Linux´´½¨ÃÜÔ¿£º±£ÕÏϵͳ°²È«Óë¸ßЧ¹ÜÀíµÄ¹Ø¼ü²½Öè
ÔÚµ±½ñÊý×Ö»¯Ê±´ú£¬ÐÅÏ¢°²È«ÒѳÉΪ¸÷Ðи÷Òµ²»¿ÉºöÊÓµÄÖØÒªÒéÌâ
ÎÞÂÛÊǸöÈËÓû§»¹ÊÇÆóÒµ¼¶Ó¦ÓÃ����£¬È·±£Êý¾ÝµÄ±£ÃÜÐÔ�¡¢ÍêÕûÐԺͿÉÓÃÐÔ¶¼ÊÇÖÁ¹ØÖØÒªµÄ
ÔÚLinuxϵͳÖУ¬ÃÜÔ¿¹ÜÀí×÷ΪÐÅÏ¢°²È«µÄºËÐÄ×é³É²¿·Ö£¬°çÑÝמÙ×ãÇáÖصĽÇÉ«
±¾ÎĽ«ÉîÈë̽ÌÖÈçºÎÔÚLinux»·¾³Ï´´½¨ÃÜÔ¿�£¬ÒÔ¼°ÕâÒ»²Ù×÷¶ÔÓÚÌáÉýϵͳ°²È«ÐԺ͹ÜÀíЧÂʵÄÖØÒªÒâÒå
ͨ¹ýÏ꾡µÄ²½ÖèºÍÔÀí·ÖÎö��£¬Ö¼ÔÚ°ïÖú¶ÁÕßÕÆÎÕÕâÒ»¹Ø¼ü¼¼ÄÜ£¬´Ó¶øÔÚÊý×ÖÊÀ½çÖÐÖþÆðÒ»µÀ¼áʵµÄ·ÀÏß
Ò»¡¢ÃÜÔ¿¹ÜÀíµÄÖØÒªÐÔ
ÃÜÔ¿��£¬×÷Ϊ¼ÓÃܼ¼ÊõµÄ»ùʯ���£¬ÊDZ����£»¤Êý¾ÝÃâÊÜδ¾ÊÚȨ·ÃÎʵĹؼü
ÔÚLinuxϵͳÖУ¬ÃÜÔ¿²»½öÓÃÓÚÎļþ¼ÓÃÜ¡¢ÍøÂçͨÐÅ£¨ÈçSSHµÇ¼£©�����¡¢Êý×ÖÇ©ÃûµÈ³¡¾°����£¬»¹ÊÇʵÏÖÉí·ÝÈÏÖ¤���¡¢È¨ÏÞ¿ØÖƵȰ²È«»úÖƵĻù´¡
ÓÐЧµÄÃÜÔ¿¹ÜÀíÄܹ»£º
1.ÔöÇ¿Êý¾Ý°²È«£ºÍ¨¹ý¼ÓÃÜÃô¸ÐÊý¾Ý���£¬¼´Ê¹Êý¾ÝÔÚ´«Êä»ò´æ´¢¹ý³ÌÖб»½Ø»ñ�����£¬Ò²ÎÞ·¨±»Î´ÊÚȨÕßÇáÒ×½âÃÜ
2.¼ò»¯Éí·ÝÈÏÖ¤£ºÊ¹ÓÃÃÜÔ¿¶Ô£¨¹«Ô¿ºÍ˽Կ£©Ìæ´ú´«Í³ÃÜÂë�£¬¿ÉÒÔʵÏÖ¸ü°²È«µÄÉí·ÝÑéÖ¤·½Ê½£¬¼õÉÙÃÜÂëй¶·çÏÕ
3.Ìá¸ß¹ÜÀíЧÂÊ£º×Ô¶¯»¯ÃÜÔ¿¹ÜÀíºÍ·Ö·¢¿ÉÒÔÏÔÖø½µµÍÈ˹¤¸ÉÔ¤����£¬ÌáÉýÔËάЧÂÊ
4.·ûºÏºÏ¹æÒªÇó£ºÐí¶àÐÐÒµºÍµØÇø¶¼ÓйØÓÚÊý¾Ý±£»¤ºÍ¼ÓÃܵķ¨ÂÉ·¨¹æ£¬Á¼ºÃµÄÃÜÔ¿¹ÜÀíÊÇÂú×ãÕâЩºÏ¹æÒªÇóµÄ¹Ø¼ü
¶þ�����¡¢LinuxÃÜÔ¿´´½¨»ù´¡
ÔÚLinuxÖÐ����£¬³£¼ûµÄÃÜÔ¿ÀàÐÍ°üÀ¨¶Ô³ÆÃÜÔ¿£¨ÈçAES£©�����¡¢·Ç¶Ô³ÆÃÜÔ¿¶Ô£¨ÈçRSA�¡¢DSA���¡¢ECDSA£©ÒÔ¼°ÓÃÓÚÌض¨Ó¦ÓõÄÃÜÔ¿£¨ÈçSSHÃÜÔ¿£©
ÏÂÃæ����£¬ÎÒÃǽ«ÒÔSSHÃÜԿΪÀý���£¬Ïêϸ½éÉÜÈçºÎÔÚLinuxϵͳÖд´½¨ÃÜÔ¿
1. ×¼±¸»·¾³
