阿里云不重启修改或添加密钥

其他 2020-03-21 10:49:01 阅读次数: 0

阿里云不重启添加或修改密钥对

由于早期购买的服务器没有启用密钥 导致ecs无法统一使用密钥。在阿里云控制台添加密钥对的时候提示需要重启生效,感觉生产服务器重启很麻烦。不想看过程的可以直接看下面的测试及结论

image-20200117141813625

拿一台测试服务器做测试

添加密钥对重启之前的/etc/ssh/sshd_config和/root/.ssh/authorized_keys

➜  ~ ssh -i /Users/xujiamin/Downloads/pem/ac.pem   [email protected]
Last login: Fri Jan 17 13:00:29 2020 from 60.191.70.67

Welcome to Alibaba Cloud Elastic Compute Service !

[root@iZbp1636bkymp3ar79492aZ ~]# cat /etc/ssh/sshd_config  |grep -v '#' |grep -v '^$'
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
AuthorizedKeysFile	.ssh/authorized_keys
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem	sftp	/usr/libexec/openssh/sftp-server
UseDNS no
AddressFamily inet
PermitRootLogin yes
SyslogFacility AUTHPRIV
PasswordAuthentication yes

[root@iZbp1636bkymp3ar79492aZ ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpSv2/Ks0f4Db0dBW3mxRno95EYYb7WXhVn1XOSz4pZOOZ3zxnFRrAC6UZsxmdkFliAAREwIKgKSkngf2XQUavGKsY8LQFC/xOChNiq2ZchWwxCVuHAKnhpBxW4rKyiSzNIJtLqXbBWOrTzHNFDk/ZoxVrfIYb+N+u7fT6Q7Y6PHbitBNZYC5ZfZzrc3laYYIEZfvkTtJRBgxm1l24HRca6uWf2axfHgadyVtLRuxG6kQRdvyTderlizNyaRijdxcKiy5w1biS4Igv7WLqRKMYpZJzajgcW9u5eSdJRQ+Z8sPrt3d+mGMp1CKfHGQSTtsN5F1Cv0xSnq8xCkNUdf3 root@panda
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxrpXLpfwFi9N2VFBRHBabGTStYcMGdisO6Y8jKmr/YcpEeJzmXqlkOuNOUGvyeRqDFjFIrgbTHR2xq/wDJFW9+73aZ+Uq38jR8Nsgnklu6ShttJhO0g7fJt2PtBrBeJUDVlDqt16DD5aKgA+Rs8D9DVrWXhk84JyvfM3w0eN0qCRhWzNiMjorRd+zn6R/M2BsZ9qHu1LCJVrs/HXt1qixVvQEQEn+idzzNgiHIDONP6CPnWXASQZ2Y6pdYZOChS/IZuPe5P1Gqd9WVSG0EuI2dMmZlfXdbCOia9eK66YYK4AZlatMARSy+dLqeTax03wzkc4LYUZrxV+5LgdCQszj [email protected]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZXaZ11cn4Yee1OqNDT+xS03s46PN16DOCKRdSJdWmhoD1qCkfRdxm1gF1TZsWmphK6hlyvHYJEWdidGhvqtdPXHGfEgZm5jMuswkYw1zGOpKxMMtGe4nwLS7GIJwUdCdyMW6HSkwQribPlfcWeHmS0buzeR8LZhMvHzk5oQhZJStbnuZMlDHpn3PQmLSrwSfG/EaQnGDYS7+kC//Ambx7qZ/wW2vpp+WivsgO7isDarF29NxBcKrZglFK5adug6QOCBZ45cVVJCgbXtgN8+TrFL3ghJ3CN2kctfzlLmbbDU52oPOrLnpEDctM5OTwskz6+iLY7q/W1TevItz6mZuN skp-bp1995ou9mbtq1n4teqa
[root@iZbp1636bkymp3ar79492aZ ~]#
添加密钥对 重启生效后的同一台服务器
cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpSv2/Ks0f4Db0dBW3mxRno95EYYb7WXhVn1XOSz4pZOOZ3zxnFRrAC6UZsxmdkFliAAREwIKgKSkngf2XQUavGKsY8LQFC/xOChNiq2ZchWwxCVuHAKnhpBxW4rKyiSzNIJtLqXbBWOrTzHNFDk/ZoxVrfIYb+N+u7fT6Q7Y6PHbitBNZYC5ZfZzrc3laYYIEZfvkTtJRBgxm1l24HRca6uWf2axfHgadyVtLRuxG6kQRdvyTderlizNyaRijdxcKiy5w1biS4Igv7WLqRKMYpZJzajgcW9u5eSdJRQ+Z8sPrt3d+mGMp1CKfHGQSTtsN5F1Cv0xSnq8xCkNUdf3 root@panda
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxrpXLpfwFi9N2VFBRHBabGTStYcMGdisO6Y8jKmr/YcpEeJzmXqlkOuNOUGvyeRqDFjFIrgbTHR2xq/wDJFW9+73aZ+Uq38jR8Nsgnklu6ShttJhO0g7fJt2PtBrBeJUDVlDqt16DD5aKgA+Rs8D9DVrWXhk84JyvfM3w0eN0qCRhWzNiMjorRd+zn6R/M2BsZ9qHu1LCJVrs/HXt1qixVvQEQEn+idzzNgiHIDONP6CPnWXASQZ2Y6pdYZOChS/IZuPe5P1Gqd9WVSG0EuI2dMmZlfXdbCOia9eK66YYK4AZlatMARSy+dLqeTax03wzkc4LYUZrxV+5LgdCQszj [email protected]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZXaZ11cn4Yee1OqNDT+xS03s46PN16DOCKRdSJdWmhoD1qCkfRdxm1gF1TZsWmphK6hlyvHYJEWdidGhvqtdPXHGfEgZm5jMuswkYw1zGOpKxMMtGe4nwLS7GIJwUdCdyMW6HSkwQribPlfcWeHmS0buzeR8LZhMvHzk5oQhZJStbnuZMlDHpn3PQmLSrwSfG/EaQnGDYS7+kC//Ambx7qZ/wW2vpp+WivsgO7isDarF29NxBcKrZglFK5adug6QOCBZ45cVVJCgbXtgN8+TrFL3ghJ3CN2kctfzlLmbbDU52oPOrLnpEDctM5OTwskz6+iLY7q/W1TevItz6mZuN skp-bp1995ou9mbtq1n4teqa
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCSuyYNLsvDsJ7xsriUg5QqNnU0VEXm1/4QHAOhO0r7vF1BbvmU60wLSt3T9fjQj4My7EBuJTaZCZRapFifMcAdzPGal1Lpvux1sA3bzd2WLcEKLvSXynWRC/WPEeGGzVlKPaJKe7UnHBRCAIxh0eCsNNRiq8+rTNRZTame62kk1y85czQexhrH1p0jLpTen0MxLZF6UIE8lXJxaeaa2RnROijmP4jIByontBjJ0A/CyRCyaPf4UVSKn8ILAsWE2twqY0J/glTtytCZcfe1xjVGGaPiXaZJosxw7TRI9cMdOGbvEWo0uGr0oW7zNfM3vc5HxaAKsYO4dK4dxyJBp6AD skp-bp1i5sbfmyi45a9ibohl


