安装完scponly,发现只能用密码去登录,能不能利用密钥无密码登录呢?
答案是可以的:原文如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
# install the scponly package
sudo
apt-get
install
scponly
# create the scp user and set their login shell to be scponly
sudo
useradd
-m -s
/usr/bin/scponly
scpuser
# create the .ssh directory
sudo
mkdir
/home/scpuser/
.
ssh
# create a key pair
sudo
ssh
-keygen -f
/home/scpuser/
.
ssh
/id
.rsa (no passphrase
if
used
for
automated backups)
# create the authorized_keys file using the public key
sudo
cp
/home/scpuser/
.
ssh
/id
.rsa.pub
/home/scpuser/
.
ssh
/authorized_keys
# correct the ownership (creating keys can't be done as scpuser as no login shell!)
sudo
chmod
755
/home/scpuser/
.
ssh
sudo
chmod
644
/home/scpuser/
.
ssh
/authorized_keys
sudo
chown
-R scpuser:scpuser
/home/scpuser
注意:在这里补充一点,为防止.
ssh
下的文件被利用,我们用chattr控制加强文件权限
#cd /home/scpuser/.ssh
#chattr +i *
# 拷贝id.rsa到我们指定的客户服务器上
# scp /home/scpuser/.ssh/id.rsa clientserver:/www/
|
进入clientserver
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
[root@apclt www]
# ssh -i id.rsa scpuser@server
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644
for
'id.rsa'
are too
open
.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key:
id
.rsa
scpuser@server's password:
Permission denied, please try again.
scpuser@server's password:
#报权限错误,我们给这个文件赋权
[root@apclt www]
# chmod 400 id.rsa
[root@apclt www]
# ssh -i id.rsa scpuser@server
Welcome to aliyun Elastic Compute Service!
The programs included with the Ubuntu system are
free
software;
the exact distribution terms
for
each program are described
in
the
individual files
in
/usr/share/doc/
*
/copyright
.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
Last login: Mon Jul 6 21:45:21 2015 from 183.11.157.17
Connection to server closed.
#成功无密码登陆 但我们配置了SCPONLY所以无法成功登录
[root@apclt www]
# scp -i id.rsa -r scponly-4.8 scpuser@server:
scponly-4.8 100% 1675 1.6KB
/s
00:00
注意:
如果
sftp
不能用-i指定认证文件
sftp
: illegal option -- i
可以用:
[root@apclt www]
#sftp -oIdentityFile=/tmp/id.rsa scpuser@server
|
本文转自 jackjiaxiong 51CTO博客,原文链接:http://blog.51cto.com/xiangcun168/1672065