基于SSH信任的数据传输

 

环境：两台 CentOS 5.4 主机，分别为 CentOSA （ 192.168.1.102 ）和 CentOSB （ 192.168.1.104 ）

 

一、 在 A 主机

1)         创建 transport 用户、密码；切换用户

[root@CentOSA ~]# adduser transport

[root@CentOSA ~]# passwd transport

Changing password for user transport.

New UNIX password:

BAD PASSWORD: it is too simplistic/systematic

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@CentOSA ~]# su - transport

[transport@ CentOSA ~]$

2)         创建密钥

[transport@CentOS ~]$ ssh-keygen

有的系统可能会输入 ssh-keygen �Ct rsa ，具体情况可以查看帮助： man ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/transport/.ssh/id_rsa):

指定路径，不用变，直接回车

/home/transport/.ssh/id_rsa already exists.

Enter passphrase (empty for no passphrase):

输入密码（无密码为空）：

Enter same passphrase again:

再次输入相同的密码：

Your identification has been saved in /home/transport/.ssh/id_rsa.

Your public key has been saved in /home/transport/.ssh/id_rsa.pub.

The key fingerprint is:

7e:44:4e:ac:eb:1c:2b:68:94:1f:9e:fc:2f:7a:4c:73 transport@CentOSA

二、 在 B 主机

3)         创建 transport 用户、密码；切换用户

[root@CentOSB ~]# adduser transport

[root@CentOSB ~]# su - transport

[transport@ CentOSB ~]$

4)         创建密钥

[transport@CentOSB ~]$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/transport/.ssh/id_rsa):

指定路径，不用变，直接回车

/home/transport/.ssh/id_rsa already exists.

Enter passphrase (empty for no passphrase):

输入密码（无密码为空）：

Enter same passphrase again:

再次输入相同的密码：

Your identification has been saved in /home/transport/.ssh/id_rsa.

Your public key has been saved in /home/transport/.ssh/id_rsa.pub.

The key fingerprint is:

7e:44:4e:ac:eb:1c:2b:68:94:1f:9e:fc:2f:7a:4c:73 transport@CentOSB

5)         创建 authorized_keys

[transport@CentOSB ~]$ cd /.ssh

[transport@CentOSB .ssh]$ cat id_rsa.pub > authorized_keys

6)         修改 authorized_keys 的权限

[transport@CentOS .ssh]$ chmod 600 authorized_keys

7)         传输 authorized_keys 文件到 A 主机

[transport@CentOSB .ssh]$ rsync -av authorized_keys 192.168.1.102:/home/transport/.ssh/

……

[email protected]'s password:

输入密码

三、 在主机 A

8)         追加 A 的密钥到刚才从主机 B 传过来的 authorized_keys

[transport@CentOSA .ssh]$ cat id_rsa.pub >> authorized_keys

9)         传输追加好的文件(注意权限600)到 B 主机

[transport@CentOSA .ssh]$ rsync -av authorized_keys 192.168.1.104:/home/transport/.ssh/

到此基于 SSH 信任就配置完成了。以后主机 A 、 B 之间可以用 transport 用户传输文件。传输工具可以选择rsync等，并配置crontab周期性的备份。