当SSH免密登录的私钥被移动之后... ...
来源:互联网 发布:投行工作做什么 知乎 编辑:程序博客网 时间:2024/05/16 00:58
一、设置免密登录
在主机192.168.237.21通过ssh-keygen生成私钥及对应公钥,分发公钥到192.168.237.22、192.168.237.23主机上。从主机192.168.237.21分别免密登录192.168.237.22、192.168.237.23,如图:
[root@GeeklpTset01 ~]# ssh-keygen -b 2048 -t rsa -C root-21[root@GeeklpTset01 .ssh]# ssh-copy-id -p id_rsa.pub root@192.168.237.22[root@GeeklpTset01 .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.237.23[root@GeeklpTset01 .ssh]# ssh 192.168.237.22Last login: Wed Dec 6 09:34:40 2017 from 192.168.237.1[root@GeeklpTset01 .ssh]# ssh 192.168.237.23Last login: Wed Dec 6 09:34:36 2017 from 192.168.237.1
二、移动SSH私钥
[root@GeeklpTest020 ~]# mkdir .ssh[root@GeeklpTest020 ~]# cd .ssh[root@GeeklpTset01 .ssh]# scp id_rsa root@192.168.237.20:/root/.ssh[root@GeeklpTset01 .ssh]# scp id_rsa root@192.168.237.20:/root/.sshThe authenticity of host '192.168.237.20 (192.168.237.20)' can't be established.ECDSA key fingerprint is SHA256:ixhXgxxTUxKX9P66vAR92uJohhgMa0kkg9vk7U+9MAg.ECDSA key fingerprint is MD5:98:00:32:6a:c1:a1:a6:fa:6f:be:08:53:94:6e:6b:f7.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.237.20' (ECDSA) to the list of known hosts.root@192.168.237.20's password:id_rsa 100% 1679 1.6MB/s 00:00
三、尝试登录
(1)从192.168.237.20登录192.168.237.21
[root@GeeklpTest020 .ssh]# ssh root@192.168.237.22The authenticity of host '192.168.237.22 (192.168.237.22)' can't be established.ECDSA key fingerprint is SHA256:ixhXgxxTUxKX9P66vAR92uJohhgMa0kkg9vk7U+9MAg.ECDSA key fingerprint is MD5:98:00:32:6a:c1:a1:a6:fa:6f:be:08:53:94:6e:6b:f7.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.237.22' (ECDSA) to the list of known hosts.Last login: Wed Dec 6 10:06:34 2017 from 192.168.237.151再次登录
[root@GeeklpTest020 .ssh]# ssh root@192.168.237.22Last login: Wed Dec 6 10:16:27 2017 from 192.168.237.154(2)从192.168.237.20登录192.168.237.22
[root@GeeklpTest020 .ssh]# ssh root@192.168.237.23The authenticity of host '192.168.237.23 (192.168.237.23)' can't be established.ECDSA key fingerprint is SHA256:ixhXgxxTUxKX9P66vAR92uJohhgMa0kkg9vk7U+9MAg.ECDSA key fingerprint is MD5:98:00:32:6a:c1:a1:a6:fa:6f:be:08:53:94:6e:6b:f7.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.237.23' (ECDSA) to the list of known hosts.Last login: Wed Dec 6 10:09:40 2017 from 192.168.237.151再次登录
[root@GeeklpTest020 .ssh]# ssh root@192.168.237.23Last login: Wed Dec 6 10:34:35 2017 from 192.168.237.154
四、结论
(1)如果设置了ssh免密登录,私钥被移动到其他机器上之后同样是可以轻易实现免密登录的。因此,ssh私钥的管理尤为重要,如果私钥被不法分子取得,后果将不可设想。
(2)细心的小伙伴可能会发现,在登录成功显示的ip并不是我在图中规划的ip地址,这的确是我粗心大意了,没有关闭网卡的dhcp,造成网卡第一个ip是通过dhcp来获取的,固定ip被设置为第二ip了。
阅读全文
0 0
- 当SSH免密登录的私钥被移动之后... ...
- ssh 免密登录
- ssh免密登录
- SSH免密登录
- SSH免密登录
- SSH免密登录
- ssh免密登录
- SSH免密登录
- ssh免密登录
- ssh免密登录
- SSH免密登录
- SSH免密登录
- ssh免密登录
- ssh免密登录
- SSH免密登录
- ssh免密登录
- ssh免密登录
- ssh免密登录
- 为什么你需要辞职了?——辞职的十大理由
- Linux 网卡操作
- MySQL数据库,将一列数据组合成一行,并以逗号分割,GROUP_CONCAT
- 吴恩达神经网络和深度学习课程自学笔记(八)之机器学习策略
- Thinkphp5 —— 学习笔记
- 当SSH免密登录的私钥被移动之后... ...
- 闭包
- 【J2EE】javaEE的13个开发规范
- 我回来啦!最近一段时间开始做回技术工作了
- Xming X Server 配置和使用
- 初窥c++11:从move语义到右值引用
- 机器学习总结
- postgresql与Oracle:空字符串与null
- 论文阅读:A Survey on Transfer Learning