背景:

1客户A和B俩台主机之间需要实现免密钥登录,已绑定腾讯云申请的密钥对

系统:centos7.3

A:192.168.0.100

B:192.168.0.84

A主机的私钥文件:aaa

B主机的私钥文件:bbb

公钥文件:authorized_keys

/etc/ssh/sshd.conf文件修改参数,前面有“#”注释符的需要去掉

HostKey /etc/ssh/ssh_host_rsa_key

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys

PasswordAuthentication no

参考sshd_config配置文件,注意系统版本,不适用centos6.x版本,修改配置文件前做好备份

 #    $OpenBSD: sshd_config,v 1.93 // :: djm Exp $

 # This is the sshd server system-wide configuration file.  See

 # sshd_config() for more information.

 # This sshd was compiled with PATH=/usr/local/bin:/usr/bin

 # The strategy used for options in the default sshd_config shipped with

 # OpenSSH is to specify options with their default value where

 # possible, but leave them commented.  Uncommented options override the

 # default value.

 # If you want to change the port on a SELinux system, you have to tell

 # SELinux about this change.

 # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER

 #

 #Port

 #AddressFamily any

 #ListenAddress 192.168.0.100

 #ListenAddress 192.168.0.100

 # The default requires explicit activation of protocol

 #Protocol 

 # HostKey for protocol version

 #HostKey /etc/ssh/ssh_host_key

 # HostKeys for protocol version

 HostKey /etc/ssh/ssh_host_rsa_key

 #HostKey /etc/ssh/ssh_host_dsa_key

 HostKey /etc/ssh/ssh_host_ecdsa_key

 HostKey /etc/ssh/ssh_host_ed25519_key

 # Lifetime and size of ephemeral version  server key

 #KeyRegenerationInterval 1h

 #ServerKeyBits 

 # Ciphers and keying

 #RekeyLimit default none

 # Logging

 # obsoletes QuietMode and FascistLogging

 #SyslogFacility AUTH

 SyslogFacility AUTHPRIV

 #LogLevel INFO

 # Authentication:

 #LoginGraceTime 2m

 #PermitRootLogin yes

 #StrictModes yes

 #MaxAuthTries

 #MaxSessions 

 RSAAuthentication yes

 PubkeyAuthentication yes

 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2

 # but this is overridden so installations will only check .ssh/authorized_keys

 AuthorizedKeysFile    .ssh/authorized_keys

 #AuthorizedPrincipalsFile none

 #AuthorizedKeysCommand none

 #AuthorizedKeysCommandUser nobody

 # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts

 #RhostsRSAAuthentication no

 # similar for protocol version

 #HostbasedAuthentication no

 # Change to yes if you don't trust ~/.ssh/known_hosts for

 # RhostsRSAAuthentication and HostbasedAuthentication

 #IgnoreUserKnownHosts no

 # Don't read the user's ~/.rhosts and ~/.shosts files

 #IgnoreRhosts yes

 # To disable tunneled clear text passwords, change to no here!

 #PasswordAuthentication no

 #PermitEmptyPasswords no

 PasswordAuthentication no

 # Change to no to disable s/key passwords

 #ChallengeResponseAuthentication yes

 ChallengeResponseAuthentication no

 # Kerberos options

 #KerberosAuthentication no

 #KerberosOrLocalPasswd yes

 #KerberosTicketCleanup yes

 #KerberosGetAFSToken no

 #KerberosUseKuserok yes

 # GSSAPI options

 GSSAPIAuthentication yes

 GSSAPICleanupCredentials no

 #GSSAPIStrictAcceptorCheck yes

 #GSSAPIKeyExchange no

 #GSSAPIEnablek5users no

