« 挑战安全 - RSA/DSA 密钥体系 |
Main
| RSA/DSA 密钥认证demo - SecureCRT & PuTTY & ssh »
April 11, 2004
RSA/DSA 密钥认证代替标准安全密码认证
版权声明:可以任意转载,转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2004/04/11/000416.html
RSA key pair generation @ SSH1
% ssh-keygen -t rsa
.ssh/id_rsa
.ssh/id_rsa.pub
% scp ~/.ssh/id_rsa.pub remote:
as ~/.ssh/authorized_keys
% ssh -1 remote
done
(must allow RSAAuthentication)
DSA key generation @ SSH2
% ssh-keygen -t dsa
.ssh/id_dsa
.ssh/id_dsa.pub
transfer to remote as
~/.ssh/authorized_keys2
...
% ssh remote
Enter passphrase for key '/root/.ssh/id_rsa':
root@remote's password:
Permission denied, please try again.
root@remote's password:
% ssh remote
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Sat Apr 10 21:55:10 2004 from tuxxxxxx.tsinghua.edu.cn
when passphrase is null
passwordless authentication is convenient, but very very very bad
so
% ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-XXIyUus1/agent.7245; export SSH_AUTH_SOCK;
SSH_AGENT_PID=7246; export SSH_AGENT_PID;
echo Agent pid 7246;
7246 ? S 0:00 ssh-agent
we should
% eval `ssh-agent`
Agent pid 7290
% ssh-add
Enter passphrase for /root/.ssh/id_rsa:
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
% ssh remote
Last login: Sun Apr 11 00:23:29 2004 from tuxxxxxx.tsinghua.edu.cn
as u can see
eval `ssh-agent` & ssh-add very very inconvenient
the saviour is coming
keymain
|
|
Posted by windtear at April 11, 2004 12:39 AM
