1. 技术文章
  2. ssh免密码登录配置

ssh免密码登录配置

烈酒焚心 提交于 2019-12-24 14:40:55

【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>>

生成秘钥对

[root@localhost ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:D0kugFN+1mryj+fpOrQ5vzZSsLr/jKnTmm26fJvqb7g root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|    .            |
|   +   .         |
|  o o o o        |
|   . +.+ .       |
|    . +oS        |
|     +o..o       |
|     =.+  .      |
|   .+o@B+.       |
|   .E/@&Xo       |
+----[SHA256]-----+

[root@localhost ~]# ll -d .ssh/
drwx------. 2 root root 80 Jan  5 04:37 .ssh/
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ll -h
total 16K
-rw-r--r--. 1 root root  398 Nov 15 10:07 authorized_keys
-rw-------. 1 root root 1.7K Jan  5 04:37 id_rsa
-rw-r--r--. 1 root root  408 Jan  5 04:37 id_rsa.pub
-rw-r--r--. 1 root root  346 Jan  2 18:40 known_hosts

使用 ssh-copy-id 分发秘钥

[root@localhost ~]# ssh-copy-id root@192.168.32.21
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.32.21's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.32.21'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost ~]# ssh root@192.168.32.21
Last login: Fri Jan  5 04:00:03 2018 from 192.168.32.1
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.32.21  netmask 255.255.255.0  broadcast 192.168.32.255
        inet6 fe80::b224:e68a:47a:de56  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:f0:c4:2d  txqueuelen 1000  (Ethernet)
        RX packets 8929  bytes 750149 (732.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8240  bytes 691005 (674.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 20  bytes 1720 (1.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 1720 (1.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUf5wmYf6nM2d5WiZ5yzBtKx6zGEVmp0kUfZq4lnA3dO5j1JE1vZofJSA8qePI8s9iiMv9nql5ldNgqqjuaLhvlukXuKbK0egPgIJC8nZKB9SKOE4S/x7XdTEMgNZEjGXG9mkRdbHtrU2yNsDlsapwm3EUbmURh6NnVdyAvkOc+M7MefG3KXDvtphny/qllxecGV1yYPLaAN3cB9OGiF1KtPUbFhWWATTd/HMB5XXa9+nuzv7570gv6N8tx6InOJSQ35qXHy7CAsZ9CC3KQXuM7K402WzgEnoBIZJFoAws49LE9smQDZo4S9nbfvFY9o4dFXRhADCW1I35T0Q0WGwJ sunjinri@163.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD8DQqA+vVit0OwMXB2VLiwjjo2Scj7qWeWlEB+qWHYuk+K6WN8frI/HRW0TRe89fq3V/4HmE6KvG03r1r9Cd72Q16hi7wPlhnt3qS1WRGafQJXxbHZB2FJinhwIkDkBKnE1NNwbDlnyVxvUINKILbTrkwI3mu4GjZ9uLEQ+lQlSUEWCn9rNw3DNmIRMishNFz7bHFm//I71fdPFP0tx/ldLZ0A4qGuAfftv4VF2KtzLnqqkiqzSvHXhjt5x+I17FskLBRlr6tg4ha3SVSHSlg7t0jyKs0bAGS2+8j0mp6F95E1HPhvNsGOeIihFDs06e+oeUM+BpthBaCvAt648bv5 root@localhost.localdomain

[root@localhost ~]# exit
logout
Connection to 192.168.32.21 closed.

注意

1. 免密码登录时单向的
2. 秘钥是基于用户的,只对指定的用户生效
3. 批量分发秘钥的时候,每次都要输入密码,可以使用 expect 命令处理
标签
JE
iNet
LoopBack
mu
YC
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!