如何進(jìn)行Linux系統(tǒng)SSH服務(wù)中的sshkey密鑰認(rèn)證實(shí)戰(zhàn)，很多新手對(duì)此不是很清楚，為了幫助大家解決這個(gè)難題，下面小編將為大家詳細(xì)講解，有這方面需求的人可以來(lái)學(xué)習(xí)下，希望你能有所收獲。

在巫溪等地區(qū)，都構(gòu)建了全面的區(qū)域性戰(zhàn)略布局，加強(qiáng)發(fā)展的系統(tǒng)性、市場(chǎng)前瞻性、產(chǎn)品創(chuàng)新能力，以專注、極致的服務(wù)理念，為客戶提供成都網(wǎng)站設(shè)計(jì)、做網(wǎng)站 網(wǎng)站設(shè)計(jì)制作按需網(wǎng)站開(kāi)發(fā),公司網(wǎng)站建設(shè),企業(yè)網(wǎng)站建設(shè),成都品牌網(wǎng)站建設(shè),成都營(yíng)銷網(wǎng)站建設(shè),成都外貿(mào)網(wǎng)站制作,巫溪網(wǎng)站建設(shè)費(fèi)用合理。

SSH服務(wù)一些特性及其簡(jiǎn)單配置，在實(shí)際的生產(chǎn)環(huán)境中，經(jīng)常會(huì)用到sshkey密鑰認(rèn)證實(shí)行數(shù)據(jù)分發(fā)數(shù)據(jù)等操作，還可以批量操作內(nèi)網(wǎng)服務(wù)器，實(shí)行免密認(rèn)證進(jìn)行推送分發(fā)數(shù)據(jù)

實(shí)際生產(chǎn)結(jié)構(gòu)拓?fù)鋱D如下

整個(gè)配置過(guò)程

整個(gè)配置環(huán)境只用一兩臺(tái)服務(wù)器

一、實(shí)際環(huán)境查看

分發(fā)服務(wù)器

[root@Centos ~]# cat /etc/redhat-release

CentOS release 6.5 (Final)

[root@localhost ~]# uname -r

2.6.32-431.el6.x86_64

節(jié)點(diǎn)服務(wù)器

[root@localhost ~]# cat /etc/redhat-release

CentOS release 6.5 (Final)

[root@localhost ~]# uname -r

2.6.32-431.el6.x86_64

二、服務(wù)器添加系統(tǒng)賬號(hào)

分發(fā)服務(wù)端配置賬號(hào)與密碼

[root@Centos ~]# useradd fenfa

[root@Centos ~]# echo "123456"|passwd --stdin fenfa

Changing password for user fenfa.

passwd: all authentication tokens updated successfully.

節(jié)點(diǎn)服務(wù)端配置賬號(hào)與密碼

[root@localhost ~]# useradd fenfa

[root@localhost ~]# echo "123456"|passwd --stdin fenfa

Changing password for user fenfa.

passwd: all authentication tokens updated successfully

三、生成密鑰對(duì)

注意此操作需切換到創(chuàng)建的用戶（分發(fā)服務(wù)器操作）

[root@Centos ~]# su - fenfa

[fenfa@Centos ~]$ whoami

fenfa

[fenfa@Centos ~]$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/fenfa/.ssh/id_dsa): 

key存儲(chǔ)到這個(gè)文件

Created directory '/home/fenfa/.ssh'.       系統(tǒng)自動(dòng)創(chuàng)建這個(gè)目錄

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /home/fenfa/.ssh/id_dsa. 私鑰

Your public key has been saved in /home/fenfa/.ssh/id_dsa.pub.公鑰

The key fingerprint is:

07:06:7a:22:ec:11:72:ae:06:36:de:1c:17:15:90:50 fenfa@Centos

The key's randomart image is:

