linux下跳板机跟客户端之间无密码登陆
创建证书:
[root@lnmp src]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #这里设入密码123456
Enter same passphrase again: #再次输入密码123456
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
:e2::f5::::d1:::::e1::bd:c5 root@lnmp
The key's randomart image is:
+--[ RSA ]----+
| .+**. |
| +ooo+. |
| o.= E |
| = * o . |
| o o o S |
| . o |
| |
| |
| |
+-----------------+
这一步里,系统将自动生成一个公钥(public key)并保存在/home/root/.ssh/id_rsa.pub这个文件里。
[root@lnmp src]# ls /root/.ssh/id_rsa.pub
/root/.ssh/id_rsa.pub
看一下里面的内容:
[root@lnmp src]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== root@lnmp
我们把公钥(public key)复制到远程机器上面去:
[root@lnmp src]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.12
The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
RSA key fingerprint is 5e:5b:d3::cd::::a1::f2:ed:9c:ac::.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.
root@192.168.1.12's password: #输入192.168.1.12的登录密码
Now try logging into the machine, with "ssh 'root@192.168.1.12'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
注意ssh-copy-id将key写到远程机器的~/.ssh/authorized_key文件中:
[root@ok ~]# ls ~/.ssh/authorized_keys
/root/.ssh/authorized_keys
[root@ok ~]# cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== root@lnmp
登录远程机器192.168.1.12就不需要密码了。
[root@lnmp src]# ssh 192.168.1.12
Enter passphrase for key '/root/.ssh/id_rsa': #输入刚才生成公钥的时候,设的密码123456如果当时没设的话就是空!!!
Last login: Sun Sep :: from 192.168.1.103
=============================================================================
上面的测试还没真正实现无密码登录,下面从新做一边:
删除上面生成的公钥和远程机上的私钥:
root@lnmp .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@lnmp .ssh]# rm id_rsa
rm: remove regular file `id_rsa'? y
删除远程机上的私钥:
[root@ok .ssh]# ls
authorized_keys known_hosts known_hosts.bak
[root@ok .ssh]# rm authorized_keys
rm: remove regular file `authorized_keys'? y
重新生成公钥:
[root@lnmp .ssh]# rm id_rsa
rm: remove regular file `id_rsa'? y
[root@lnmp .ssh]# cd
[root@lnmp ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): #这里是空的话,就真正实现了,无需输入密码,登录远程主机
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c9:fe::6a:7c:e1:2a:ba:aa:6e:2c:f0:ee::7d:af root@lnmp
The key's randomart image is:
+--[ RSA ]----+
| |
| |
| |
| . . |
| S |
|. . . |
|o+ ...o. |
|oo+ . . o=o |
|==++E=.ooo. |
+-----------------+
[root@lnmp ~]# ls ~/.ssh/
id_rsa id_rsa.pub known_hosts
[root@lnmp ~]# ls ~/.ssh/id_rsa
/root/.ssh/id_rsa
[root@lnmp ~]# cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vt
gPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspU
Ir5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJ
I2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+Lh
C6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/U
MduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQIBIwKCAQBr8lzU9JeTA/4bRS1m
/5okO0DbGtnOJqc6DLCArrs1V9I9bykov9VKHDHLIk5fAncmw/+T8bE7nOqgOj8I
g8sCMny7aImQDlXxD9EYDk/7GS/g1DxNYAlGvDBMfTHkLAt1vhlqAoWPAvxzAAvz
Po4x9cowDxaBOvix1omSYwe3O2xBQ9c7W4RXMdArzFQluC16gqtjt7DZnloNSbex
gXDAsKCn62NFuiUTRz2+3B5j4/ryE7vljmZbx482yAsVMAg9ZpvfRfoFqafJ9+IG
YUySna/hD5SfZJPd3W4anmuLsRqUiA7RTv9OEvddVYDFn5yL0uo53qoYuLwicxQr
+qwLAoGBAPm2cvvsKXXl8S2jL0AXMJ27lHmgeVhcOwYW0d0Iw5wRkUt2UNcj3fqd
OLjb5Ee8ZQbFPMqAUOHexgaTziPZ4kYTqckVUymLM3nX+rcDjdzHb6P+UGyrZdB9
kYQ7O6VZz2egnHY93zYCt4+Ooy6XipCWjtr9C32OjEzUppd5lAHZAoGBAMvbHBGT
/TRa3xmYCzKHRPKUPz7jNngZ2F9nh8FOdXJ3SU4ancG/RXfLYhjuZzmQrDLpjzWu
lrA9l8Ey/EJEJtFbk9JqdGUi+rYhjNIsp/plEzycDGYcvcD/tGy7auoWycv9+0Ko
T901vXAEuq4t+XDUYz+Z552atbmoISo/XG6xAoGBAORPCgrmjE6JFwUne6hPt2uk
L/osUa/fS+hPYMoWpDbrfYbSkw3XpmF5zXXQW69NKSrC9cB1UUOJ2Z+dFD4JCWSk
Q3YE3lHeWvMOnBUKkFTTmUV6zTAnrYtrfbq50CImOfhYVIldI9mcFYqRCjk6GEmu
OXfCyK1PITBNZRzG7biLAoGAaNcVv+W1a2HvFHoUYyD+4yerf22JuhvrnseHpT5L
B6sPwcSLpXhPnLG9a+hSWB6EcfR1iVJ5YfPKY1wMtF2QTmmcetepkxlNvMDMFFF6
9c2U3VeRWRYYceKXTdy6pEY75UDKXMuWyYlaHFo0HxBUZemSILWNDzmfSYmqqANU
G6sCgYAr/Fom3TlFZ9RzYtMLVYeS0U0OZ7Lerrv/3hOtXgEc7frp3MFPEdCwvVI2
zSDPMx7Ts44OalQdIbDi9tdJJeCLCWY3TvLoi1O0blPhwi+uKwtDsPACfIZ+3MLi
zCUhHxkwjKxrvI6BmYPzOAazob10HWfLhppKtotiwH3BfudICg==
-----END RSA PRIVATE KEY-----
用ssh-copy-id将公钥复制到远程机器中:
[root@lnmp ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.12
root@192.168.1.12's password:
Now try logging into the machine, with "ssh 'root@192.168.1.12'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
查看远程主机上生成的私钥:
[root@ok ~]# cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vtgPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspUIr5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJI2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+LhC6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/UMduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQ== root@lnmp
成功实现无密码登录:
[root@lnmp ~]# ssh 192.168.1.12
Last login: Sun Sep :: from 192.168.1.105
特别注意一定要把私钥保管好,如果被其它的服务器得到,那么这台得到你的私钥的服务器将可以无密码豋录所有认证过的服务器!!!!!
linux下跳板机跟客户端之间无密码登陆的更多相关文章
- [fw]linux 下如何查看和踢除正在登陆的其它用户
linux 下如何查看和踢除正在登陆的其它用户 Posted on 2011/09/01 如何在linux下查看当前登录的用户,并且踢掉你认为应该踢掉的用户?请使用who这个命令来查看当前正在登录 ...
- 使用rsync在linux(服务端)与windows(客户端)之间同步
说明: 1.RsyncServer服务端 系统:CentOS 6.8 IP地址:192.168.247.141 2.Rsync客户端 系统:Windows10 实现目的: Rsync客户端同步服务端/ ...
- c++ 网络编程(一)TCP/UDP windows/linux 下入门级socket通信 客户端与服务端交互代码
原文作者:aircraft 原文地址:https://www.cnblogs.com/DOMLX/p/9601511.html c++ 网络编程(一)TCP/UDP 入门级客户端与服务端交互代码 网 ...
- linux Jumpserver跳板机 /堡垒机详细部署
关于跳板机/堡垒机的介绍: 跳板机的定义: 跳板机就是一台服务器,开发或运维人员在维护过程中首先要统一登录到这台服务器,然后再登录到目标设备进行维护和操作: 跳板机缺点: 没有实现对运维人员操作行为的 ...
