Linuxに2台サーバーのSSH公開鍵交換方式による認証と相互運用方法
1.サーバー1の相互認証
[root@rac1 ~]# ssh-keygen -t rsa –rac1に秘密鍵を生成
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:d1:db:49:d4:27:2c:f9:6d:85:cd:cf:e8:2b:53:72 root@rac1
The key’s randomart image is:
+–[ RSA 2048]—-+
| .+ + |
| . .o = =|
| o . .o *o|
| . o + .o =|
| S . o. . |
| . E |
| + . |
| o . |
| o |
+—————–+
[root@rac1 ~]# scp /root/.ssh/id_rsa.pub 3.3.3.100:/root/.ssh/authorized_keys –サーバー1の公開鍵をサーバー2にアップロード
root@3.3.3.100’s password:
id_rsa.pub 100% 391 0.4KB/s 00:00
[root@rac1 ~]#
2.サーバー2のSSHサービスが相互認証
[root@rac2 Packages]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
bc:d2:00:ed:4f:60:a2:bd:bc:4d:da:34:68:fe:5a:27 root@rac2
The key’s randomart image is:
+–[ RSA 2048]—-+
| |
| . |
| o + |
| o = o |
| . . o S |
| . o = . |
| = E = |
| o O = |
| =o+ |
+—————–+
[root@rac2 Packages]# scp /root/.ssh/id_rsa.pub 3.3.3.99:/root/.ssh/authorized.keys
The authenticity of host '3.3.3.99 (3.3.3.99)’ can’t be established.
RSA key fingerprint is ee:eb:9c:70:83:0b:d1:25:0e:84:73:f2:fa:27:4d:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '3.3.3.99’ (RSA) to the list of known hosts.
root@3.3.3.99’s password:
id_rsa.pub 100% 391 0.4KB/s 00:00
[root@rac2 Packages]#ssh rac1
[root@rac2 Packages]#ssh rac2
[root@rac2 Packages]#ssh rac1-priv
[root@rac2 Packages]#ssh rac2-priv