Ssh-keygen akan menghasilkan kunci untuk otentifikasi ssh. Ssh-keygen dapat membuat RSA kunci untuk digunakan pada protocol SSH versi 1 kunci DSA dan RSA ataupun SSH versi 2. Dengan kunci tersebut dapat dijadikan sebuah otentifikasi ssh yg baru dengan tidak menggunakan password user.
Sebaiknya ssh-keygen tidak digunakan pada user root untuk menjaga keamanan dan kerahasiaan system.
Saya melakukan demo ini menggunakan debian etch dan tiga computer. Ketiga Computer ini akan saya buat user globus yang sama. Kemudian dimasing-masing computer melakukan perintah :
globus@nodea:~$ ssh-keygen
Jika meminta memasukkan “passprhase” lakukan “enter”.Yang perlu diingat, pada saat proses selanjutnya jangan mengulang perintah diatas agar tidak terjadi perubahan kunci. Jika dilakukan maka lakukan langkahnya dari awal lagi.
Setelah perintah ‘ssh-keygen’ dieksekusi maka terbentuklah satu file kunci yang nantinya akan ditempel dimasing-masing computer. File tersebut adalah “id_rsa.pub” yang berada di ~/.ssh/
| globus@nodea:~$ ls -al .ssh/ total 24 drwxr-xr-x 2 globus globus 4096 2008-10-01 03:44 . drwxr-xr-x 20 globus globus 4096 2008-10-02 05:38 .. -rw-r--r-- 1 globus globus 789 2008-10-01 03:44 authorized_keys -rw------- 1 globus globus 1675 2008-10-01 03:42 id_rsa -rw-r--r-- 1 globus globus 394 2008-10-01 03:42 id_rsa.pub -rw-r--r-- 1 globus globus 1768 2008-10-01 03:45 known_hosts |
Isi file tersebut seperti ini :
globus@nodea:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1Y5DmyP4PP0GVJl+UTEmCaVBfxyNHcZc0L7XetnMBMNFuji4BF2LCt9HkKB7WSYaVc2Cfzlgt+ro7Q6/rBavzmIgQ3vYkW9TGmGsIFGQYJZochr75I1sNubmXIHqVxcMGQynV0ehKvqjVD70o9A5wYZmFr6HygSdFxcQGxkTXZTf8kPBWY75z+kg9G+HE3po+qyAlZ/GAcBzj+Y5zKiWMZ5LkaTnaAArZnG2SvEUwcoUN5KyYy8OrBpxWA2hFJBK+XT6i1rIZTKnDBPuFbsu5YcDupXv2gJMQUKEVdwLYih0MlZdqUcim4p5Gop37vSrGV2PD30AjInHXLR17gdHCQ== globus@nodea
globus@nodeb:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApdlCVz5SnQcHuuz+iXNa21qzxLbnMnbkx2cgt/g4bkC4rjTJYZsd9otjHHPEV+erzi+mau4wmwD7x1/EalOnDKcwyYdrZjIFIaiI7qevJZQRqL2PVAgf7i+enpSUcQohX01g7meflkYYQcFFip1xwt8j/UDcQ8p+cPItTIBbRFV6iIR3Ubml8KQpfw8osYp7Z3cK+WjuQF3R0PBrAzBC4GrIXRwPhi1RaUHamHT8xMwg8vzzfr1E7Tk/yXJ7v7fBWks7rMHUwPA7zklAryIl3hgwCyA3YCuzeHfVJCBKUika8+GH6BH7ko2pLLPSTgT6eWdrITlC5P7/6bCVw0UDcw== globus@nodeb
globus@nodec:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0C7sXKK4JiTjEUw11LC5Jw/QF+7bDldpX05zu8s74/RdNvGm/cz/TNzSaUggWCnK28ubSRwTukKU0HJ2abYJmhDXLk323tPSG5fJPwXE4WVXS32Q6FuEsbiuOs2Y1i2kozlf5OR0KQGH0U3wiI/1tWgHube2lYpBxENooWBoTBIy1OvwID2un6tGp2DssfZ5LBY5dWXnW0o4j0MthwtRDk7aj4DHhUSe/EKkOwnCEjz5pA9JG6FRy7flXmcfrbyDVPLeby32vryKvAupZIOlQLjlx9S2hoFMIbeCuAkJv0LYZYSl1CPJlHX/+PirnUR05TIngchFGMin4NmhPaKYtw== globus@nodec
Isi file kunci berbeda-beda di setiap computer. Langkah selanjutnya adalah melakukan “copy” file “id_rsa.pub” ke setiap computer.
