鍵ベース認証による ssh 接続

・鍵ベース認証による ssh 接続

※鍵はユーザーごとに別々に生成する必要がある

1.接続元 

#  ssh-keygen -t rsa ★鍵作成 (RSA)
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):★Enterキーのみでも可。ここでパスフレーズを入力した場合は ssh 接続でパスフレーズを入力することになる
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
0b:f5:3c:b2:74:d4:27:00:3c:41:45:f6:21:a4:4c:88 root@RHEL66.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|     . +=*B .    |
|    E .ooo = .   |
|        +.. + .  |
|       . +   o   |
|      . S =      |
|       o = .     |
|        o        |
|                 |
|                 |
+-----------------+
#
#  chmod 700 ~/.ssh ★権限変更


2.接続先 

# ssh-keygen -t rsa ★鍵作成
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
95:0c:67:81:da:a2:b6:60:9e:fd:19:b3:22:34:bc:a6 root@RHEL61.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|        ..+.     |
|        .= .     |
|       o  +      |
|      o ..       |
| .   . .S        |
|  * o            |
| + B .o          |
|  * +  =         |
|Eo . o+          |
+-----------------+
#
# chmod 700 ~/.ssh ★権限変更


3.接続元

# scp .ssh/id_rsa.pub xxx.xxx.xxx.xxx:/root/.ssh/authorized_keys
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is 1b:5e:46:6b:df:d8:f1:17:84:a7:a2:98:b6:c5:fc:9d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.
root@xxx.xxx.xxx.xxx's password:
id_rsa.pub                                                                                                                                                          100%  405     0.4KB/s   00:00


4.接続先

# chmod 600 .ssh/authorized_keys

あとは ssh コマンドで接続するだけ。


・パスワード認証を無効化

パスワード認証を無効化し、鍵ベース認証のみにする場合は、
/etc/ssh/sshd_config に以下を設定し、sshd サービスを再起動する。

PasswordAuthentication no


パスフレーズの削除

# ssh-keygen -p -P <古いパスフレーズ> -N <古いパスフレーズ> -f /root/.ssh/id_rsa


※参考情報
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/6/html-single/Deployment_Guide/index.html
→第12章 OpenSSH
http://www.atmarkit.co.jp/ait/articles/1503/20/news007.html