[root@izbp1636bkymp3ar79492az ~]# cat /etc/ssh/sshd_config  |grep -v '#' |grep -v '^$'
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
AuthorizedKeysFile	.ssh/authorized_keys
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem	sftp	/usr/libexec/openssh/sftp-server
UseDNS no
AddressFamily inet
PermitRootLogin yes
SyslogFacility AUTHPRIV
PasswordAuthentication no
使用密钥对登陆
Last login: Fri Jan 17 13:57:49 on ttys003
➜  ~ ssh -i /Users/xujiamin/Downloads/pem/op.pem   [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpSv2/Ks0f4Db0dBW3mxRno95EYYb7WXhVn1XOSz4pZOOZ3zxnFRrAC6UZsxmdkFliAAREwIKgKSkngf2XQUavGKsY8LQFC/xOChNiq2ZchWwxCVuHAKnhpBxW4rKyiSzNIJtLqXbBWIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:K0qJY6EuxrIf6pf0+o2L6T4jNyOCHg6ulfABzAC3Elk.
Please contact your system administrator.
Add correct host key in /Users/xujiamin/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/xujiamin/.ssh/known_hosts:88
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
➜  ~ ssh -i /Users/xujiamin/Downloads/pem/ac.pem   [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:K0qJY6EuxrIf6pf0+o2L6T4jNyOCHg6ulfABzAC3Elk.
Please contact your system administrator.
Add correct host key in /Users/xujiamin/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/xujiamin/.ssh/known_hosts:88
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Last login: Fri Nov 22 16:28:12 2019 from 192.168.1.187

Welcome to Alibaba Cloud Elastic Compute Service !

