SSH2下面配置基于key的ssh登录

| |
[不指定 2010/05/06 11:19 | by ipaddr ]
与openssh有些不一样,如下:
User configuration of SSH2 becomes smarter than that of SSH1. Now public keys are stored in separate files and one can have multiple host-specific identifications (i.e., private keys). Read the ssh manual page for details.  Here I describe most basic usage of SSH2. When you want to login to a remote host (Remote) from a local computer (Local) using SSH2, you do:
   
        1. Create private & public keys of Local, by executing
           ssh-keygen (ssh-keygen2) on Local.

            Local> ssh-keygen
            Generating 1024-bit dsa key pair
            9 o.oOo..oOo.o
            Key generated.
            1024-bit dsa, created by ymmt@Local Wed Sep 23 07:11:02 1998
            Passphrase :
            Again :
            Private key saved to /home/ymmt/.ssh2/id_dsa_1024_a
            Public key saved to /home/ymmt/.ssh2/id_dsa_1024_a.pub

        ssh-keygen will ask you a passphrase for new key. Enter a
  sequence of any ordinal character (white spaces are OK) of proper
  length (20 characters or so). ssh-keygen creates a ".ssh2"
        directory in your home directory, and stores a new
        authentication key in two separate files. One is your private
        key and thus it must NOT be opened to anyone but you. In above
        example, it is id_dsa_1024_a. The other (id_dsa_1024_a.pub) is
        a public key that is safe to be opened and to be distributed
        to other computers. 
       
        2. Create an "identification" file in your ".ssh2" directory on Local.

            Local> cd ~/.ssh2
            Local> echo "IdKey id_dsa_1024_a" > identification

        This will create a file "identification" in your ".ssh2" directory, which has one line that denotes which file contains your identification. An identification corresponds a passphrase (see above). You can create multiple identifications by executing ssh-keygen again, but rarely you should.
       
        3. Do the same thing (1, and optionally 2) on Remote.

        This is needed just to setup ".ssh2" directory on Remote. Passphrase may be different.
       
        4. Copy your public key of Local (id_dsa_1024_a.pub) to ".ssh2"
        directory of Remote under the name, say, "Local.pub".

        ".ssh2" on Remote now contains:

            Remote>ls -F ~/.ssh2
            Local.pub
            authorization
            hostkeys/
            id_dsa_1024_a
            id_dsa_1024_a.pub
            identification
            random_seed
       
        5. Create an "authorization" file in your ".ssh2" directory on Remote. Add the following one line to "authorization",
           
   
            Key Local.pub
                
        which directs SSH server to see Local.pub when authorizing your login. If you want to login to Remote from other hosts, create authorization keys on the hosts (step 1 and 2) and repeat step 4 and 5 on Remote.
       
        6. Now you can login to Remote from Local using SSH2!
       
Try to login:

    Local>ssh Remote
            Passphrase for key "/home/ymmt/.ssh2/id_dsa1024_a" with
            comment "1024-bit dsa, created by ymmt@Local Mon Sep 21
            17:53:01 1998":
       
        Enter your passphrase on Local, good luck!
OS | 评论(0) | 引用(0) | 阅读(7218)