вторник, 28 августа 2012 г.

Настраиваем SSH аутентификацию по публичному RSA/DSA ключу

Использовать аутентификацию по публичному ключу можно в разных целях, и рас вы попал на эту страницу, значит вы знаете зачем оно вам надо =)).

Для аутентификацию по публичному ключу можно использовать либо RSA либо DSA алгоритм. Лично я предпочитаю RSA.

Генерируем RSA ключи
ssh-keygen -t rsa
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/user/.ssh/id_rsa): 
 Created directory '/home/user/.ssh'.
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/user/.ssh/id_rsa.
 Your public key has been saved in /home/user/.ssh/id_rsa.pub.
 The key fingerprint is:
 41:0d:3b:e2:23:e1:24:a2:57:11:10:0e:b5:03:e8:0f user@scorpius-adm
 The key's randomart image is:
 +--[ RSA 2048]----+
 |+.+oo.  oo       |
 |.+ . . . ..      |
 |o = + . +        |
 |.E * o . o       |
 |. + o o S        |
 | . . . .         |
 |                 |
 |                 |
 |                 |
 +-----------------+

либо генерируем DSA ключи, по вкусу
ssh-keygen -t dsa
 Generating public/private dsa key pair.
 Enter file in which to save the key (/home/user/.ssh/id_dsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/user/.ssh/id_dsa.
 Your public key has been saved in /home/user/.ssh/id_dsa.pub.
 The key fingerprint is:
 fb:b6:7c:0a:37:be:31:2b:d3:14:0c:be:af:d3:fa:81 user@scorpius-adm
 The key's randomart image is:
 +--[ DSA 1024]----+
 |                 |
 |        .        |
 |       . o       |
 |        . o      |
 |        S. .     |
 |        .o.      |
 |        E=*      |
 |        +*=*.    |
 |        oOX=     |
 +-----------------+
Теперь с помощью команды ssh-copy-id копируем ваш публичный ключ в файл ~/.ssh/authorized_keys удалённой машины.
ssh-copy-id user1@scorpius-adm
 user1@scorpius-adm's password: 
 Warning: No xauth data; using fake authentication data for X11 forwarding.
 /usr/bin/xauth:  file /home/user1/.Xauthority does not exist
 Now try logging into the machine, with "ssh 'user1@scorpius-adm'", and check in:

  ~/.ssh/authorized_keys

 to make sure we haven't added extra keys that you weren't expecting.
После чего можем подключиться без пароля
ssh user1@scorpius-adm
 Warning: No xauth data; using fake authentication data for X11 forwarding.
 Linux scorpius-adm 3.2.0-3-amd64 #1 SMP Mon Jul 23 02:45:17 UTC 2012 x86_64

 The programs included with the Debian GNU/Linux system are free software;
 the exact distribution terms for each program are described in the
 individual files in /usr/share/doc/*/copyright.

 Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
 permitted by applicable law.
Во время генерации можно использовать еще кучу параметров, подробнее в man ssh-keygen.
Enhanced by Zemanta