Configuration de ssh
par
popularité : 10%
Configuration de ssh pour ce connecter sans mots de passe lors d’une connexion
de LINUX1 (redhat 7.2) vers adminunix (redhat 9 )
[root@LINUX1 root]# cd
[root@LINUX1 root]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa) :
Created directory ’/root/.ssh’.
Enter passphrase (empty for no passphrase) : azerty
Enter same passphrase again : azerty
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is :
12:8b:0b:f0:3d:d6:04:ff:3e:db:a9:75:ab:47:41:cc root@LINUX1
[root@LINUX1 root]#
[root@LINUX1 root]# cd .ssh/
[root@LINUX1 .ssh]# ls -a
. .. id_rsa id_rsa.pub
[root@LINUX1 .ssh]#
[root@LINUX1 .ssh]# scp id_rsa.pub root@adminunix :/root/.ssh/authorized_keys
root@adminunix’s password :root
id_rsa.pub 100% |*******************************************************************|
221 00:00
[root@LINUX1 .ssh]#
[root@LINUX1 .ssh]# scp id_rsa.pub root@adminunix :/root/.ssh/authorized_keys2
root@adminunix’s password :root
id_rsa.pub 100% |*******************************************************************|
221 00:00
[root@LINUX1 .ssh]#
[root@LINUX1 .ssh]# ssh adminunix
Enter passphrase for key ’/root/.ssh/id_rsa’ : azerty
Last login : Tue Jun 24 22:57:51 2003
[root@adminunix root]# uname -a
Linux adminunix 2.4.20-13.9 #1 Mon May 12 10:55:37 EDT 2003 i686 i686 i386
GNU/Linux
[root@adminunix root]# exit
Connection to adminunix closed.
[root@LINUX1 .ssh]
[root@LINUX1 .ssh]# chmod a+x lance.sh
[root@LINUX1 .ssh]# ./lance.sh
Need passphrase for /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa azerty
Identity added : /root/.ssh/id_rsa (rsa w/o comment)
[root@LINUX1 .ssh]# . ./.info
[root@LINUX1 .ssh]# ssh adminunix
Last login : Tue Jun 24 23:28:42 2003 from linux1
[root@adminunix root]# uname -n
adminunix
[root@adminunix root]# exit
[root@LINUX1 .ssh]# cat lance.sh
| # !/bin/sh ssh-agent | head -2 > /root/.ssh/.info . /root/.ssh/.info ssh-add |
[root@adminunix
root]# ssh LINUX1
Permission denied (publickey,password,keyboard-interactive).
[root@adminunix root]#
Mais ... car pas configurer ....
car généralement dans ssh_config : PasswordAuthentication no
et PubkeyAuthentication yes
|
LINUX1
|
adminunix
|
||
| /etc/ssh/ssh_config |
/etc/ssh/sshd_config |
/etc/ssh/ssh_config |
/etc/ssh/sshd_config |
| # $OpenBSD : ssh_config,v
1.10 2001/04/03 21:19:38 todd Exp $ # This is ssh client systemwide configuration file. See ssh(1) for more # information. This file provides defaults for users, and the values can # be changed in per-user configuration files or on the command line. # Configuration data is parsed as follows : # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent no # ForwardX11 no # RhostsAuthentication no # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes # FallBackToRsh no # UseRsh no # BatchMode no # CheckHostIP yes # StrictHostKeyChecking yes # IdentityFile /.ssh/identity # IdentityFile /.ssh/id_dsa # IdentityFile /.ssh/id_rsa # Port 22 # Protocol 2,1 # Cipher blowfish # EscapeChar Host * ForwardX11 yes # PubkeyAuthentication yes |
# $OpenBSD : sshd_config,v 1.38 2001/04/15
21:41:29 deraadt Exp $ # This sshd was compiled with PATH=/usr/bin :/bin :/usr/sbin :/sbin # This is the sshd server system-wide configuration file. See sshd(8) # for more information. Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress : : HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don’t read /.rhosts and /.shosts files IgnoreRhosts yes # Uncomment if you don’t trust /.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes #PrintLastLog no KeepAlive yes PubkeyAuthentication yes # Logging SyslogFacility AUTHPRIV LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here ! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # Uncomment to enable PAM keyboard-interactive authentication # Warning : enabling this may bypass the setting of ’PasswordAuthentication’ #PAMAuthenticationViaKbdInt yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp/usr/libexec/openssh/sftp-server |
# $OpenBSD : ssh_config,v
1.10 2001/04/03 21:19:38 todd Exp $ # This is ssh client systemwide configuration file. See ssh(1) for more # information. This file provides defaults for users, and the values can # be changed in per-user configuration files or on the command line. # Configuration data is parsed as follows : # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for various options # Host * # ForwardAgent no # ForwardX11 no # RhostsAuthentication no # RhostsRSAAuthentication yes # RSAAuthentication yes # PasswordAuthentication yes # FallBackToRsh no # UseRsh no # BatchMode no # CheckHostIP yes # StrictHostKeyChecking yes # IdentityFile /.ssh/identity # IdentityFile /.ssh/id_dsa # IdentityFile /.ssh/id_rsa # Port 22 # Protocol 2,1 # Cipher blowfish # EscapeChar Host * ForwardX11 yes # PubkeyAuthentication yes |
# $OpenBSD : sshd_config,v 1.38 2001/04/15
21:41:29 deraadt Exp $ # This sshd was compiled with PATH=/usr/bin :/bin :/usr/sbin :/sbin # This is the sshd server system-wide configuration file. See sshd(8) # for more information. Port 22 #Protocol 2,1 #ListenAddress 0.0.0.0 #ListenAddress : : HostKey /etc/ssh/ssh_host_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ServerKeyBits 768 LoginGraceTime 600 KeyRegenerationInterval 3600 PermitRootLogin yes # # Don’t read /.rhosts and /.shosts files IgnoreRhosts yes # Uncomment if you don’t trust /.ssh/known_hosts for RhostsRSAAuthentication #IgnoreUserKnownHosts yes StrictModes yes X11Forwarding yes X11DisplayOffset 10 PrintMotd yes #PrintLastLog no KeepAlive yes PubkeyAuthentication yes # Logging SyslogFacility AUTHPRIV LogLevel INFO #obsoletes QuietMode and FascistLogging RhostsAuthentication no # # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts RhostsRSAAuthentication no # similar for protocol version 2 HostbasedAuthentication no # RSAAuthentication yes # To disable tunneled clear text passwords, change to no here ! PasswordAuthentication yes PermitEmptyPasswords no # Uncomment to disable s/key passwords #ChallengeResponseAuthentication no # Uncomment to enable PAM keyboard-interactive authentication # Warning : enabling this may bypass the setting of ’PasswordAuthentication’ #PAMAuthenticationViaKbdInt yes # To change Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #AFSTokenPassing no #KerberosTicketCleanup no # Kerberos TGT Passing does only work with the AFS kaserver #KerberosTgtPassing yes #CheckMail yes #UseLogin no #MaxStartups 10:30:60 #Banner /etc/issue.net #ReverseMappingCheck yes Subsystem sftp/usr/libexec/openssh/sftp-server |
Commentaires Forum fermé