Pour ce connecter de façon vraiment sécurisé à vos serveur, la clé RSA et la passphrase sont un très bon début…
D’abord générer des clés
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/thouveni/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): ***********************************************
Enter same passphrase again: ***********************************************
Your identification has been saved in /home/thouveni/.ssh/id_rsa.
Your public key has been saved in /home/thouveni/.ssh/id_rsa.pub.
The key fingerprint is:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Ensuite diffuser sa clé publique
$ scp ~/.ssh/id_rsa.pub [user@]host:~/.ssh/authorized_keys2
id_rsa.pub 100% 401 0.4KB/s 00:00
OU
cat $HOME/.ssh/id_rsa.pub | ssh [user@]host "mkdir -p .ssh; chmod 700 .ssh; cat >> .ssh/authorized_keys"
OU
ssh-copy-id [user@]host
Enfin tester la connexion :
$ ssh [user@]host
Enter passphrase for key '/home/user/.ssh/identity':
Valider temporairement sa passphrase :
eval 'ssh-agent'
ssh-add ~/.ssh/id_rsa
Modification de votre passphrase :
ssh-keygen -p
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
5c:9b:16:56:a6:cd:11:10:3a:cd:1b:a2:91:cd:e5:1c.
Please contact your system administrator.
Add correct host key in /home/user/.ssh/known_hosts to get rid of this message.
Offending key in /home/user/.ssh/known_hosts:1
RSA host key for ras.mydomain.com has changed and you have requested strict checking.
Host key verification failed.
Solution :
ssh-keygen -R IP
