Configuration de ssh

mercredi 22 avril 2009
par  Jerome ROBERT
popularité : 20%

Configuration de ssh pour ce connecter sans mots de passe lors d’une connexion
de LINUX1 (redhat 7.2) vers adminunix (redhat 9 )

[root@LINUX1 root]# cd
[root@LINUX1 root]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa) :
Created directory ’/root/.ssh’.
Enter passphrase (empty for no passphrase) : azerty
Enter same passphrase again : azerty
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is :
12:8b:0b:f0:3d:d6:04:ff:3e:db:a9:75:ab:47:41:cc root@LINUX1
[root@LINUX1 root]#

[root@LINUX1 root]# cd .ssh/
[root@LINUX1 .ssh]# ls -a
. .. id_rsa id_rsa.pub
[root@LINUX1 .ssh]#

[root@LINUX1 .ssh]# scp id_rsa.pub root@adminunix :/root/.ssh/authorized_keys
root@adminunix’s password :root
id_rsa.pub 100% |*******************************************************************|
221 00:00
[root@LINUX1 .ssh]#
[root@LINUX1 .ssh]# scp id_rsa.pub root@adminunix :/root/.ssh/authorized_keys2
root@adminunix’s password :root
id_rsa.pub 100% |*******************************************************************|
221 00:00
[root@LINUX1 .ssh]#

[root@LINUX1 .ssh]# ssh adminunix
Enter passphrase for key ’/root/.ssh/id_rsa’ : azerty
Last login : Tue Jun 24 22:57:51 2003
[root@adminunix root]# uname -a
Linux adminunix 2.4.20-13.9 #1 Mon May 12 10:55:37 EDT 2003 i686 i686 i386
GNU/Linux
[root@adminunix root]# exit
Connection to adminunix closed.
[root@LINUX1 .ssh]
[root@LINUX1 .ssh]# chmod a+x lance.sh
[root@LINUX1 .ssh]# ./lance.sh
Need passphrase for /root/.ssh/id_rsa
Enter passphrase for /root/.ssh/id_rsa azerty
Identity added : /root/.ssh/id_rsa (rsa w/o comment)
[root@LINUX1 .ssh]# . ./.info
[root@LINUX1 .ssh]# ssh adminunix
Last login : Tue Jun 24 23:28:42 2003 from linux1
[root@adminunix root]# uname -n
adminunix
[root@adminunix root]# exit


[root@LINUX1 .ssh]# cat lance.sh

# !/bin/sh
ssh-agent | head -2 > /root/.ssh/.info
. /root/.ssh/.info
ssh-add




[root@adminunix
root]# ssh LINUX1
Permission denied (publickey,password,keyboard-interactive).
[root@adminunix root]#

Mais ... car pas configurer ....
car généralement dans ssh_config : PasswordAuthentication no
et PubkeyAuthentication yes

LINUX1
adminunix
/etc/ssh/ssh_config
/etc/ssh/sshd_config
/etc/ssh/ssh_config
/etc/ssh/sshd_config
# $OpenBSD : ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $

# This is ssh client systemwide configuration file. See ssh(1) for more
# information. This file provides defaults for users, and the values can
# be changed in per-user configuration files or on the command line.

# Configuration data is parsed as follows :
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking yes
# IdentityFile /.ssh/identity
# IdentityFile /.ssh/id_dsa
# IdentityFile /.ssh/id_rsa
# Port 22
# Protocol 2,1
# Cipher blowfish
# EscapeChar 
Host *
 ForwardX11 yes
# PubkeyAuthentication yes

# $OpenBSD : sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $

# This sshd was compiled with PATH=/usr/bin :/bin :/usr/sbin :/sbin

# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress : :
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don’t read /.rhosts and /.shosts files
IgnoreRhosts yes
# Uncomment if you don’t trust /.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
PubkeyAuthentication yes

# Logging
SyslogFacility AUTHPRIV
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here !
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning : enabling this may bypass the setting of ’PasswordAuthentication’
#PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem sftp/usr/libexec/openssh/sftp-server

# $OpenBSD : ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $

# This is ssh client systemwide configuration file. See ssh(1) for more
# information. This file provides defaults for users, and the values can
# be changed in per-user configuration files or on the command line.

# Configuration data is parsed as follows :
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
# ForwardAgent no
# ForwardX11 no
# RhostsAuthentication no
# RhostsRSAAuthentication yes
# RSAAuthentication yes
# PasswordAuthentication yes
# FallBackToRsh no
# UseRsh no
# BatchMode no
# CheckHostIP yes
# StrictHostKeyChecking yes
# IdentityFile /.ssh/identity
# IdentityFile /.ssh/id_dsa
# IdentityFile /.ssh/id_rsa
# Port 22
# Protocol 2,1
# Cipher blowfish
# EscapeChar 
Host *
 ForwardX11 yes
# PubkeyAuthentication yes

# $OpenBSD : sshd_config,v 1.38 2001/04/15 21:41:29 deraadt Exp $

# This sshd was compiled with PATH=/usr/bin :/bin :/usr/sbin :/sbin

# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress : :
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don’t read /.rhosts and /.shosts files
IgnoreRhosts yes
# Uncomment if you don’t trust /.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
#PrintLastLog no
KeepAlive yes
PubkeyAuthentication yes

# Logging
SyslogFacility AUTHPRIV
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here !
PasswordAuthentication yes
PermitEmptyPasswords no

# Uncomment to disable s/key passwords
#ChallengeResponseAuthentication no

# Uncomment to enable PAM keyboard-interactive authentication
# Warning : enabling this may bypass the setting of ’PasswordAuthentication’
#PAMAuthenticationViaKbdInt yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes

Subsystem sftp/usr/libexec/openssh/sftp-server





Commentaires  Forum fermé

Navigation

Articles de la rubrique

Statistiques

Dernière mise à jour

mercredi 5 juillet 2017

Publication

264 Articles
Aucun album photo
Aucune brève
6 Sites Web
2 Auteurs

Visites

62 aujourd’hui
204 hier
550012 depuis le début
3 visiteurs actuellement connectés