パスワードを入力をしない、scp 設定

現在、大幅な、ロボット環境の変更を行っています。

それに、伴い、RSAの再設定などを行ったので、その手順と考え方をメモ。

この例は、RSAの設定方法の忘備録です。RDCSの実際の設定方法ではありません。

ちなみに、この例は、RDCSのセキュリティーポリシーに反します。

じゃぁ、なんで書くんだ？　メモなので、、

                                            Router
                                                |
                                                |
    |---------+---------+----------+---------+---------|
RDCS        RDCS        RDCS   　　　RDCS        RDCS        RDCS
Server       Client        Client   　　　 Client        Client         Client

(1) RDCS Server
RDCS Serverの公開鍵の作成

[root@rcmp-sv01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ENTER
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ac:51:61:b8:90:a1:8b:7a:61:e7:1c:cf:47:c7:05:8d root@rcmp-sv01
The key's randomart image is:
+--[ RSA 2048]----+
|    .o .o .o     |
|   .o .. .E..    |
|  .  . ..   .    |
| . .  .o . .     |
|. + o . S o      |
|.. = + + .       |
|. . o + .        |
| .     .         |
|                 |
+-----------------+
[root@rcmp-sv01 ~]# ls -al .ssh
total 16
drwx------ 2 root root 4096 Aug 16 11:13 .
drwxr-x--- 4 root root 4096 Aug 15 16:40 ..
-rw------- 1 root root 1675 Aug 16 11:13 id_rsa
-rw-r--r-- 1 root root  396 Aug 16 11:13 id_rsa.pub
[root@rcmp-sv01 .ssh]# cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys

(2) RDCS Client
RDCS Clientの公開鍵の作成

[root@rcmp-r02 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ENTER
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): ENTER
Enter same passphrase again: ENTER
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
58:93:66:72:e3:c2:ba:6d:29:a7:52:62:52:f5:54:7b root@rcmp-r02
The key's randomart image is:
+--[ RSA 2048]----+
|       ..        |
|    . .  o       |
|   . o. X E      |
|  .  ..O +       |
| .    + S        |
|. o .. .         |
| o o.  .         |
|  . .o+          |
|   .o=.          |
+-----------------+
[root@rcmp-r02 ~]# cd .ssh
[root@rcmp-r02 .ssh]# ls -al
total 16
drwx------ 2 root root 4096 Aug 16 11:12 .
drwxr-x--- 4 root root 4096 Aug 16 11:12 ..
-rw------- 1 root root 1675 Aug 16 11:12 id_rsa
-rw-r--r-- 1 root root  395 Aug 16 11:12 id_rsa.pub
[root@rcmp-r02 .ssh]# cat ~/.ssh/id_rsa.pub > ~/.ssh/authorized_keys
[root@rcmp-r02 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtzD2RAdTTcxWUx4q0Qi/ujTejJdWuW6rS3t+Dgvxrmz5TLeZo7H0UCm361duF4rksMNGeDQe8mpZpQfB50H3ZOY/LiLXQ5SL6bOXM2y1d9OF6yjQZWw2xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
gtR1n6RHi/R3xndBm47kCQZjis9Tusnb1zHlg9afETQDFDiyfFZsmLtSldcc+Bkg9sOgD0TMGK6lwngBT2lSWgYx6agNLUpi+bNkwj6iAkIvkYvdUuTKDgVqHHym8ksd9UgRWd5U9CKOcgOrmAJ1S21 

(3) RDCS Server
RDCS Server の.ssh/authorized_keysに、RDCS Clientの.ssh/id_rsa.pub (公開鍵)を追加する。
これにより、RDCS ClientからRDCS　Serverへのscpは、パスワードなしで可能になる。
実際のオペレーションは、いろいろな方法があるので、ここでは記述しない。

ちなみに、RDCS Serverから、RDCS　Clientにパスワード無しscpを行う場合には、
RDCS Serverの公開鍵を、RDCS　Clientの .ssh/authorized_keysに追記する。

(4) RDCS Client
RDCS　Clientから、最初のscpを、Serverに行う。

[root@rcmp-r02 ~]# touch qq
[root@rcmp-r02 ~]# scp qq root@192.168.11.70:/root
The authenticity of host '192.168.11.70 (192.168.11.70)' can't be established.
ECDSA key fingerprint is df:44:09:55:a1:03:1f:0b:86:51:d0:4e:8a:50:78:26.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.11.70' (ECDSA) to the list of known hosts.

qq                                            100%    0     0.0KB/s   00:00
[root@rcmp-r02 .~]# ls -al .ssh
total 24
drwx------ 2 root root 4096 Aug 16 11:17 .
drwxr-x--- 4 root root 4096 Aug 16 11:16 ..
-rw-r--r-- 1 root root  395 Aug 16 11:14 authorized_keys
-rw------- 1 root root 1675 Aug 16 11:12 id_rsa
-rw-r--r-- 1 root root  395 Aug 16 11:12 id_rsa.pub
-rw-r--r-- 1 root root  175 Aug 16 11:17 known_hosts
[root@rcmp-r02 ~]# cat .ssh/known_hosts
192.168.11.70 ecdsa-sha2-nistp256   fdafdaawexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxYMWN3TcTnsxxxxxxxxVp4zixHzvuP7g6slxUTxm55BVZh5f+bituIVSf1ZjOBUSUYv5c=

(3) RDCS Server
RDCS Clientの最初のscp処理後

[root@rcmp-sv01 ~]# ls -al
total 36
drwxr-x---  4 root root 4096 Aug 16 11:17 .
drwxr-xr-x 17 root root 4096 Jul 18 13:38 ..
-rw-------  1 root root 6174 Aug 16 10:12 .bash_history
-rw-r--r--  1 root root  550 Feb  3  2013 .bash_profile
-rw-r--r--  1 root root  114 Jan 15  2013 .bashrc
-rw-r--r--  1 root root   40 Jan 15  2013 .exrc
drwx------  2 root root 4096 Aug 16 11:46 .ssh
drwxr-xr-x  2 root root 4096 Feb  5  2013 bin
-rw-r--r--  1 root root    0 Aug 16 11:17 qq
[root@rcmp-sv01 ~]# ls -al .ssh
total 20
drwx------ 2 root root 4096 Aug 16 11:46 .
drwxr-x--- 4 root root 4096 Aug 16 11:17 ..
-rw-r--r-- 1 root root  791 Aug 16 11:16 authorized_keys
-rw------- 1 root root 1675 Aug 16 11:13 id_rsa
-rw-r--r-- 1 root root  396 Aug 16 11:13 id_rsa.pub

peace!!