+--[ DSA 1024]----+

|. o.oE=o.        |

| = . o..         |

|.o=.o.. o        |

|+o+ooo . .       |

|.o.o    S .      |

|.        .       |

|                 |

|                 |

|                 |

+-----------------+

[fenfa@Centos ~]$ cd /home/fenfa/.ssh

[fenfa@Centos ~]$ ls -ld .ssh

drwx------. 2 fenfa fenfa 4096 Aug 27 17:09 .ssh    權(quán)限700

[fenfa@Centos .ssh]$ ls -ll

total 8

-rw-------. 1 fenfa fenfa 672 Aug 27 16:47 id_dsa

-rw-r--r--. 1 fenfa fenfa 602 Aug 27 16:47 id_dsa.pub

此處注意兩個(gè)文件的權(quán)限：id_dsa 600  id_dsa.pub 644 

[fenfa@Centos ~]$ cat /home/fenfa/.ssh/id_dsa

-----BEGIN DSA PRIVATE KEY-----

MIIBvAIBAAKBgQCtz936+YRJaeXBdaVxAtCXOy7IzpUbKSLLA+IC2bg6xLOGS8U+

5qvI73eQqr2yB0HIowEfVSX51zAZShj3SPe3dO89UjD2R+PHL9ORPx2MNLed9MVS

gVFOd12OmsAJ+CDsoFV8J1iF0rjbfZ1XDwCPtktWfG5xnOwjtKSHt9aNVQIVAJ4j

t8J7fuQq40QH6KQ3iEwrupVHAoGAXO3Gel3jQTjN4HJAoWW1zloHlZiD8IkJ6Uz+

LJl6uKFh3klhT+2G9ndOezQlpcMPh/8EOADPZwo+wFRCcKrXoe9ugl/YKb0ERZrn

7ZwEe/uvg1ciW9bCeigni24PMEtiPCd8vDpaSKCkdp7EEvAX/HjaVkUNdALqMl0j

s93UAlICgYEAhQEfTIzZitAyx72z7Bdwtc3FLiPgIGu2vX2mu0xRz4sMHbBOBRi2

a+LFvrwCSfizXO1HBB+giAH2GUFu4BRfxfwHcBRtGtynjMsNlfvU72JBvVVE8puv

BW4A3+5dSUW1skllBuFzkbLQOnhi7SFboSGIXqRSI3NAfutPJ/5Id8MCFQCNVrXo

HcHsd+7aKJql1oW10MHxBQ==

-----END DSA PRIVATE KEY-----

四、分發(fā)密鑰（公鑰）

分發(fā)的命令格式

ssh-copy-id -i 密鑰名稱  用戶@遠(yuǎn)端主機(jī)IP地址-------------用于ssh是默認(rèn)端口

ssh-copy-id -i 密鑰名稱  “-p port 用戶@遠(yuǎn)端主機(jī)IP地址”--用于ssh非默認(rèn)端口

[fenfa@Centos ~]$ cd .ssh

[fenfa@Centos .ssh]$ ssh-copy-id -i id_dsa.pub fenfa@192.168.1.3

The authenticity of host '192.168.1.3 (192.168.1.3)' can't be established.

RSA key fingerprint is 86:41:46:5c:d9:e0:98:a5:15:ee:b4:01:a5:37:49:c4.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.3' (RSA) to the list of known hosts.

fenfa@192.168.1.3's password: 

Now try logging into the machine, with "ssh 'fenfa@192.168.1.3'", and check in:

 .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

節(jié)點(diǎn)服務(wù)器測(cè)試是否分發(fā)成功

[root@localhost ~]# tree /home/fenfa/.ssh/

/home/fenfa/.ssh/

+-- authorized_keys

0 directories, 1 file

分發(fā)成功

五、分發(fā)數(shù)據(jù)

手工分發(fā)

[fenfa@Centos ~]$ scp -P22 -r -p /tmp/text/ fenfa@192.168.1.3:~

123.txt                                 100%    0     0.0KB/s   00:00

節(jié)點(diǎn)服務(wù)器測(cè)試

[root@localhost fenfa]# tree /home/fenfa/

/home/fenfa/

+-- text

    +-- 123.txt

1 directory, 1 file

腳本分發(fā)

可以將命令寫進(jìn)腳本中進(jìn)行執(zhí)行

[fenfa@Centos ~]$ vi fenfa.sh

scp -P22 -r -p /tmp/text/ fenfa@192.168.1.3:/tmp/fenfadir/

[fenfa@Centos ~]$ ./fenfa.sh

123.txt                                 100%    0     0.0KB/s   00:00

[fenfa@localhost fenfadir]$ pwd

/tmp/fenfadir

[fenfa@localhost fenfadir]$ tree

.

+-- text

    +-- 123.txt

1 directory, 1 file

分發(fā)成功

如果是生產(chǎn)環(huán)境中每天都要分發(fā)一些數(shù)據(jù)到節(jié)點(diǎn)服務(wù)器，可以將此腳本放進(jìn)定時(shí)任務(wù)，每天系統(tǒng)自動(dòng)執(zhí)行，不過(guò)最好定時(shí)執(zhí)行的時(shí)間是服務(wù)并發(fā)量不高的時(shí)候，以免影響正常的業(yè)務(wù)訪問(wèn)

看完上述內(nèi)容是否對(duì)您有幫助呢？如果還想對(duì)相關(guān)知識(shí)有進(jìn)一步的了解或閱讀更多相關(guān)文章，請(qǐng)關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道，感謝您對(duì)創(chuàng)新互聯(lián)的支持。