Ê×ÏÈ�����£¬È·±£ÄãµÄLinuxϵͳÒѾ°²×°ÁË`ssh-keygen`¹¤¾ß�����£¬ÕâÊÇOpenSSHÌ×¼þµÄÒ»²¿·Ö£¬ÓÃÓÚÉú³ÉSSHÃÜÔ¿¶Ô
´ó¶àÊýLinux·¢ÐаæĬÈÏ°üº¬´Ë¹¤¾ß
Äã¿ÉÒÔͨ¹ýÔËÐÐ`ssh-keygen --version`À´¼ì²éÊÇ·ñÒÑ°²×°
2. Éú³ÉÃÜÔ¿¶Ô
´ò¿ªÖÕ¶Ë��£¬ÊäÈëÒÔÏÂÃüÁîÀ´Éú³ÉÒ»¸öеÄSSHÃÜÔ¿¶Ô£º
ssh-keygen -t rsa -b 4096 -C your_email@example.com
- `-t rsa` Ö¸¶¨Ê¹ÓÃRSAËã·¨
- `-b 4096` ÉèÖÃÃÜÔ¿³¤¶ÈΪ4096룬½Ï³¤µÄÃÜÔ¿ÄÜÌṩ¸ü¸ßµÄ°²È«ÐÔ
- `-C your_email@example.com` Ìí¼ÓÒ»¸ö×¢ÊÍ��£¬Í¨³£Ê¹ÓÃÄãµÄÓÊÏäµØÖ·£¬±ãÓÚʶ±ðÃÜÔ¿ËùÓÐÕß
Ö´ÐÐÃüÁîºó�£¬ÏµÍ³»áÌáʾÄãÊäÈë±£´æÃÜÔ¿µÄÎļþ·¾¶£¨Ä¬ÈÏÊÇ`~/.ssh/id_rsa`£©ºÍÉèÖÃ˽ԿµÄÃÜÂë¶ÌÓ¿ÉÑ¡��£¬µ«ÍƼöÉèÖÃÒÔÔö¼Ó°²È«ÐÔ£©
3. Àí½âÉú³ÉµÄÎļþ
³É¹¦Ö´ÐÐÉÏÊöÃüÁîºó£¬»áÔÚÖ¸¶¨Î»ÖÃÉú³ÉÁ½¸öÎļþ£º
- `id_rsa`£ºË½Ô¿Îļþ�£¬±ØÐëÍ×ÉƱ£¹Ü�����£¬²»Ó¦Ð¹Â¶¸øËûÈË
- `id_rsa.pub`£º¹«Ô¿Îļþ£¬¿ÉÒÔ°²È«µØ·ÖÏí¸øÈκÎÐèÒªÑéÖ¤ÄãÉí·ÝµÄ·þÎñ»òÉ豸
4. ÅäÖÃSSH¿Í»§¶Ë
ΪÁËʹÓÃÐÂÉú³ÉµÄÃÜÔ¿¶Ô½øÐÐSSHµÇ¼£¬ÄãÐèÒª½«Æ乫ԿÌí¼Óµ½Ä¿±ê·þÎñÆ÷µÄ`~/.ssh/authorized_keys`ÎļþÖÐ
Õâ¿ÉÒÔͨ¹ýÒÔϲ½ÖèÍê³É£º
- ʹÓÃ`ssh-copy-id`ÃüÁî×Ô¶¯¸´Öƹ«Ô¿£º
ssh-copy-id user@hostname
ÆäÖÐ`user`ÊÇÄ¿±ê·þÎñÆ÷ÉϵÄÓû§Ãû���£¬`hostname`ÊÇ·þÎñÆ÷µÄµØÖ·
- »òÕßÊÖ¶¯¸´Öƹ«Ô¿ÄÚÈݲ¢Ìí¼Óµ½`authorized_keys`ÎļþÖУº
cat ~/.ssh/id_rsa.pub | ssh user@hostname cat ] ~/.ssh/authorized_keys
5. ²âÊÔSSHÁ¬½Ó
Íê³ÉÉÏÊö²½Öèºó£¬³¢ÊÔʹÓÃSSHµÇ¼µ½Ä¿±ê·þÎñÆ÷£¬ÑéÖ¤ÊÇ·ñ³É¹¦Ê¹ÓÃÃÜÔ¿¶Ô½øÐÐÉí·ÝÑéÖ¤£º
