Linux SSH实现无密码远程登录

 

一、      SSH无密码远程登录原理

二、      SSH实现无密码远程登录

实现主机A 无密码远程登录主机B

主机A   IP地址：10.8.9.154

主机B   IP地址：10.8.9.155

1、  主机A操作如下：

[root@cloucentos6 .ssh]# pwd                                              #一般SSH生成公钥和私密会在.ssh目录下，如果没有此目录可以手动创建

/root/.ssh

[root@cloucentos6 .ssh]# ls                                                  #一般.ssh目录会存在一个文件known_hosts，此文件主要记录本地SSH远程登录过哪些主机

known_hosts

[root@cloucentos6 .ssh]# ssh-keygen  -t  rsa  -P  ''             #执行ssh-keygen生成公钥和私钥，-P表示密码，’’ 表示空密码，也可以不使用 –P 参数，这样就要按三次回车，用 -P就输入一次回车

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):             #按一次回车键即可

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

9c:f5:83:54:fd:da:6b:1a:9b:e3:d8:cf:ca:c9:b3:b4 root@cloucentos6.0

The key's randomart image is:

+--[ RSA 2048]----+

|            ..   |

|           .  .  |

|          o    . |

|       . + o    .|

|        S . o  o |

|             .. .|

|             o  .|

|            *oBo |

|           ..EOo |

+-----------------+

[root@cloucentos6 .ssh]# ls            # id_rsa（私钥）   id_rsa.pub （公钥）

id_rsa  id_rsa.pub  known_hosts

[root@cloucentos6 .ssh]# scp /root/.ssh/id_rsa.pub root@10.8.9.155:/root/.ssh/authorized_keys  #把主机A /root/.ssh/id_rsa.pub 公钥复制到主机B /root/.ssh/authorized_keys文件里(要确认主机B已经创建好/root/.ssh目录)，由于还没有免密码登录，所以要输入一次B主机的root密码

root@10.8.9.155's password:      #输入主机B的密码

id_rsa.pub                                                             100%  400     0.4KB/s   00:00

注意：主机B 目录/root/.ssh/authorized_keys文件需要具有读写权限，否则会提示远程失败

[root@ssticentos65 .ssh]# ls -l authorized_keys

-rw-r--r-- 1 root root 400 Jun  5 11:47 authorized_keys

现在主机A可以实现SSH无密码远程登录主机B （如果第一次登录需要输入 yes）

[root@cloucentos6 .ssh]# ssh root@10.8.9.155 'chmod 600 /root/.ssh/authorized_keys ; ls -l /root/.ssh/authorized_keys'  #执行SSH远程主机B修改authorized_keys文件权限

-rw-------. 1 root root 400 1月   6 02:02 /root/.ssh/authorized_keys

特殊问题：

问题1：如果执行scp或ssh命令远程连接特殊慢才显示出输入密码提示还提示错误信息

[root@cloucentos6 .ssh]# scp /root/.ssh/id_rsa.pub root@10.8.9.155:/root/.ssh/authorized_keys                      #执行scp命令远程复制会出现连接缓慢并且还有警告

The authenticity of host '10.8.9.155 (10.8.9.155)' can't be established.

RSA key fingerprint is b6:a2:4d:65:af:cf:19:97:99:ff:1e:99:5f:ec:1b:7a.

Are you sure you want to continue connecting (yes/no)? yes                                                                                          #第一次登录，所以需要输入 yes

Warning: Permanently added '10.8.9.155' (RSA) to the list of known hosts.

解决办法：修改SSH配置文件/etc/ssh/ssh_config，手动添加GSSAPIAuthentication no

[root@cloucentos6 .ssh]#vim /etc/ssh/ssh_config

GSSAPIAuthentication no

[root@cloucentos6 .ssh]# scp /root/.ssh/id_rsa.pub root@10.8.9.155:/root/.ssh/authorized_keys

root@10.8.9.155's password:

问题2：/root目录下没有发现.ssh目录

linux-3ghc:~ # ls  -a
. .bash_history .esd_auth .viminfo Downloads Templates dead.letter
.. .cache .gnupg .xsession-errors-:0 Music Videos inst-sys
.ICEauthority .config .local Desktop Pictures autoinst.xml
.Xauthority .dbus .rnd Documents Public bin

解决办法：因为系统没有使用ssh登录过，所以，ssh是没有记录到你的用户密码信息，只需要执行下列命令就可以生成.ssh目录

linux-3ghc:~ # ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is c2:ec:5d:98:45:b4:71:3c:c3:dd:5d:95:7d:20:dc:2f [MD5].
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
Password:
Last login: Wed Feb 13 15:53:38 2019 from 10.8.9.11
linux-3ghc:~ # ls -a /root/
. .Xauthority .config .gnupg .ssh Desktop Music Templates bin
.. .bash_history .dbus .local .viminfo Documents Pictures Videos dead.letter
.ICEauthority .cache .esd_auth .rnd .xsession-errors-:0 Downloads Public autoinst.xml inst-sys