鍵ベース認証による ssh 接続
・鍵ベース認証による ssh 接続
※鍵はユーザーごとに別々に生成する必要がある
1.接続元
# ssh-keygen -t rsa ★鍵作成 (RSA) Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):★Enterキーのみでも可。ここでパスフレーズを入力した場合は ssh 接続でパスフレーズを入力することになる Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 0b:f5:3c:b2:74:d4:27:00:3c:41:45:f6:21:a4:4c:88 root@RHEL66.example.com The key's randomart image is: +--[ RSA 2048]----+ | . +=*B . | | E .ooo = . | | +.. + . | | . + o | | . S = | | o = . | | o | | | | | +-----------------+ # # chmod 700 ~/.ssh ★権限変更
2.接続先
# ssh-keygen -t rsa ★鍵作成 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 95:0c:67:81:da:a2:b6:60:9e:fd:19:b3:22:34:bc:a6 root@RHEL61.example.com The key's randomart image is: +--[ RSA 2048]----+ | ..+. | | .= . | | o + | | o .. | | . . .S | | * o | | + B .o | | * + = | |Eo . o+ | +-----------------+ # # chmod 700 ~/.ssh ★権限変更
3.接続元
# scp .ssh/id_rsa.pub xxx.xxx.xxx.xxx:/root/.ssh/authorized_keys The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established. RSA key fingerprint is 1b:5e:46:6b:df:d8:f1:17:84:a7:a2:98:b6:c5:fc:9d. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts. root@xxx.xxx.xxx.xxx's password: id_rsa.pub 100% 405 0.4KB/s 00:00
4.接続先
# chmod 600 .ssh/authorized_keys
あとは ssh コマンドで接続するだけ。
・パスワード認証を無効化
パスワード認証を無効化し、鍵ベース認証のみにする場合は、
/etc/ssh/sshd_config に以下を設定し、sshd サービスを再起動する。
PasswordAuthentication no
・パスフレーズの削除
# ssh-keygen -p -P <古いパスフレーズ> -N <古いパスフレーズ> -f /root/.ssh/id_rsa
※参考情報
https://access.redhat.com/documentation/ja-JP/Red_Hat_Enterprise_Linux/6/html-single/Deployment_Guide/index.html
→第12章 OpenSSH
http://www.atmarkit.co.jp/ait/articles/1503/20/news007.html