ssh认证创建步骤:
1、产生一对公钥,密钥
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
17:1e:3a:a7:c4:b1:a4:d6:07:ee:63:1b:0a:c9:17:82 root@localhost
连续四次回车,产生一对空密码的密钥和公钥id_rsa , id_rsa.pub
2、将公钥id.rsa.pub重命名为authorized_keys (或 authorized_keys2)
mv id_rsa.pub authorized_keys
3、将公钥authorized_keys拷贝到其他机器的.ssho/目录即可
rsync -av authorized_keys root@ip:/root/.ssh/
ssh认证使用过程遇到的问题
症状:正常使用一段时间,没什么问题。突然有一天有一台机器ssh登录需要密码,authorized_keys文件存在,也未改动过。重新生成证书也无效。
原因:最后查出原因为/root目录的权限改动了,其权限改为了的drwxrwx---。网上查了一些资料显示,只要公钥
authorized_keys对除自己以外其他用户有写权限,认证就会失效。
解决方法:将root组的写权限去掉,就ok了