[root@iZbp1636bkymp3ar79492aZ ~]#
[root@iZbp1636bkymp3ar79492aZ ~]#
[root@iZbp1636bkymp3ar79492aZ ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpSv2/Ks0f4Db0dBW3mxRno95EYYb7WXhVn1XOSz4pZOOZ3zxnFRrAC6UZsxmdkFliAAREwIKgKSkngf2XQUavGKsY8LQFC/xOChNiq2ZchWwxCVuHAKnhpBxW4rKyiSzNIJtLqXbBWOrTzHNFDk/ZoxVrfIYb+N+u7fT6Q7Y6PHbitBNZYC5ZfZzrc3laYYIEZfvkTtJRBgxm1l24HRca6uWf2axfHgadyVtLRuxG6kQRdvyTderlizNyaRijdxcKiy5w1biS4Igv7WLqRKMYpZJzajgcW9u5eSdJRQ+Z8sPrt3d+mGMp1CKfHGQSTtsN5F1Cv0xSnq8xCkNUdf3 root@panda
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxrpXLpfwFi9N2VFBRHBabGTStYcMGdisO6Y8jKmr/YcpEeJzmXqlkOuNOUGvyeRqDFjFIrgbTHR2xq/wDJFW9+73aZ+Uq38jR8Nsgnklu6ShttJhO0g7fJt2PtBrBeJUDVlDqt16DD5aKgA+Rs8D9DVrWXhk84JyvfM3w0eN0qCRhWzNiMjorRd+zn6R/M2BsZ9qHu1LCJVrs/HXt1qixVvQEQEn+idzzNgiHIDONP6CPnWXASQZ2Y6pdYZOChS/IZuPe5P1Gqd9WVSG0EuI2dMmZlfXdbCOia9eK66YYK4AZlatMARSy+dLqeTax03wzkc4LYUZrxV+5LgdCQszj [email protected]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZXaZ11cn4Yee1OqNDT+xS03s46PN16DOCKRdSJdWmhoD1qCkfRdxm1gF1TZsWmphK6hlyvHYJEWdidGhvqtdPXHGfEgZm5jMuswkYw1zGOpKxMMtGe4nwLS7GIJwUdCdyMW6HSkwQribPlfcWeHmS0buzeR8LZhMvHzk5oQhZJStbnuZMlDHpn3PQmLSrwSfG/EaQnGDYS7+kC//Ambx7qZ/wW2vpp+WivsgO7isDarF29NxBcKrZglFK5adug6QOCBZ45cVVJCgbXtgN8+TrFL3ghJ3CN2kctfzlLmbbDU52oPOrLnpEDctM5OTwskz6+iLY7q/W1TevItz6mZuN skp-bp1995ou9mbtq1n4teqa
[root@iZbp1636bkymp3ar79492aZ ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnpSv2/Ks0f4Db0dBW3mxRno95EYYb7WXhVn1XOSz4pZOOZ3zxnFRrAC6UZsxmdkFliAAREwIKgKSkngf2XQUavGKsY8LQFC/xOChNiq2ZchWwxCVuHAKnhpBxW4rKyiSzNIJtLqXbBWOrTzHNFDk/ZoxVrfIYb+N+u7fT6Q7Y6PHbitBNZYC5ZfZzrc3laYYIEZfvkTtJRBgxm1l24HRca6uWf2axfHgadyVtLRuxG6kQRdvyTderlizNyaRijdxcKiy5w1biS4Igv7WLqRKMYpZJzajgcW9u5eSdJRQ+Z8sPrt3d+mGMp1CKfHGQSTtsN5F1Cv0xSnq8xCkNUdf3 root@panda
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxrpXLpfwFi9N2VFBRHBabGTStYcMGdisO6Y8jKmr/YcpEeJzmXqlkOuNOUGvyeRqDFjFIrgbTHR2xq/wDJFW9+73aZ+Uq38jR8Nsgnklu6ShttJhO0g7fJt2PtBrBeJUDVlDqt16DD5aKgA+Rs8D9DVrWXhk84JyvfM3w0eN0qCRhWzNiMjorRd+zn6R/M2BsZ9qHu1LCJVrs/HXt1qixVvQEQEn+idzzNgiHIDONP6CPnWXASQZ2Y6pdYZOChS/IZuPe5P1Gqd9WVSG0EuI2dMmZlfXdbCOia9eK66YYK4AZlatMARSy+dLqeTax03wzkc4LYUZrxV+5LgdCQszj [email protected]
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCZXaZ11cn4Yee1OqNDT+xS03s46PN16DOCKRdSJdWmhoD1qCkfRdxm1gF1TZsWmphK6hlyvHYJEWdidGhvqtdPXHGfEgZm5jMuswkYw1zGOpKxMMtGe4nwLS7GIJwUdCdyMW6HSkwQribPlfcWeHmS0buzeR8LZhMvHzk5oQhZJStbnuZMlDHpn3PQmLSrwSfG/EaQnGDYS7+kC//Ambx7qZ/wW2vpp+WivsgO7isDarF29NxBcKrZglFK5adug6QOCBZ45cVVJCgbXtgN8+TrFL3ghJ3CN2kctfzlLmbbDU52oPOrLnpEDctM5OTwskz6+iLY7q/W1TevItz6mZuN skp-bp1995ou9mbtq1n4teqa
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCSuyYNLsvDsJ7xsriUg5QqNnU0VEXm1/4QHAOhO0r7vF1BbvmU60wLSt3T9fjQj4My7EBuJTaZCZRapFifMcAdzPGal1Lpvux1sA3bzd2WLcEKLvSXynWRC/WPEeGGzVlKPaJKe7UnHBRCAIxh0eCsNNRiq8+rTNRZTame62kk1y85czQexhrH1p0jLpTen0MxLZF6UIE8lXJxaeaa2RnROijmP4jIByontBjJ0A/CyRCyaPf4UVSKn8ILAsWE2twqY0J/glTtytCZcfe1xjVGGaPiXaZJosxw7TRI9cMdOGbvEWo0uGr0oW7zNfM3vc5HxaAKsYO4dK4dxyJBp6AD skp-bp1i5sbfmyi45a9ibohl
[root@iZbp1636bkymp3ar79492aZ ~]# 登出
Connection to 47.110.124.91 closed.
➜  ~ ssh -i /Users/xujiamin/Downloads/pem/op.pem   [email protected]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:K0qJY6EuxrIf6pf0+o2L6T4jNyOCHg6ulfABzAC3Elk.
Please contact your system administrator.
Add correct host key in /Users/xujiamin/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/xujiamin/.ssh/known_hosts:88
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Last login: Fri Jan 17 13:58:12 2020 from 60.191.70.67

