fedora10环境下远程连接多台需要rsa认证的linux主机设置
首先ssh公钥和密钥的生成就不赘述了,网上一搜一大堆…
?
有了生成的 id_rsa 和 id_rsa.pub 文件后,然后怎么办?
?
放到 ~/.ssh/ 目录下即可!![已经存在?那连这步也可以省了]
?
很简单吧?但是对于新手来说不一定知道,我就是那个新手……汗!!
?
那又产生了一个疑问,如果我要连接多台主机怎么办?不会让我每连一次都要去修改这两个文件吧?
?
答案就是修改/etc/ssh/ssh_config文件 [需要root权限哦!]
?
打开文件我们可以看到:
?
# This is the ssh client system-wide configuration file.? See
# ssh_config(5) for more information.? This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
#? 1. command line options
#? 2. user-specific file
#? 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options.? For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
#?? Host *
#?? ForwardAgent no
#?? ForwardX11 no
#?? RhostsRSAAuthentication no
#?? RSAAuthentication yes
#?? PasswordAuthentication yes
#?? HostbasedAuthentication no
#?? GSSAPIAuthentication no
#?? GSSAPIDelegateCredentials no
#?? BatchMode no
#?? CheckHostIP yes
#?? AddressFamily any
#?? ConnectTimeout 0
#?? StrictHostKeyChecking ask
#?? IdentityFile ~/.ssh/identity
#?? IdentityFile ~/.ssh/id_rsa
#?? IdentityFile ~/.ssh/id_dsa
#?? Port 22
#?? Protocol 2,1
#?? Cipher 3des
#?? Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#?? MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#?? EscapeChar ~
#?? Tunnel no
#?? TunnelDevice any:any
#?? PermitLocalCommand no
Host *
??? GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
??? ForwardX11Trusted yes
# Send locale-related environment variables
??? SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
??? SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
??? SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
?
具体参数到底是什么意思,有什么用,大家再google一下就知道了,很多……比大学生还多……
?
应该知道怎么配置了吧?不知道??那就继续往下看……
?
将两个Host之间的#全部去掉,第一个host * 改成 host 你的目标地址1,然后修改IdentityFile的路径和端口就可以了,有多台主机的话,复制多份host的配置修改ip地址、IdentityFile路径和端口地址基本就可以了,至于其他配置当然有需要的话也可以更改……
?
保存后就可以了……
?
当然你有可能会遇到这个错误 [因为我遇到了,呵呵]:
?
Permissions 0755 for ‘你配置的公钥文件路径’ are too open.
?
这个是因为这几个文件权限设置的有点问题
?
执行命令:? chmod 600 你的文件
?
然后就可以了……其实网上还是搜得到的……
?
[我一直很奇怪,我一开始的配置的文件访问权限是很大的,为什么还是会报这个错呢?将权限改小了反而正常了,什么世道来的?高手请指教一下??]
?
希望对你也有点帮助……