ssh user@hostname
Èç¹ûÅäÖÃÕýÈ·�����£¬ÄãÓ¦¸ÃÎÞÐèÊäÈëÃÜÂë¼´¿ÉµÇ¼
Èý���¡¢¸ß¼¶ÃÜÔ¿¹ÜÀíʵ¼ù
ËäÈ»»ù±¾µÄÃÜÔ¿´´½¨ºÍÅäÖÃÒѾÄܹ»Âú×ã´ó¶àÊýÐèÇ󣬵«ÔÚÆóÒµ¼¶Ó¦ÓÃÖУ¬»¹ÐèÒª¿¼ÂǸü¸ß¼¶µÄÃÜÔ¿¹ÜÀí²ßÂÔ£¬ÒÔÈ·±£ÃÜÔ¿µÄÉúÃüÖÜÆÚ°²È«¿É¿Ø
1. ÃÜÔ¿·Ö·¢Óë´æ´¢
- ÃÜÔ¿·Ö·¢ÏµÍ³£ºÊ¹ÓÃÈçAnsible�¡¢PuppetµÈ×Ô¶¯»¯¹¤¾ß�����£¬»òרÃŵÄÃÜÔ¿·Ö·¢·þÎñ£¨ÈçHashiCorp Vault£©�£¬ÊµÏÖÃÜÔ¿µÄ°²È«·Ö·¢ºÍ¸üÐÂ
- Ó²¼þ°²È«Ä�£¿é£¨HSM£©£º¶ÔÓڸ߶ÈÃô¸ÐµÄÊý¾Ý£¬¿ÉÒÔ¿¼ÂÇʹÓÃHSMÀ´´æ´¢Ë½Ô¿�£¬ÌṩÎïÀí²ãÃæµÄ°²È«±���£»¤
2. ÃÜÔ¿ÂÖ»»
¶¨ÆÚ¸ü»»ÃÜÔ¿ÊǼõÉÙÃÜÔ¿±»³¤ÆÚÆƽâ·çÏÕµÄÓÐЧÊÖ¶Î
Öƶ¨ÃÜÔ¿ÂÖ»»²ßÂÔ�£¬°üÀ¨ÂÖ»»ÖÜÆÚ�¡¢Ð¾ÉÃÜÔ¿µÄ¹ý¶É·½°¸µÈ�£¬ÊÇά»¤ÏµÍ³°²È«µÄÖØÒª´ëÊ©
3. ·ÃÎÊ¿ØÖÆÓëÉó¼Æ
- ×îСȨÏÞÔÔò£ºÈ·±£Ö»ÓбØÒªµÄÓû§ºÍ·þÎñÄܹ»·ÃÎÊÃÜÔ¿
- ÈÕÖ¾Éó¼Æ£º¼Ç¼ËùÓÐÃÜÔ¿Ïà¹ØµÄ²Ù×÷��£¬ÈçÉú³É����¡¢·Ö·¢�¡¢Ê¹ÓÃ�¡¢É¾³ýµÈ£¬ÒÔ±ãÔÚ·¢Éú°²È«Ê¼þʱ½øÐÐ×·ËÝ
4. ÃÜÔ¿³·ÏúÓëÏú»Ù
µ±ÃÜÔ¿²»ÔÙÐèÒª»ò´æÔÚ°²È«·çÏÕʱ£¬Ó¦¼°Ê±³·ÏúÆä·ÃÎÊȨÏÞ²¢°²È«Ïú»Ù
Õâͨ³£Éæ¼°´ÓËùÓÐÏà¹ØϵͳÖÐÒƳý¹«Ô¿���£¬²¢°²È«µØɾ³ý˽ԿÎļþ
ËÄ¡¢½áÓï
ÔÚLinuxϵͳÖд´½¨ºÍ¹ÜÀíÃÜÔ¿ÊDZ£ÕÏÐÅÏ¢°²È«¡¢ÌáÉý¹ÜÀíЧÂʲ»¿É»òȱµÄÒ»»·
ͨ¹ýÀí½âÃÜÔ¿¹ÜÀíµÄ»ù±¾ÔÀí�£¬ÕÆÎÕÃÜÔ¿Éú³É�¡¢ÅäÖÃÒÔ¼°¸ß¼¶¹ÜÀí²ßÂÔ£¬¿ÉÒÔÓÐЧÔöǿϵͳµÄ·ÀÓùÄÜÁ¦£¬ÎªÊý¾Ý±£»¤¹¹Öþ¼áʵµÄ·ÀÏß
Ëæ׿¼ÊõµÄ²»¶Ï½ø²½���£¬³ÖÐø̽Ë÷ºÍÓ¦ÓÃ×îеÄÃÜÔ¿¹ÜÀí¼¼Êõ�£¬½«ÊÇÎÒÃÇÓ¦¶ÔÈÕÒ渴ÔÓµÄÍøÂçÍþв¡¢ÊØ»¤Êý×Ö×ʲú°²È«µÄ±ØÓÉ֮·
ÈÃÎÒÃÇЯÊÖŬÁ¦����£¬¹²Í¬¹¹½¨Ò»¸ö¸ü¼Ó°²È«�����¡¢¿ÉÐŵÄÊý×ÖÊÀ½ç
