SSH实现免密登陆配置
ssh实现免密码登录的配置过程,主要分为以下几个步骤:
- serverA生成密钥,包括私钥和公钥
- serverA将公钥传到serverB上
- serverA上配置serverB登陆的相关参数
serverA使用admin用户创建密钥
[root@serverA ~]# useradd admin
[root@serverA ~]# echo '123456' | passwd --stdin admin
Changing password for user admin.
passwd: all authentication tokens updated successfully.
[root@serverA ~]# su - admin
[admin@serverA ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa): //直接回车
Created directory '/home/admin/.ssh'.
Enter passphrase (empty for no passphrase): //直接回车
Enter same passphrase again: //直接回车
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QrWAlLwUL0UNG/VYp5sH8/1R90iXb6aXr1OIege7dHQ admin@serverA
The key's randomart image is:
+---[RSA 3072]----+
| oo=*+o . . |
| =o =.= o .|
| ...+ o = ..+|
| .o * o o=|
| . S o o.+oE|
| . .o..*+|
| ..oooo|
| ..o.o..|
| ..o.o.|
+----[SHA256]-----+
[admin@serverA ~]$ ls ./.ssh/
id_rsa id_rsa.pub
在serverB上创建Centos用户
[root@serverB ~]# useradd Centos
[root@serverB ~]# echo "123456" | passwd --stdin Centos
Changing password for user Centos.
passwd: all authentication tokens updated successfully.
[root@serverB ~]# su - Centos
[Centos@serverB ~]$
将serverA上的公钥传到以Centos用户身份登录的serverB上
[admin@serverA ~]$ ssh-copy-id Centos@192.168.121.11
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/admin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Centos@192.168.121.11's password: //输入Centos用户的密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'Centos@192.168.121.11'"
and check to make sure that only the key(s) you wanted were added.
用Centos用户身份登陆serverB,查看传输的公钥
[Centos@serverB ~]$ ls .ssh/
authorized_keys
[Centos@serverB ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ5RO52kT73h9B9P1ttUQSfF5eVR+sJ7JG/XTmdtYDKM5Tmb9djUVMrzfzjRAcX8hdBRzcZqXVtg7VozVuJefsewmk+eu4dXTZfr0BbeaWuIj8lQRx9mMcqQSXfi41OZnYOKYfM/GQIGVWm99wP2JJwM6CUgoLZyxOVibnScTjoJNbW0I35BxuWg3MzVLImW8DxSl8USlN1RjBM6BaxGLSn1VpjPpyiolUDwGtOfCqF6iKOhhqRBiH8RiOsxEvZ+z5wwYT3uy/OvistRH+ur/3knplajON5H3ds9+9jQkNxk2w6fJv2bSMrKsOGsv6txeQoRw066LkdHRVuc4bjT4ZOCp7FZVAq4A9xWK51/lrbMWL2E7tt+JNsCR0NhJWLE28bzsdXP6/jo+VGxjtlMiLMkTq2h77eYDTlnZ0QS86OsD1yRBEsbIsLBTuMZXY3wSq67cGduUnc99Kye0EdYgam5PcSMBq86YIIq8eehg18QnVJo2yl8Q4pNLmEcqrXJM= admin@serverA
测试在serverA上用Centos用户登陆serverB
[admin@serverA ~]$ ssh Centos@192.168.121.11
Last login: Mon Dec 14 21:42:15 2020
[Centos@serverB ~]$
在serverA上修改登陆serverB相关参数,简化快速登陆serverB
首先在~/.ssh/目录下创建config文件
[admin@serverA ~]$ cd ~/.ssh/
[admin@serverA .ssh]$ touch config
[admin@serverA .ssh]$ ls
config id_rsa id_rsa.pub known_hosts
config文件的配置内容如下:
[admin@serverA .ssh]$ vim config
[admin@serverA .ssh]$ cat config
Host serverB
Hostname 192.168.121.11
Port 22
User Centos
- Host为服务器的名称,输入登录命令时使用,登录只需要用serverB即可
- Hostname为服务器的ip地址
- Port为ssh的端口
- User为服务器的用户名
配置好相关参数之后,需要给config修改权限,否则会报错
[admin@serverA ~]$ ssh serverB
Bad owner or permissions on /home/admin/.ssh/config //权限没修改就会登录报错
[admin@serverA ~]$ ll ~/.ssh/config
-rw-rw-r--. 1 admin admin 57 Dec 14 14:01 /home/admin/.ssh/config
[admin@serverA ~]$ chmod 600 ~/.ssh/config
[admin@serverA ~]$ ll ~/.ssh/config
-rw-------. 1 admin admin 57 Dec 14 14:01 /home/admin/.ssh/config
最后就可以简化登陆serverB了
[admin@serverA ~]$ ssh serverB
Last login: Mon Dec 14 21:57:35 2020 from 192.168.121.10
[Centos@serverB ~]$ hostname
serverB
[Centos@serverB ~]$