centos-rhel服务器相关 / 未分类 · 2013年4月7日

SSH2下面配置基于key的ssh登录

与openssh有些不一样,而QQ开放平台又正好是 ssh2 的,所以 mark一下,如下:
****** ****** ****** ******
自己mark一下 今天就是少了个 pub配置文件在目标机上导致autologin不了
ssh2 配置key
:~/.ssh2 # ls
.ssh2bak authorization hostkeys id_dsa_2048_a id_dsa_2048_a.pub identification random_seed
id_dsa_2048_a #pri key
id_dsa_2048_a.pub #pub key
identification # pri 配置文件
authorization # pub 配置文件
##目标机 也就是登录过去的那台机器
cat authorization
key id_dsa_2048_a.pub
cat identification
IdKey id_dsa_2048_a
****** ****** ****** ******
User configuration of SSH2 becomes smarter than that of SSH1. Now public keys are stored in separate files and one can have multiple host-specific identifications (i.e., private keys). Read the ssh manual page for details. Here I describe most basic usage of SSH2. When you want to login to a remote host (Remote) from a local computer (Local) using SSH2, you do:
1. Create private & public keys of Local, by executing
ssh-keygen (ssh-keygen2) on Local.
Local> ssh-keygen
Generating 1024-bit dsa key pair
9 o.oOo..oOo.o
Key generated.
1024-bit dsa, created by y[email protected] Wed Sep 23 07:11:02 1998
Passphrase :
Again :
Private key saved to /home/ymmt/.ssh2/id_dsa_1024_a
Public key saved to /home/ymmt/.ssh2/id_dsa_1024_a.pub
ssh-keygen will ask you a passphrase for new key. Enter a
sequence of any ordinal character (white spaces are OK) of proper
length (20 characters or so). ssh-keygen creates a “.ssh2”
directory in your home directory, and stores a new
authentication key in two separate files. One is your private
key and thus it must NOT be opened to anyone but you. In above
example, it is id_dsa_1024_a. The other (id_dsa_1024_a.pub) is
a public key that is safe to be opened and to be distributed
to other computers.
2. Create an “identification” file in your “.ssh2” directory on Local.
Local> cd ~/.ssh2
Local> echo “IdKey id_dsa_1024_a” > identification
This will create a file “identification” in your “.ssh2″ directory, which has one line that denotes which file contains your identification. An identification corresponds a passphrase (see above). You can create multiple identifications by executing ssh-keygen again, but rarely you should.
3. Do the same thing (1, and optionally 2) on Remote.
This is needed just to setup “.ssh2” directory on Remote. Passphrase may be different.
4. Copy your public key of Local (id_dsa_1024_a.pub) to “.ssh2”
directory of Remote under the name, say, “Local.pub”.
“.ssh2” on Remote now contains:
Remote>ls -F ~/.ssh2
Local.pub
authorization
hostkeys/
id_dsa_1024_a
id_dsa_1024_a.pub
identification
random_seed
5. Create an “authorization” file in your “.ssh2” directory on Remote. Add the following one line to “authorization”,
Key Local.pub
which directs SSH server to see Local.pub when authorizing your login. If you want to login to Remote from other hosts, create authorization keys on the hosts (step 1 and 2) and repeat step 4 and 5 on Remote.
6. Now you can login to Remote from Local using SSH2!
Try to login:
Local>ssh Remote
Passphrase for key “/home/ymmt/.ssh2/id_dsa1024_a” with
comment “1024-bit dsa, created by [email protected] Mon Sep 21
17:53:01 1998”:
Enter your passphrase on Local, good luck!
from http://www.eit.name/blog/read.php?467