Linux Administration Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

RSA example

First, we're going to generate our key, confirming the default location in which to save the key, and providing a passphrase when prompted:

$ ssh-keygen -b 4096 -C "Example RSA Key"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/vagrant/.ssh/id_rsa.
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hAUNhTqXtfnBOkXMuIpxkvtTkM6NYRYxRbT5QWSVbOk Example RSA Key
The key's randomart image is:
+---[RSA 4096]----+
|      =@*=+o.o   |
|      o++=+ =    |
|     o.=+*.o     |
|    * X.+.+.E    |
|     & *S+..     |
|    o = = .      |
|     . . .       |
|      o          |
|       .         |
+----[SHA256]-----+
The randomart image in the preceding code is mostly for humans so that keys can be validated by sight. Personally, I've never used it (other than a little further along in this chapter,) but you might.

Next, we're going to copy our newly generated RSA key to centos2, providing the password for centos2 when prompted:

The default password for the vagrant user on these boxes is vagrant. 
$ ssh-copy-id 192.168.33.11
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/vagrant/.ssh/id_rsa.pub"
The authenticity of host '192.168.33.11 (192.168.33.11)' can't be established.
ECDSA key fingerprint is SHA256:LKhW+WOnW2nxKO/PY5UO/ny3GP6hIs3m/ui6uy+Sj2E.
ECDSA key fingerprint is MD5:d5:77:4f:38:88:13:e7:f0:27:01:e2:dc:17:66:ed:46.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
vagrant@192.168.33.11's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.33.11'"
and check to make sure that only the key(s) you wanted were added.

Finally, we're going to check that we can access centos2, by means of the key we just generated.

We will be prompted for the passphrase we set when the key was generated. Type it in when required:

[vagrant@centos1 ~]$ ssh 192.168.33.11
Enter passphrase for key '/home/vagrant/.ssh/id_rsa': 
[vagrant@centos2 ~]$
本周热推:
Internet接入·网络安全大数据与人工智能导论数据要素:全球经济社会发展的新动力智能制造:技术前沿与探索应用UTM(统一威胁管理)技术概论
上一章目录下一章