之前做过主机间root用户信任的建立 最近需要做普通用户之间的ssh信任 遇到了一些问题 权当记录
- 创建公钥私钥实现不加密码的连接
- 在
- [root@www ~]# ssh-keygen (创建命令)
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa): (默认就可)
- Created directory '/root/.ssh'.
- Enter passphrase (empty for no passphrase): (空)
- Enter same passphrase again:
- Your identification has been saved in /root/.ssh/id_rsa.
- Your public key has been saved in /root/.ssh/id_rsa.pub.
- The key fingerprint is:
- d9:7e:3f:fc:52:03:bd:66:89:ed:c1:1b:c2:68:f5:64 root@www.bb.com
- [root@www ~]# cd .ssh/ 进到这个目录
- [root@www .ssh]# ls (可以看到如下两个文件 id_rsa为私钥 id_rsa.pub为公钥)
- id_rsa id_rsa.pub
- [root@www .ssh]# scp id_rsa.pub root@ip:/root/.ssh/authorized_keys (把公钥拷到你需要登录的服务器上 并重名为authorized_keys
- [root@www .ssh]# ssh ip (然后ssh 就可以实现不需要密码的登录了)
- 普通用户A:192.168.202.132的t2用户 B:192.168.202.133的t2用户之间建立ssh信任
- A
- 1 [root@master ~]#su – t2
- t2@master ~]$ ssh-keygen
- 2 [t2@master ~]$ cd .ssh/
- [t2@master .ssh]$ ls
- id_rsa id_rsa.pub known_hosts
- [t2@master.ssh]$scp id_rsa.pub t2@192.168.202.133:/home/t2/.ssh/authorized_keys
- 这一部拷贝的时候 可能会提示192.168.202.133上没有/home/t2/.ssh这个目录
- 在B上
- su – t2
- mkdir .ssh
- 然后再拷贝就可
- 3测试
- [t2@master .ssh]$ ssh 192.168.202.133
- 发现还是不行 还是要提示输入密码
- 但我的root用户按照同样的方法是可以的 关闭iptables selinux这些还是不行
- 然后把B上的
- ll /home/t2/.ssh 权限是这么多
- drwxrwxr-x 2 t2 t2 4096 Sep 10 02:37 .ssh
- 经过和root用户的权限比较
- B执行
- chmod 700 /home/t2/.ssh(应该是改了这一步就可以了)
- chmod 600 /home/t2/.ssh/authorized_keys
- 然后再 就可以了
- [t2@master .ssh]$ ssh 192.168.202.133
- Last login: Mon Sep 10 18:46:47 2012 from master.puppet.com
- 注意
- 关于.ssh目录的权限 authorized_keys 权限如下
- [t2@master ~]$ ll -d .ssh/
- drwx------ 2 t2 t2 4096 Sep 10 02:42 .ssh/
- [t2@client1 .ssh]$ ll
- total 8
- -rw------- 1 t2 t2 402 Sep 10 02:42 authorized_keys