Welcome to Alibaba Cloud Elastic Compute Service !

测试及结论

用原来的密码 + ac.pem的镜像初始化出来的机子。 通过阿里云控制台添加pd.pem ,手动加入op.pem并重启之后。密钥变化会如何

还是这台机子 重新灌镜像

image-20200117143511441

1 手动添加op.pem之后测试 镜像包含的ac.pem和刚刚手动添加的op.pem都可以登陆 pd.pem因为还没有重启 还不能登陆

image-20200117143654223

2 重启服务器之后 发现 ac.pem pd.pem和op.pem都可以登陆,但是密码登陆不行了

image-20200117144125130

需要修改/etc/ssh/sshd_config

PasswordAuthentication yes # 把no改成yes

修改完成之后重启sshd服务

service sshd restart

密码登陆功能开启了。但是密码已经不是原来的密码了。需要使用密钥登陆上去使用passwd 重置一下root密码

估计是关闭了密码的功能 导致密码失效了

image-20200117144555077

爷来辣
发布了300 篇原创文章 · 获赞 25 · 访问量 14万+
私信 关注

猜你喜欢

转载自blog.csdn.net/xujiamin0022016/article/details/104070798
今日推荐
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
中国码农的“35岁魔咒”
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
周排行
Java自定义时间格式
同步整形电路
在开发中最最最常用的字符串的属性大集合
Linux 查看端口占用并杀掉
Java基础四:ArrayList
多线程之死锁就是这么简单
mysql 基础命令集
awk 命令详解
Centos6.3编译安装nginx+php步骤
OCR (Optical Character Recognition,光学字符识别)
每日归档
更多
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022