本博客转载于 https://www.cnblogs.com/vincenshen/p/6274288.html
目前很多服务(ceph,openstack等)都需要用到SSH使用ssh-key进行登录,而不能使用密码进行登录。
下面是配置步骤:
一、在SSH Client生成ssh key pair
root@ceph01:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1e:f1:c6:c5:c4:8e:e0:b3:ed:9f:2c:21:24:ce:8a:0d root@ceph01
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| . o. |
| ... oo |
| . ++... |
| o oS++ |
| E o.ooo |
| + . .o . |
| . o o. . |
| o+ |
+-----------------+
二、复制id_rsa.pub内容到 SSH Server 用户的.ssh/authorized_keys 中
root@ceph01:~# ssh-copy-id ceph02
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@ceph02's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'ceph02'"
and check to make sure that only the key(s) you wanted were added.
查看SSH Server 用户的.ssh/authorized_keys文件内容
root@ceph02:~/.ssh# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1hXDFOCI0hdsZlvuP9FGLnCd6k6yR51T6WN4+Wr/shJlY6ymcxde2hwBhiGowvKNbhpVA3EHUxtV0W9YH742ymTmUCVBCuGd2zUwB36AR9aiQGFwSd8vulqaybirpsic9iZ4d83cGjdJwSQg5mGhxZpzi4qD8yygdEDkTcczIFj+9zh5BCIlsZXFHU8044wIKBAbp2YvrsCW0L81XvVJZo3OJxggbUYlMhXcws99U7q2JcBUKv9IQYjar9GyYh4DNlllDs56sfR6SDtuT1O6NOtKSCc6jxCpf7EmxgBXIeYQiSUKnwDo3CE4FmvFsmTlkFUkOluJIRGUTbkokw5tJ root@ceph01
三、在SSH Server上修改sshd_config配置文件
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
.
.
.
四、验证
root@ceph01:~# ssh root@ceph02
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64)
* Documentation: https://help.ubuntu.com/
System information as of Wed Jan 11 16:33:23 CST 2017
System load: 0.0 Processes: 113
Usage of /: 3.7% of 40.95GB Users logged in: 2
Memory usage: 2% IP address for eth0: 192.168.20.178
Swap usage: 0%
Graph this data and manage this system at:
https://landscape.canonical.com/
packages can be updated.
updates are security updates.
New release '16.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Wed Jan 11 16:28:49 2017 from 192.168.20.116
root@ceph02:~#