+-
首页 专栏 linux 文章详情
小伍 发布于 3 月 2 日
关注作者
关注作者
0
Linux 服务器之间使用公钥实现免密码登录
小伍 发布于 3 月 2 日
配置步骤
serverA 服务器:
[root@serverA ~]# su - usera
[usera@serverA ~]$ pwd
/home/usera# 使用RSA生成密钥对
[usera@serverA ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/usera/.ssh/id_rsa):
Created directory '/home/usera/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/usera/.ssh/id_rsa.
Your public key has been saved in /home/usera/.ssh/id_rsa.pub.
The key fingerprint is:
39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA
The key's randomart image is:
+--[ RSA 2048]----+
| Eo* |
| @ . |
| = * |
| o o . |
| . S . |
| + . . |
| + . .|
| + . o . |
| .o= o. |
+-----------------+# 查看生成的密钥对
[usera@serverA ~]$ ls -la .ssh
总用量 16
drwx------ 2 usera usera 4096 8月 24 09:22 .
drwxrwx--- 12 usera usera 4096 8月 24 09:22 ..
-rw------- 1 usera usera 1675 8月 24 09:22 id_rsa
-rw-r--r-- 1 usera usera 399 8月 24 09:22 id_rsa.pub# 将公钥上传到serverB服务器的userb用户下
# ssh-copy-id -i ~/.ssh/id_rsa.pub "-p 10022 [email protected]"
[usera@portalweb1 ~]$ ssh-copy-id [email protected]
The authenticity of host '10.124.84.20 (10.124.84.20)' can't be established.
RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.124.84.20' (RSA) to the list of known hosts.
[email protected]'s password:
Now try logging into the machine, with "ssh '[email protected]'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.# 查看serverA服务器上usera的公钥文件内容
[usera@serverA ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbu...serverB 服务器:
# 查看serverB服务器userb用户下的 ~/.ssh/authorized_keys 文件
[userb@serverB ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbu...# 查看authorized_keys和id_rsa的权限是否为600,登陆后会有known_hosts文件生成。
[useb@serverB ~]$ ls -la .ssh
total 24
drwx------. 2 useb useb 4096 Jul 27 16:13 .
drwx------. 35 useb useb 4096 Aug 24 09:18 ..
-rw------- 1 useb useb 796 Aug 24 09:24 authorized_keys
-rw------- 1 useb useb 1675 Jul 27 16:09 id_rsa
-rw-r--r-- 1 useb useb 397 Jul 27 16:09 id_rsa.pub
-rw-r--r-- 1 useb useb 1183 Aug 11 13:57 known_hostsserverA 服务器免密码登录serverB 服务器:
[usera@serverA ~]$ ssh [email protected]拷贝公钥的方法
将公钥拷贝到目标服务器的 ~/.ssh/authorized_keys 文件中方法有如下几种:
1、将公钥通过scp拷贝到目标服务器上,然后追加到 ~/.ssh/authorized_keys 文件中,这种方式比较麻烦。scp -P 22 ~/.ssh/id_rsa.pub user@host:~/。
2、通过ssh-copy-id程序,就是我演示的方法,ssh-copyid user@host。
3、可以通过cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host ‘cat >> ~/.ssh/authorized_keys',这个也是比较常用的方法,因为可以更改端口号。
linux centos
阅读 44 发布于 3 月 2 日
赞
收藏
分享
本作品系原创, 采用《署名-非商业性使用-禁止演绎 4.0 国际》许可协议
小伍
22 声望
0 粉丝
0 条评论
得票 时间
提交评论
小伍
22 声望
0 粉丝
宣传栏
目录
▲
配置步骤
serverA 服务器:
[root@serverA ~]# su - usera
[usera@serverA ~]$ pwd
/home/usera# 使用RSA生成密钥对
[usera@serverA ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/usera/.ssh/id_rsa):
Created directory '/home/usera/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/usera/.ssh/id_rsa.
Your public key has been saved in /home/usera/.ssh/id_rsa.pub.
The key fingerprint is:
39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA
The key's randomart image is:
+--[ RSA 2048]----+
| Eo* |
| @ . |
| = * |
| o o . |
| . S . |
| + . . |
| + . .|
| + . o . |
| .o= o. |
+-----------------+# 查看生成的密钥对
[usera@serverA ~]$ ls -la .ssh
总用量 16
drwx------ 2 usera usera 4096 8月 24 09:22 .
drwxrwx--- 12 usera usera 4096 8月 24 09:22 ..
-rw------- 1 usera usera 1675 8月 24 09:22 id_rsa
-rw-r--r-- 1 usera usera 399 8月 24 09:22 id_rsa.pub# 将公钥上传到serverB服务器的userb用户下
# ssh-copy-id -i ~/.ssh/id_rsa.pub "-p 10022 [email protected]"
[usera@portalweb1 ~]$ ssh-copy-id [email protected]
The authenticity of host '10.124.84.20 (10.124.84.20)' can't be established.
RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.124.84.20' (RSA) to the list of known hosts.
[email protected]'s password:
Now try logging into the machine, with "ssh '[email protected]'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.# 查看serverA服务器上usera的公钥文件内容
[usera@serverA ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbu...serverB 服务器:
# 查看serverB服务器userb用户下的 ~/.ssh/authorized_keys 文件
[userb@serverB ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbu...# 查看authorized_keys和id_rsa的权限是否为600,登陆后会有known_hosts文件生成。
[useb@serverB ~]$ ls -la .ssh
total 24
drwx------. 2 useb useb 4096 Jul 27 16:13 .
drwx------. 35 useb useb 4096 Aug 24 09:18 ..
-rw------- 1 useb useb 796 Aug 24 09:24 authorized_keys
-rw------- 1 useb useb 1675 Jul 27 16:09 id_rsa
-rw-r--r-- 1 useb useb 397 Jul 27 16:09 id_rsa.pub
-rw-r--r-- 1 useb useb 1183 Aug 11 13:57 known_hostsserverA 服务器免密码登录serverB 服务器:
[usera@serverA ~]$ ssh [email protected]拷贝公钥的方法
将公钥拷贝到目标服务器的 ~/.ssh/authorized_keys 文件中方法有如下几种:
1、将公钥通过scp拷贝到目标服务器上,然后追加到 ~/.ssh/authorized_keys 文件中,这种方式比较麻烦。scp -P 22 ~/.ssh/id_rsa.pub user@host:~/。
2、通过ssh-copy-id程序,就是我演示的方法,ssh-copyid user@host。
3、可以通过cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host ‘cat >> ~/.ssh/authorized_keys',这个也是比较常用的方法,因为可以更改端口号。