 # Set this to 'yes' to enable PAM authentication, account processing,

 # and session processing. If this is enabled, PAM authentication will

 # be allowed through the ChallengeResponseAuthentication and

 # PasswordAuthentication.  Depending on your PAM configuration,

 # PAM authentication via ChallengeResponseAuthentication may bypass

 # the setting of "PermitRootLogin without-password".

 # If you just want the PAM account and session checks to run without

 # PAM authentication, then enable this but set PasswordAuthentication

 # and ChallengeResponseAuthentication to 'no'.

 # WARNING: 'UsePAM no' is not supported in Red Hat Enterprise Linux and may cause several

 # problems.

 UsePAM yes

 #AllowAgentForwarding yes

 #AllowTcpForwarding yes

 #GatewayPorts no

 X11Forwarding yes

 #X11DisplayOffset

 #X11UseLocalhost yes

 #PermitTTY yes

 #PrintMotd yes

 #PrintLastLog yes

 #TCPKeepAlive yes

 #UseLogin no

 UsePrivilegeSeparation sandbox        # Default for new installations.

 #PermitUserEnvironment no

 #Compression delayed

 #ClientAliveInterval

 #ClientAliveCountMax

 #ShowPatchLevel no

 UseDNS no

 #PidFile /var/run/sshd.pid

 #MaxStartups ::

 #PermitTunnel no

 #ChrootDirectory none

 #VersionAddendum none

 # no default banner path

 #Banner none

 # Accept locale-related environment variables

 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES

 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT

 AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE

 AcceptEnv XMODIFIERS

 # override default of no subsystems

 Subsystem    sftp    /usr/libexec/openssh/sftp-server

 # Example of overriding settings on a per-user basis

 #Match User anoncvs

 #    X11Forwarding no

 #    AllowTcpForwarding no

 #    PermitTTY no

 #    ForceCommand cvs server

操作步骤

1.首先把aaa和bbb私钥文件分别上传到A主机和B主机上的/root/.ssh/目录中(上传可以安装lrzsz工具,直接拖文件到服务器即可)

A主机:

B:主机

2.将A主机中的authorized_keys中的公钥拷贝到B主机的authorized_keys文件中

将B主机中的authorized_keys中的公钥保存的A主机的authorized_keys文件中

A主机的authorized_keys文件

B主机的authorized_keys文件

3.将A主机和B主机的私钥文件分别修改为id_rsa

A主机.ssh/目录下的内容

mv /root/.ssh/aaa /root/.ssh/id_rsa

B主机.ssh/目录下的内容

mv /root/.ssh/aaa /root/.ssh/id_rsa

4.分别在A主机和B主机上执行下面授权操作

chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys

chmod 600 ~/.ssh/id_rsa

最后来验证

A主机远程B主机:

B主机远程A主机

腾讯云CVM之间配置免密钥登录的更多相关文章

  1. Linux机器之间SSH免密钥登录设置

    SSH免密钥登录 私钥:密钥留在本机 公钥:密钥发给其他机 hadoop01 生成密钥: ssh-keygen -t rsa (密钥存放路径:/root/.ssh) id_rsa:私钥 id_rsa. ...

  2. linux 服务器之间配置免密登录

    客户机:172.16.1.2 远程机:172.16.1.3 1.远程机 a.允许root用户通过22端口登录 vi /etc/ssh/sshd_config PORT 22 PermitRootLog ...

  3. 弹性配置为构建提速 - CODING & 腾讯云 CVM 最佳实践

    CODING 中提供了内置云主机用来执行持续集成(CI)中的构建计划,能够胜任大部分构建任务.但如果碰上了大型项目的构建,或者需要在本地服务器生成构建成果,单个计算资源就显得有点捉急了.针对这一部分需 ...

  4. 集群中配置多台机器之间 SSH 免密码登录

    集群中配置多台机器之间 SSH 免密码登录 问题描述 由于现在项目大多数由传统的单台机器部署,慢慢转变成多机器的集群化部署. 但是,这就涉及到机器间的 SSH 免密码互通问题. 当集群机器比较多的时候 ...

  5. java:Linux(简单命令,远程ssh使用hostname访问,.免密钥登录配置)

    1.临时关闭防火墙: service  iptables  stop 临时开启防火墙: service  iptables  start 查看防火墙状态: service  iptables  sta ...