- Linux下多进程服务端客户端模型一(单进程与多进程模型)
本文将会简单介绍Linux下如何利用C库函数与系统调用编写一个完整的.初级可用的C-S模型. 一.基本模型: 1.1 首先服务器调用socket()函数建立一个套接字,然后bind()端口,开始l ...
- linux 下如何查看和踢除正在登陆的其它用户 ==>Linux下用于查看系统当前登录用户信息的4种方法
在linux系统中用pkill命令踢出在线登录用户 由于linux服务器允许多用户登录,公司很多人知道密码,工作造成一定的障碍 所以需要有时踢出指定的用户 1/#who 查出当前有那些终端登录(用 ...
- [Linux]Linux下rsync服务器和客户端配置
一.rsync简介 Rsync(remote sync)是UNIX及类UNIX平台下一款神奇的数据镜像备份软件,它不像FTP或其他文件传输服务那样需要进行全备份,Rsync可以根据数据的变化进行差异( ...
- linux下rsync+inotify实现服务器之间文件实时同步
先介绍一下rsync与inotify. 1.rsync 与传统的cp.tar备份方式相比,rsync具有安全性高.备份迅速.支持增量备份等优点,通过rsync可以解决对实时性要求不高的数据备份需求,例 ...
- android在linux下刷机
只需要下载相应的zip包,不需装什么手机助手. 1.下载相应zip包(ROM) http://download.mokeedev.com/ 比如我在上述网站下的魔趣的对应机型的ROM包. 2.linu ...
随机推荐
- 【干货】Laravel --Validate (表单验证) 使用实例
前言 : Laravel 提供了多种方法来验证应用输入数据.默认情况下,Laravel 的控制器基类使用ValidatesRequests trait,该trait提供了便利的方法通过各种功能强大的验 ...
- 轻量级应用开发之(07) UIPickerView使用
#import "ViewController.h" @interface ViewController ()<UIPickerViewDataSource,UIPicker ...
- TIME_WAIT过多
Linux系统下,TCP/IP连接断开后,会以TIME_WAIT状态保留一定的时间,然后才会释放端口.当并发请求过多的时候,就会产生大量的 TIME_WAIT状态的连接,无法及时断开的话,会占用大量的 ...
- jquery uploadify 使用
/*进度条框*/ .shangchuantishikuang { border: 7px solid #74A5BF; background-color: white; font-size: 14px ...
- VS2013 EMMET插件学习
在VS2013中搜索EMMET插件,安装,重启IDE,即可使用. 最简单的一个用法示例: 在编辑器里输入:ul>li*5 按快捷键:CTRL+1 即可生成如下代码: <ul> < ...
- 爬虫的自我解剖(抓取网页HtmlUnit)
网络爬虫第一个要面临的问题,就是如何抓取网页,抓取其实很容易,没你想的那么复杂,一个开源`HtmlUnit`包,4行代码就OK啦,例子如下: final WebClient webClient=new ...
- Log4j使用教程 log4:WARN No appenders could be found for logger (org.springframework.web.context.ContextLoader).
1.Logger类 通过Logger类的静态方法Logger.getRootLogger得到RootLogger.所有其他的loggers是通过静态方法Logger.getLogger来实例化并获取的 ...
- matlab怎么定义一个数组
A=[];n=input('n=');%数组的长度for i=1:n fprintf('a%.0f=',i); x=input('');%分别输入各个数的值 A=[A,x];endA就可以得到长度为n ...
- cocos2dx新研发的游戏,手机运行时非常热的解决方案
cocos2dx新研发的游戏,手机运行时非常热,有需要的朋友可以参考下. cocos2dx新研发的游戏,手机上运行时导致手机非常热,后来听其他项目组分享时得知,可以通过降帧解决这个问题,原来是coco ...
- Server Application Unavailable出现的原因及解决方案集锦
iis ServerAppl 共存 应用程序池 站点 在Asp.net站点中经常出现这种提示 Server Application Unavailable The web application y ...