当SSH免密登录的私钥被移动之后... ...
当SSH免密登录的私钥被移动之后... ...
耕耘实录
发布于 2018-12-20 01:51:52
发布于 2018-12-20 01:51:52
代码可运行
运行总次数:0
代码可运行
版权声明:本文为耕耘实录原创文章,各大自媒体平台同步更新。欢迎转载,转载请注明出处,谢谢。
在主机192.168.237.21通过ssh-keygen生成私钥及对应公钥,分发公钥到192.168.237.22、192.168.237.23主机上。从主机192.168.237.21分别免密登录192.168.237.22、192.168.237.23,如图:
[root@GeeklpTset01 ~]# ssh-keygen -b 2048 -t rsa -C root-21
[root@GeeklpTset01 .ssh]# ssh-copy-id -p id_rsa.pub root@192.168.237.22
[root@GeeklpTset01 .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.237.23
[root@GeeklpTset01 .ssh]# ssh 192.168.237.22
Last login: Wed Dec 6 09:34:40 2017 from 192.168.237.1
[root@GeeklpTset01 .ssh]# ssh 192.168.237.23
Last login: Wed Dec 6 09:34:36 2017 from 192.168.237.1二、移动SSH私钥
[root@GeeklpTest020 ~]# mkdir .ssh
[root@GeeklpTest020 ~]# cd .ssh
[root@GeeklpTset01 .ssh]# scp id_rsa root@192.168.237.20:/root/.ssh
[root@GeeklpTset01 .ssh]# scp id_rsa root@192.168.237.20:/root/.ssh
The authenticity of host '192.168.237.20 (192.168.237.20)' can't be established.
ECDSA key fingerprint is SHA256:ixhXgxxTUxKX9P66vAR92uJohhgMa0kkg9vk7U+9MAg.
ECDSA key fingerprint is MD5:98:00:32:6a:c1:a1:a6:fa:6f:be:08:53:94:6e:6b:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.237.20' (ECDSA) to the list of known hosts.
root@192.168.237.20's password:
id_rsa 100% 1679 1.6MB/s 00:00 三、尝试登录
(1)从192.168.237.20登录192.168.237.21
[root@GeeklpTest020 .ssh]# ssh root@192.168.237.22
The authenticity of host '192.168.237.22 (192.168.237.22)' can't be established.
ECDSA key fingerprint is SHA256:ixhXgxxTUxKX9P66vAR92uJohhgMa0kkg9vk7U+9MAg.
ECDSA key fingerprint is MD5:98:00:32:6a:c1:a1:a6:fa:6f:be:08:53:94:6e:6b:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.237.22' (ECDSA) to the list of known hosts.
Last login: Wed Dec 6 10:06:34 2017 from 192.168.237.151再次登录
[root@GeeklpTest020 .ssh]# ssh root@192.168.237.22
Last login: Wed Dec 6 10:16:27 2017 from 192.168.237.154(2)从192.168.237.20登录192.168.237.22
[root@GeeklpTest020 .ssh]# ssh root@192.168.237.23
The authenticity of host '192.168.237.23 (192.168.237.23)' can't be established.
ECDSA key fingerprint is SHA256:ixhXgxxTUxKX9P66vAR92uJohhgMa0kkg9vk7U+9MAg.
ECDSA key fingerprint is MD5:98:00:32:6a:c1:a1:a6:fa:6f:be:08:53:94:6e:6b:f7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.237.23' (ECDSA) to the list of known hosts.
Last login: Wed Dec 6 10:09:40 2017 from 192.168.237.151再次登录
[root@GeeklpTest020 .ssh]# ssh root@192.168.237.23
Last login: Wed Dec 6 10:34:35 2017 from 192.168.237.154四、结论
(1)如果设置了ssh免密登录,私钥被移动到其他机器上之后同样是可以轻易实现免密登录的。因此,ssh私钥的管理尤为重要,如果私钥被不法分子取得,后果将不可设想。
(2)细心的小伙伴可能会发现,在登录成功显示的ip并不是我在图中规划的ip地址,这的确是我粗心大意了,没有关闭网卡的dhcp,造成网卡第一个ip是通过dhcp来获取的,固定ip被设置为第二ip了。
本文参与 腾讯云自媒体同步曝光计划,分享自作者个人站点/博客。
原始发表:2017年12月06日,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
暂无评论
推荐阅读
相关推荐
Linux免密登陆
更多 >
腾讯云开发者
