luni, mai 25, 2009

Generarea de SSH chei

Generam cheia publica pe masina de pe care vrem sa avem access

[root@xt-ipxqa3 .ssh]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
3d:b3:a5:1a:15:2c:1c:ba:b7:b7:75:88:08:33:a5:54 root@xt-ipxqa3.cd
[root@xt-ipxqa3 .ssh]#


Continutul fisierului id_dsa.pub (/root/.ssh/id_dsa.pub, adica cheia publica) vezi mai jos i-l copiem in fisierul /root/.ssh/authorized_keys pe masina la care dorim sa avem acces fara a introduce parola.

[root@xt-ipxqa3 .ssh]# cat id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAIjKQ3Vw8eartEcjDnhdxiMUpjuMUGGWC36fO/6wo+p7g0aG+4Hum6OOCo0Vq2lCmnuVlQKW3LUbFK5oges8wkkkhzC9szWMeRTB41wWpJ8wqnJ5ImK30DZr2FnwEcME6d/5wzQwOVxL/5w1EltC74akxZXG8xd+85Lx1X1u27nDAAAAFQC+ajZmPfsMsJuaDBE7+CEmfXkTPwAAAIAE13Phb8iswF7bc80U8vu+R+FEJo+NDyVlzEartbE/Nwg2j329qCHw5lLP+ZM8pfE7zkM5jq+A2j4R2YlzUYb3tH0P3Z2456gtuymQJIK7KV7PUAgQ+cyjkov5zyjI9OKpkXIjy3/Uhcb+JWrhMRrEaIklToGWtI5bPLio049/yAAAAIB97JkKRNGRNEOroL+d7suNAB8n+WdSZxear4RQdHKSK9mCJmTiw9rQlJzTaHyueAx37zx9NEkrOsmCHdg38K21mvAPhYYelsOFS95/C1SUvvUWpbGZflDdwBC7aMfEgwrn4cB1wEWOFS15vLBqCtb+2rbbpP2ZhVcmGmLjf2A7/A== root@xt-ipxqa3.cd
[root@xt-ipxqa3 .ssh]#


In rezultat pe masina care dorim sa avem acces fisierul /root/.ssh/authorized_keys va arata in felul urmator:

[root@xt-ipxdev .ssh]# cat authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAM87KuOt+DxfArWKlQJ+7QQBpHPo16zNivUjdMybjKYRif9ek/gKEEmtvZQBMzzfH1EbM8BsmJXgzNqvR75RfHG2wtQhEf0cHQamTrYRFFLh/oZxZpKtDHgWEuMkZkmWOXo9KH0ENHVIjZMNadG0NjAdf9eZIA/ppM+/xvIPyWpjAAAAFQDpmtNW0mI9/JFK/DIp3WaTGDksOQAAAIEAsUZ2WRjEpL4y7x9lEnbypY+d7KKdexcRBdjJd4i9eMNJ2qeJ8CEdfIYVBqmjcTSUqwZ7uSCZlA8m1+1s2W40ur3Hy2tGG/yX3F4oPfX3r9z0yJ9g+njekugjb0hbsOgK+hq9i4MTSKk5L9p1D2c2DwBKIxQZjCH82ezhDeBAvoEAAACBAJhklqjpkHF2gO+Heph27ppiTWk/fFw1FszZfV1bi+JnmbsgVSvR3mzbfut/j82CF0xxU985a0wHR/BrBQOlmFbtUdqWjce2W7Xy7rKlCqLaRnADGb4csqTfjRsZ/GXpkc1bwXMSsp7Y01OicqzM9/ll7zrcCXFi8kHQ+k0hfFS4 root@xt-ipxdev.cd
[root@xt-ipxdev .ssh]#



Dupa acest schimb de chei accesul de pe masina xt-ipxqa3 pe masina xt-ipxdev nu va fi authentificat prin parola, ex:

[root@xt-ipxqa3 .ssh]# ssh xt-ipxdev
Last login: Mon May 25 19:00:47 2009 from 172.16.34.239
[root@xt-ipxdev root]#

Membri

Comentarii