  6. linux系统ssh免密钥登录配置

    linux主机配置ssh免密钥登录,具体配置如下: 1.执行命令ssh-keygen -t rsa,生成公钥和私钥(具体步骤详见下图) 2.会在当前用户的家目录的.ssh/生成公钥和私钥, 3.执行s ...

  7. 集群之间配置 SSH无密码登录

    集群之间配置 SSH无密码登录 配置 ssh (1)基本语法 ssh 另一台电脑的 ip 地址 (2)ssh 连接时出现 Host key verification failed 的解决方法 # ss ...

  8. [CentOS] SSH 免密钥登录

    一.环境说明: 操作系统:CentOS-7-x86_64-Minimal-1611 虚拟机:VMware® Workstation 12 Pro:12.5.5 build-5234757 服务器:no ...

  9. 014-配置SSH免密钥登录

    问题:client端需要免密钥登录服务器server如何配置?1.前提:客户端已安装openssh-client;服务端已安装openssh-server;服务器端22号端口已经打开2.需要密钥登录时 ...

随机推荐

  1. 23.Secondary Index

    一. Secondary Index(二级索引)1.1. Secondary Index 介绍 • Clustered Index(聚集索引) ◦ 叶子节点存储所有记录(all row data) • ...

  2. PHP的核心配置详解

    1.PHP核心配置详解 代码在不同的环境下执行的结果也会大有不同,可能就因为一个配置问题,导致一个非常高危的漏洞能够利用:也可能你已经找到的一个漏洞就因为你的配置问题,导致你鼓捣很久都无法构造成功的漏 ...

  3. python3.x与2.x区别

    1.性能 Py3.0运行 pystone benchmark的速度比Py2.5慢30%.Guido认为Py3.0有极大的优化空间,在字符串和整形操作上可 以取得很好的优化结果. Py3.1性能比Py2 ...

  4. luogu 2480 古代猪文 数论合集(CRT+Lucas+qpow+逆元)

    一句话题意:G 的 sigma d|n  C(n d) 次幂  mod 999911659 (我好辣鸡呀还是不会mathjax) 分析: 1.利用欧拉定理简化模运算 ,将上方幂设为x,则x=原式mod ...

  5. 【游记】THUWC2018踹线记

    Day1. 早上九点多报道,然后就是试机.一开始有一些懵,没看清门外的通知,操作起来各种懵逼.不过提前适应过了在Linux下面编程,所以问题不大.调了gedit的界面,试了一下对拍,敲了一道试机题,然 ...

  6. [C++]线性链表之单链表

    [文档整理系列] 线性链表之单链表 /* 问题描述:线性表____链表_____单链表 @date 2017-3-7 */ #include<iostream> using namespa ...

  7. ansible学习笔记二

    Ad-Hoc命令: 所谓Ad-Hoc,简而言之是"临时命令",英文中作为形容词有"特别的,临时"的含义.Ad-Hoc只是官方对Ansible命令的一种称谓. 从 ...

  8. 2017CCPC秦皇岛 G题Numbers&&ZOJ3987【大数】

    题意: 给出一个数n,现在要将它分为m个数,这m个数相加起来必须等于n,并且要使得这m个数的或值最小. 思路: 从二进制的角度分析,如果这m个数中有一个数某一位为1,那么最后或起来这一位肯定是为1的, ...

  9. steps/train_lda_mllt.sh

    LDA+MLLT指的是在计算MFCC后对特征进行的变换:首先对特征进行扩帧,使用LDA降维(默认降低到40),然后经过多次迭代轮数估计一个对角变换(又称为MLLT或CTC) .详见 http://ka ...

  10. 集成JUnit测试错误java.lang.IllegalStateException: Failed to load ApplicationContext

    1 详细错误信息 java.lang.IllegalStateException: Failed to load ApplicationContext at org.springframework.t ...