想反过来操作，把文件从远程主机copy到当前系统，也很简单。

[root@server home]# scp id_dsa.pub root@192.168.15.50:/home/

The authenticity of host '192.168.15.50 (192.168.15.50)' can't be established.

RSA key fingerprint is 05:de:f8:d8:7b:db:36:0a:1e:01:cc:06:64:0e:7e:0a.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.15.50' (RSA) to the list of known hosts.

Address 192.168.15.50 maps to ysgame2-pc, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

root@192.168.15.50's password: 输入client密码

id_dsa.pub                   100% 601     0.6KB/s   00:00

[root@clinet .ssh]# ll /home/

total 4

-rw-r--r-- 1 root root 601 Feb 24 00:29 id_dsa.pub    说明拷贝成功

2.服务器端提供ssh安全认证,也就上面提到第一种方案

（1）服务器端(AS5)

同样修改/etc/ssh/sshd.conf

#PermitEmptyPasswords no      修改为         PermitEmptyPasswords no

PasswordAuthentication yes   =========    PasswordAuthentication no

[root@viong .ssh]# service sshd restart

需要重启ssh才能使配置生效

Stopping sshd:                                            [ OK ]

Starting sshd:                                             [ OK ]

[root@viong ~]# ssh localhost

URL：http://www.bianceng.cn/OS/Linux/201410/45756.htm

（编辑：源码网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!