Linux Administration Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Getting ready

Connect to centos1 and centos2 in different sessions:

$ vagrant ssh centos1
$ vagrant ssh centos2

If you're working on a fresh setup, SSH to centos2 from centos1 and accept the host key when you're presented with it.

Log back out of centos2:

[vagrant@centos1 ~]$ ssh 192.168.33.11
The authenticity of host '192.168.33.11 (192.168.33.11)' can't be established.
ECDSA key fingerprint is SHA256:D4Tu/OykM/iPayCZ2okG0D2F6J9H5PzTNUuFzhzl/xw.
ECDSA key fingerprint is MD5:4b:2a:42:77:0e:24:b4:9c:6e:65:69:63:1a:57:e9:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.33.11' (ECDSA) to the list of known hosts.
vagrant@192.168.33.11's password: 
[vagrant@centos2 ~]$ logout
Connection to 192.168.33.11 closed.
[vagrant@centos1 ~]$

We've now got an entry in our known_hosts file, as shown here:

[vagrant@centos1 ~]$ cat .ssh/known_hosts 
192.168.33.11 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOK52r7ZJ8hwU34RzaY3AD7HitT6UP2qBv3WK8lWEELSoeTsmJ4+zO8QiuULp3cCQBKYqi55Z60Vf/hsEMBoULg=

Note that this IP and key are found on centos2:

[vagrant@centos2 ~]$ cat /etc/ssh/ssh_host_ecdsa_key.pub 
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOK52r7ZJ8hwU34RzaY3AD7HitT6UP2qBv3WK8lWEELSoeTsmJ4+zO8QiuULp3cCQBKYqi55Z60Vf/hsEMBoULg=

We can prove this easily by having a look at the key's fingerprint on both machines, and comparing the ASCII art.

On centos2, this is as follows:

[vagrant@centos2 ~]$ ssh-keygen -lv -f /etc/ssh/ssh_host_ecdsa_key.pub 
256 SHA256:D4Tu/OykM/iPayCZ2okG0D2F6J9H5PzTNUuFzhzl/xw no comment (ECDSA)
+---[ECDSA 256]---+
|   . .       o.  |
|  . . o.    o..  |
| o . =. .  + o.  |
|. o o.+.    B  . |
|.  + +..S. o o E.|
|. + +o. oo. .  .o|
|.+ o +o ...     o|
|o.o . +*         |
|.    o=*=        |
+----[SHA256]-----+

And from the known_hosts file on centos1 is as follows:

[vagrant@centos1 ~]$ ssh-keygen -lv -f .ssh/known_hosts 
256 SHA256:D4Tu/OykM/iPayCZ2okG0D2F6J9H5PzTNUuFzhzl/xw 192.168.33.11 (ECDSA)
+---[ECDSA 256]---+
|   . .       o.  |
|  . . o.    o..  |
| o . =. .  + o.  |
|. o o.+.    B  . |
|.  + +..S. o o E.|
|. + +o. oo. .  .o|
|.+ o +o ...     o|
|o.o . +*         |
|.    o=*=        |
+----[SHA256]-----+
That's genuinely the first time I've ever used the -v option to get the ASCII art out of a key for comparison purposes.

上一章目录下一章