SSH实现免密登陆

SSH实现免密登陆配置

ssh实现免密码登录的配置过程，主要分为以下几个步骤：

• serverA生成密钥，包括私钥和公钥
• serverA将公钥传到serverB上
• serverA上配置serverB登陆的相关参数

serverA使用admin用户创建密钥

[root@serverA ~]# useradd admin
[root@serverA ~]# echo '123456' | passwd --stdin admin
Changing password for user admin.
passwd: all authentication tokens updated successfully.
[root@serverA ~]# su - admin
[admin@serverA ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):      //直接回车
Created directory '/home/admin/.ssh'.
Enter passphrase (empty for no passphrase):     //直接回车
Enter same passphrase again:          //直接回车
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QrWAlLwUL0UNG/VYp5sH8/1R90iXb6aXr1OIege7dHQ admin@serverA
The key's randomart image is:
+---[RSA 3072]----+
|   oo=*+o . .    |
|    =o =.= o    .|
|   ...+ o =   ..+|
|    .o     * o o=|
|      . S o o.+oE|
|       .   .o..*+|
|           ..oooo|
|          ..o.o..|
|           ..o.o.|
+----[SHA256]-----+
[admin@serverA ~]$ ls ./.ssh/
id_rsa  id_rsa.pub

在serverB上创建Centos用户

[root@serverB ~]# useradd Centos
[root@serverB ~]# echo "123456" | passwd --stdin Centos
Changing password for user Centos.
passwd: all authentication tokens updated successfully.
[root@serverB ~]# su - Centos
[Centos@serverB ~]$

将serverA上的公钥传到以Centos用户身份登录的serverB上

[admin@serverA ~]$ ssh-copy-id Centos@192.168.121.11
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/admin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Centos@192.168.121.11's password:       //输入Centos用户的密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'Centos@192.168.121.11'"
and check to make sure that only the key(s) you wanted were added.

用Centos用户身份登陆serverB，查看传输的公钥

[Centos@serverB ~]$ ls .ssh/
authorized_keys
[Centos@serverB ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ5RO52kT73h9B9P1ttUQSfF5eVR+sJ7JG/XTmdtYDKM5Tmb9djUVMrzfzjRAcX8hdBRzcZqXVtg7VozVuJefsewmk+eu4dXTZfr0BbeaWuIj8lQRx9mMcqQSXfi41OZnYOKYfM/GQIGVWm99wP2JJwM6CUgoLZyxOVibnScTjoJNbW0I35BxuWg3MzVLImW8DxSl8USlN1RjBM6BaxGLSn1VpjPpyiolUDwGtOfCqF6iKOhhqRBiH8RiOsxEvZ+z5wwYT3uy/OvistRH+ur/3knplajON5H3ds9+9jQkNxk2w6fJv2bSMrKsOGsv6txeQoRw066LkdHRVuc4bjT4ZOCp7FZVAq4A9xWK51/lrbMWL2E7tt+JNsCR0NhJWLE28bzsdXP6/jo+VGxjtlMiLMkTq2h77eYDTlnZ0QS86OsD1yRBEsbIsLBTuMZXY3wSq67cGduUnc99Kye0EdYgam5PcSMBq86YIIq8eehg18QnVJo2yl8Q4pNLmEcqrXJM= admin@serverA

测试在serverA上用Centos用户登陆serverB

[admin@serverA ~]$ ssh Centos@192.168.121.11
Last login: Mon Dec 14 21:42:15 2020
[Centos@serverB ~]$

在serverA上修改登陆serverB相关参数，简化快速登陆serverB

首先在~/.ssh/目录下创建config文件

[admin@serverA ~]$ cd ~/.ssh/
[admin@serverA .ssh]$ touch config
[admin@serverA .ssh]$ ls
config  id_rsa  id_rsa.pub  known_hosts

config文件的配置内容如下：

[admin@serverA .ssh]$ vim config
[admin@serverA .ssh]$ cat config
Host serverB
Hostname 192.168.121.11
Port 22
User Centos

• Host为服务器的名称，输入登录命令时使用，登录只需要用serverB即可
• Hostname为服务器的ip地址
• Port为ssh的端口
• User为服务器的用户名

配置好相关参数之后，需要给config修改权限，否则会报错

[admin@serverA ~]$ ssh serverB
Bad owner or permissions on /home/admin/.ssh/config        //权限没修改就会登录报错
[admin@serverA ~]$ ll ~/.ssh/config
-rw-rw-r--. 1 admin admin 57 Dec 14 14:01 /home/admin/.ssh/config
[admin@serverA ~]$ chmod 600 ~/.ssh/config
[admin@serverA ~]$ ll ~/.ssh/config
-rw-------. 1 admin admin 57 Dec 14 14:01 /home/admin/.ssh/config

最后就可以简化登陆serverB了

[admin@serverA ~]$ ssh serverB
Last login: Mon Dec 14 21:57:35 2020 from 192.168.121.10
[Centos@serverB ~]$ hostname
serverB
[Centos@serverB ~]$