关于authorized_keys和known_hosts的理解

authorized_keys 是免密登录公钥,本地存储的格式为
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3tgZHJuJjAaoeCwiIPKM+Vj4I3mZCaeCy6yM1MaY5ZzwVTXYdy66Jp03cc1JDigwniL5HvhVuHUKTMZsPqfQVJgP6k71I/6DKr8hOB6qrTc/9XdZRfYhqevM6tg3bYFwf6kvnGnFoHRmGCpHQPLBYdOXG390LK7SoTFZiOxnTWv7OEn4jg+AR9iHiMvns9iF2l/AEqpbLWPGVYCcjKaESDgQzmfBAkd7/T1zwMksZsK+vGTHSdd3ek5dbRb3lF8WuekEPhKWMJntlaXt9khBh6RSzAeJCJ2Qn57GGulu0RZAA/4elPgZIUFc2CiT+DNYwR+C/CrVeotJnmfiJWdF6Q== root@cloudwave0
ssh-加密格式 公钥 用户@信任的主机hostname
默认权限为600(centos6),即-rw——-,如果权限改为777或者类似,则免钥登录失败
清空该文件的话,则所有主机ssh本机都要输入密码
known_hosts本主机登录过的主机的公钥,格式和上面的类似,默认默认权限为644(centos6)
如果known_hosts中的主机有的重装过系统等,本机ssh那台主机的时候会发生公钥验证出错,错误类似这样:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!Someone could be eavesdropping on you right now (man-in-the-middle attack)!It is also possible that the RSA host key has just been changed.The fingerprint for the RSA key sent by the remote host is36:68:a6:e6:43:34:6b:82:d7:f4:df:1f:c2:e7:37:cc.Please contact your system administrator.Add correct host key in /u/xlian008/.ssh/known_hosts to get rid of this message.Offending key in /u/xlian008/.ssh/known_hosts:2RSA host key for 135.1.35.130 has changed and you have requested strict checking.Host key verification failed.

这时需要手动清空known_hosts中的相关记录,当然最惨的情况就是上面红字说的中间人攻击了

点赞

发表评论

电子邮件地址不会被公开。 必填项已用*标注