| globus@nodea:~/.ssh$ scp id_rsa.pub globus@nodeb:~/.ssh/darinodea globus@nodeb's password: id_rsa.pub 100% 394 0.4KB/s 00:00 globus@nodea:~/.ssh$ scp id_rsa.pub globus@nodec:~/.ssh/darinodea globus@nodec's password: id_rsa.pub 100% 394 0.4KB/s 00:00 |
| globus@nodeb:~/.ssh$ scp -r id_rsa.pub globus@nodea:~/.ssh/darinodeb globus@nodea's password: id_rsa.pub 100% 394 0.4KB/s 00:00 globus@nodeb:~/.ssh$ scp -r id_rsa.pub globus@nodec:~/.ssh/darinodeb globus@nodec's password: id_rsa.pub 100% 394 0.4KB/s 00:00 |
| globus@nodec:~/.ssh$ scp -r id_rsa.pub globus@nodea:~/.ssh/darinodec globus@nodea's password: id_rsa.pub 100% 394 0.4KB/s 00:00 globus@nodec:~/.ssh$ scp -r id_rsa.pub globus@nodeb:~/.ssh/darinodec The authenticity of host 'nodeb (192.168.72.11)' can't be established. RSA key fingerprint is 9d:54:26:69:ef:4b:c8:bb:7e:41:18:6a:70:92:19:1e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'nodeb' (RSA) to the list of known hosts. globus@nodeb's password: id_rsa.pub 100% 394 0.4KB/s 00:00 |
Setelah itu buat file “authorized_keys” difolder ‘~/.ssh/’ dan masukkan kunci RSA yang dicopy ke dalam file tersebut.
authorized_keys1 darinodea darinodeb id_rsa id_rsa.pub known_hosts
globus@nodec:~/.ssh$ cat darinodea >> authorized_keys
globus@nodec:~/.ssh$ cat darinodeb >> authorized_keys
globus@nodec:~/.ssh$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1Y5DmyP4PP0GVJl+UTEmCaVBfxyNHcZc0L7XetnMBMNFuji4BF2LCt9HkKB7WSYaVc2Cfzlgt+ro7Q6/rBavzmIgQ3vYkW9TGmGsIFGQYJZochr75I1sNubmXIHqVxcMGQynV0ehKvqjVD70o9A5wYZmFr6HygSdFxcQGxkTXZTf8kPBWY75z+kg9G+HE3po+qyAlZ/GAcBzj+Y5zKiWMZ5LkaTnaAArZnG2SvEUwcoUN5KyYy8OrBpxWA2hFJBK+XT6i1rIZTKnDBPuFbsu5YcDupXv2gJMQUKEVdwLYih0MlZdqUcim4p5Gop37vSrGV2PD30AjInHXLR17gdHCQ== globus@nodea
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApdlCVz5SnQcHuuz+iXNa21qzxLbnMnbkx2cgt/g4bkC4rjTJYZsd9otjHHPEV+erzi+mau4wmwD7x1/EalOnDKcwyYdrZjIFIaiI7qevJZQRqL2PVAgf7i+enpSUcQohX01g7meflkYYQcFFip1xwt8j/UDcQ8p+cPItTIBbRFV6iIR3Ubml8KQpfw8osYp7Z3cK+WjuQF3R0PBrAzBC4GrIXRwPhi1RaUHamHT8xMwg8vzzfr1E7Tk/yXJ7v7fBWks7rMHUwPA7zklAryIl3hgwCyA3YCuzeHfVJCBKUika8+GH6BH7ko2pLLPSTgT6eWdrITlC5P7/6bCVw0UDcw== globus@nodeb
globus@nodeb:~/.ssh$ cat darinodea >> authorized_keys
globus@nodeb:~/.ssh$ cat darinodec >> authorized_keys
