fedora10环境上远程连接多台需要rsa认证的linux主机设置
首先ssh公钥和密钥的生成就不赘述了,网上一搜一大堆...
有了生成的 id_rsa 和 id_rsa.pub 文件后,然后怎么办?
放到 ~/.ssh/ 目录下即可!![已经存在?那连这步也可以省了]
很简单吧?但是对于新手来说不一定知道,我就是那个新手……汗!!
那又产生了一个疑问,如果我要连接多台主机怎么办?不会让我每连一次都要去修改这两个文件吧?
答案就是修改/etc/ssh/ssh_config文件 [需要root权限哦!]
打开文件我们可以看到:
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
Host *
GSSAPIAuthentication yes
# If this option is set to yes then remote X11 clients will have full access
# to the original X11 display. As virtually no X11 client supports the untrusted
# mode correctly we set this to yes.
ForwardX11Trusted yes
# Send locale-related environment variables
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
具体参数到底是什么意思,有什么用,大家再google一下就知道了,很多……比大学生还多……
应该知道怎么配置了吧?不知道??那就继续往下看……
将两个Host之间的#全部去掉,第一个host * 改成 host 你的目标地址1,然后修改IdentityFile的路径和端口就可以了,有多台主机的话,复制多份host的配置修改ip地址、IdentityFile路径和端口地址基本就可以了,至于其他配置当然有需要的话也可以更改……
保存后就可以了……
当然你有可能会遇到这个错误 [因为我遇到了,呵呵]:
Permissions 0755 for '你配置的公钥文件路径' are too open.
这个是因为这几个文件权限设置的有点问题
执行命令: chmod 600 你的文件
然后就可以了……其实网上还是搜得到的……
[我一直很奇怪,我一开始的配置的文件访问权限是很大的,为什么还是会报这个错呢?将权限改小了反而正常了,什么世道来的?高手请指教一下??]
希望对你也有点帮助……