This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_ssh [2021/01/12 10:09] val [Аутентификация с использованием ключей ssh] |
сервис_ssh [2021/03/04 13:37] val [Аутентификация с использованием протокола GSSAPI] |
||
---|---|---|---|
Line 51: | Line 51: | ||
===== Настройка ssh клиента ===== | ===== Настройка ssh клиента ===== | ||
<code> | <code> | ||
+ | $ mkdir .ssh/ | ||
+ | |||
$ cat .ssh/config | $ cat .ssh/config | ||
</code><code> | </code><code> | ||
Line 235: | Line 237: | ||
=== Генерация ключей === | === Генерация ключей === | ||
<code> | <code> | ||
- | student@client1:~$ ssh-keygen | + | user1@client1:~$ ssh-keygen |
</code><code> | </code><code> | ||
... | ... | ||
Line 241: | Line 243: | ||
... | ... | ||
</code><code> | </code><code> | ||
- | student@client1:~$ ls .ssh/ | + | user1@client1:~$ ls .ssh/ |
</code> | </code> | ||
Line 259: | Line 261: | ||
<code> | <code> | ||
- | student@client1$ ssh gate "mkdir .ssh" | + | user1@client1$ ssh gate "mkdir .ssh" |
- | student@client1$ scp .ssh/id_rsa.pub gate:.ssh/authorized_keys | + | user1@client1$ scp .ssh/id_rsa.pub gate:.ssh/authorized_keys |
или | или | ||
- | student@client1$ cat .ssh/id_rsa.pub | ssh gate "cat >> .ssh/authorized_keys" | + | user1@client1$ cat .ssh/id_rsa.pub | ssh gate "cat >> .ssh/authorized_keys" |
</code> | </code> | ||
=== Использование ssh_agent === | === Использование ssh_agent === | ||
<code> | <code> | ||
- | student@client1$ ssh-agent | + | user1@client1$ ssh-agent |
SSH_AUTH_SOCK=/tmp/ssh-JaQgNr4492/agent.4492; export SSH_AUTH_SOCK; | SSH_AUTH_SOCK=/tmp/ssh-JaQgNr4492/agent.4492; export SSH_AUTH_SOCK; | ||
SSH_AGENT_PID=4493; export SSH_AGENT_PID; | SSH_AGENT_PID=4493; export SSH_AGENT_PID; | ||
echo Agent pid 4493; | echo Agent pid 4493; | ||
- | student@client1$ SSH_AUTH_SOCK=/tmp/ssh-JaQgNr4492/agent.4492; export SSH_AUTH_SOCK; | + | user1@client1$ SSH_AUTH_SOCK=/tmp/ssh-JaQgNr4492/agent.4492; export SSH_AUTH_SOCK; |
- | student@client1$ SSH_AGENT_PID=4493; export SSH_AGENT_PID; | + | user1@client1$ SSH_AGENT_PID=4493; export SSH_AGENT_PID; |
</code> | </code> | ||
или | или | ||
<code> | <code> | ||
- | student@client1$ eval `ssh-agent -s` | + | user1@client1$ eval `ssh-agent -s` |
</code><code> | </code><code> | ||
- | student@client1$ ssh-add | + | user1@client1$ ssh-add |
Enter passphrase for /root/.ssh/id_rsa: | Enter passphrase for /root/.ssh/id_rsa: | ||
... | ... | ||
Line 287: | Line 289: | ||
... | ... | ||
- | student@client1$ ssh gate | + | user1@client1$ ssh gate |
- | student@client1$ ssh server | + | user1@client1$ ssh server |
</code> | </code> | ||
Line 326: | Line 328: | ||
== Microsoft Active Directory == | == Microsoft Active Directory == | ||
+ | |||
+ | * Еще один способ: [[https://blog.it-kb.ru/2017/10/26/adding-spn-entries-in-keytab-on-linux-server-using-ktutil-associated-with-computer-account-in-active-directory-domain/|Добавление SPN записей в keytab-файл (на стороне сервера Linux с помощью утилиты ktutil), связанный с учётной записью Computer в домене Active Directory]] | ||
Добавляем пользователя в AD | Добавляем пользователя в AD |