globus@nodeb:~/.ssh$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1Y5DmyP4PP0GVJl+UTEmCaVBfxyNHcZc0L7XetnMBMNFuji4BF2LCt9HkKB7WSYaVc2Cfzlgt+ro7Q6/rBavzmIgQ3vYkW9TGmGsIFGQYJZochr75I1sNubmXIHqVxcMGQynV0ehKvqjVD70o9A5wYZmFr6HygSdFxcQGxkTXZTf8kPBWY75z+kg9G+HE3po+qyAlZ/GAcBzj+Y5zKiWMZ5LkaTnaAArZnG2SvEUwcoUN5KyYy8OrBpxWA2hFJBK+XT6i1rIZTKnDBPuFbsu5YcDupXv2gJMQUKEVdwLYih0MlZdqUcim4p5Gop37vSrGV2PD30AjInHXLR17gdHCQ== globus@nodea
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0C7sXKK4JiTjEUw11LC5Jw/QF+7bDldpX05zu8s74/RdNvGm/cz/TNzSaUggWCnK28ubSRwTukKU0HJ2abYJmhDXLk323tPSG5fJPwXE4WVXS32Q6FuEsbiuOs2Y1i2kozlf5OR0KQGH0U3wiI/1tWgHube2lYpBxENooWBoTBIy1OvwID2un6tGp2DssfZ5LBY5dWXnW0o4j0MthwtRDk7aj4DHhUSe/EKkOwnCEjz5pA9JG6FRy7flXmcfrbyDVPLeby32vryKvAupZIOlQLjlx9S2hoFMIbeCuAkJv0LYZYSl1CPJlHX/+PirnUR05TIngchFGMin4NmhPaKYtw== globus@nodec
globus@nodea:~/.ssh$ cat darinodeb >> authorized_keys
globus@nodea:~/.ssh$ cat darinodec >> authorized_keys
globus@nodea:~/.ssh$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApdlCVz5SnQcHuuz+iXNa21qzxLbnMnbkx2cgt/g4bkC4rjTJYZsd9otjHHPEV+erzi+mau4wmwD7x1/EalOnDKcwyYdrZjIFIaiI7qevJZQRqL2PVAgf7i+enpSUcQohX01g7meflkYYQcFFip1xwt8j/UDcQ8p+cPItTIBbRFV6iIR3Ubml8KQpfw8osYp7Z3cK+WjuQF3R0PBrAzBC4GrIXRwPhi1RaUHamHT8xMwg8vzzfr1E7Tk/yXJ7v7fBWks7rMHUwPA7zklAryIl3hgwCyA3YCuzeHfVJCBKUika8+GH6BH7ko2pLLPSTgT6eWdrITlC5P7/6bCVw0UDcw== globus@nodeb
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0C7sXKK4JiTjEUw11LC5Jw/QF+7bDldpX05zu8s74/RdNvGm/cz/TNzSaUggWCnK28ubSRwTukKU0HJ2abYJmhDXLk323tPSG5fJPwXE4WVXS32Q6FuEsbiuOs2Y1i2kozlf5OR0KQGH0U3wiI/1tWgHube2lYpBxENooWBoTBIy1OvwID2un6tGp2DssfZ5LBY5dWXnW0o4j0MthwtRDk7aj4DHhUSe/EKkOwnCEjz5pA9JG6FRy7flXmcfrbyDVPLeby32vryKvAupZIOlQLjlx9S2hoFMIbeCuAkJv0LYZYSl1CPJlHX/+PirnUR05TIngchFGMin4NmhPaKYtw== globus@nodec
Setelah langkah di atas dilaksanakan sebenarnya remote terminal tanpa password dapat digunakan.
Cara pengetesan dengan melakukan remote dengan ‘ssh’ pada masing-masing computer. Contohnya :
| globus@nodea:~$ ssh globus@nodeb Linux nodeb 2.6.18-6-686 #1 SMP Tue Jun 17 21:31:27 UTC 2008 i686 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Sun Sep 28 12:49:53 2008 from nodec.sttpln.ac.id globus@nodeb:~$ |
No comments:
Post a Comment