使用不用密码就可以立即登陆的ssh用户
将客户端生成的秘钥复制到远程主机上,当客户端登陆远程主机时,由于两者在SSH要连接的信号传递中,就已经比对过秘钥了。所以可以立即进入数据传输接口中。具体步骤如下:
1、客户端生成公钥和私钥,操作命令:ssh-keygen
2、客户端更改私钥文件路径至家目录,即:$HOME/.ssh/
3、将公钥放在远程主机端的文件中:将客户端的公钥放在远程主机端的某个用户的家目录的.ssh文件中。
实际操作:
1、客户端生成公钥和私钥文件
[root@benxiaohai ~]# ssh-keygen 使用默认算法生成秘钥文件
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
70:d6:06:5e:89:cf:d9:fb:b2:ad:50:f4:06:38:38:d0 root@benxiaohai
The key's randomart image is:
+--[ RSA 2048]----+
| ...... |
| oE=.. |
| . *o=oo |
| + o+o.o |
| S ..o |
| ... |
| . . |
| .... |
| o+. |
+-----------------+
[root@benxiaohai ~]# ls -ld ~/.ssh;ls -l ~/.ssh
drwx------. 2 root root 4096 Oct 15 09:56 /root/.ssh
total 8
-rw-------. 1 root root 1675 Oct 15 09:56 id_rsa
-rw-r--r--. 1 root root 397 Oct 15 09:56 id_rsa.pub
~/.ssh/ 目录必须要是 700 的权限才行,同时私钥文件id_rsa的权限必须是-rw-------.且属于用户自己。自动生成的公钥和私钥文件所在位置和权限都是正确的,这里只是提醒需要注意的地方。
2、将客户端生成的公钥文件拷贝到远程主机上
[root@benxiaohai ~]# scp /root/.ssh/id_rsa.pub root@192.168.100.163:/root/.ssh
root@192.168.100.163's password:
id_rsa.pub 100% 397 0.4KB/s 00:00
3、将公钥数据id_rsa.pub存放到家目录/.ssh/authorized_keys文件中,且/.ssh/authorized_keys文件权限为644
[root@shuangwaiwai .ssh]# ls -al
total 16
drwx------. 2 root root 4096 Oct 15 10:05 .
dr-xr-x---. 25 root root 4096 Oct 15 09:54 ..
-rw-r--r--. 1 root root 397 Oct 15 10:05 id_rsa.pub
-rw-r--r--. 1 root root 397 Oct 13 07:22 known_hosts
[root@shuangwaiwai .ssh]# pwd
/root/.ssh
[root@shuangwaiwai .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA155wCP9+Mcmj2LKGUG1wzKgUL1jLw8T2WM/EFe8npAglijK4lbEXsMBwxoxjD/iD4sSp4OkmI1dxe5EWlwoqYWCk7mDyPJbHfdYruuwWCN87+7HTmnx1T1PF4RzBWQytI1APBwLXSEaIaVEBdEYsV2KhstexW5RFYXoMEN1my6iou5CrlTukgJRT7BdzJEJVNqu9WZuGzixL+ymY4SKeT99M/Pubzij6BDXOeWgiiCfHBR43Lo+y4MPbDk9WkK89HhTWU7eiAvuEZFulREipSSrKxM9ZP5uIqtLNcDXrhvQoAtzR2YIVad4irYMS6Fypc4LIh+aHtK5K22DQDwQ3Nw== root@benxiaohai
[root@shuangwaiwai .ssh]# cat id_rsa.pub >authorized_keys
chmod 644 authorized_keys
最后尝试从客户端ssh登陆远程主机时发现不需要输入密码了,同时工作在ssh写的scp命令也不需要输入密码了