首先,说明一下我们要做的是,servera 服务器的 usera 用户免密码登录 serverb 服务器的 userb用户。
我们先使用usera 登录 servera 服务器
[root@servera ~]# su - usera [usera@servera ~]$ pwd /home/usera
然后在servera上生成密钥对
[usera@servera ~]$ ssh-keygen -t rsa generating public/private rsa key pair. enter file in which to save the key (/home/usera/.ssh/id_rsa): created directory '/home/usera/.ssh'. enter passphrase (empty for no passphrase): enter same passphrase again: your identification has been saved in /home/usera/.ssh/id_rsa. your public key has been saved in /home/usera/.ssh/id_rsa.pub. the key fingerprint is: 39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@servera the key's randomart image is: +--[ rsa 2048]----+ | eo* | | @ . | | = * | | o o . | | . s . | | + . . | | + . .| | + . o . | | .o= o. | +-----------------+
此时会在/home/usera/.ssh目录下生成密钥对
[usera@servera ~]$ ls -la .ssh 总用量 16 drwx------ 2 usera usera 4096 8月 24 09:22 . drwxrwx--- 12 usera usera 4096 8月 24 09:22 .. -rw------- 1 usera usera 1675 8月 24 09:22 id_rsa -rw-r--r-- 1 usera usera 399 8月 24 09:22 id_rsa.pub
然后将公钥上传到serverb 服务器的,并以userb用户登录
[usera@portalweb1 ~]$ ssh-copy-id userb@10.124.84.20 the authenticity of host '10.124.84.20 (10.124.84.20)' can't be established. rsa key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf. are you sure you want to continue connecting (yes/no)? yes warning: permanently added '10.124.84.20' (rsa) to the list of known hosts. userb@10.124.84.29's password: now try logging into the machine, with "ssh 'userb@10.124.84.20'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
这个时候usera的公钥文件内容会追加写入到userb的 .ssh/authorized_keys 文件中
[usera@servera ~]$ cat .ssh/id_rsa.pub ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqea2dpxfvifkpswsbuspcuwred/mftwpdeerhlwaxnixgixlvhus9qnavepzocvpbzwhade88klpkr5xev6m5rschxxmxj1ie5vblrrs0ndjf8ajclqptdguyerplybonrfftqgxac/ximmbyhecti0vnujlvet0pprj7bqmmxr/2lnlhifxkzcxgzzqhgqybqqk/rqweuyaiumvuim8ssk/rdg8hl/n0exjh9jv8h17od4htnfkv5+zrfbki5vfsetffn49q4xa7sb9o7z6scvrhjcmw3gbzzgyupsj0wkqdtw2un0nh4ugqo7jfyilrvztwim7p6ygsi7vma/vrp0aw== usera@servera
查看serverb服务器userb用户下的 ~/.ssh/authorized_keys文件,内容是一样的,此处我就不粘贴图片了。
[userb@serverb ~]$ cat .ssh/authorized_keys ssh-rsa aaaab3nzac1yc2eaaaabiwaaaqea2dpxfvifkpswsbuspcuwred/mftwpdeerhlwaxnixgixlvhus9qnavepzocvpbzwhade88klpkr5xev6m5rschxxmxj1ie5vblrrs0ndjf8ajclqptdguyerplybonrfftqgxac/ximmbyhecti0vnujlvet0pprj7bqmmxr/2lnlhifxkzcxgzzqhgqybqqk/rqweuyaiumvuim8ssk/rdg8hl/n0exjh9jv8h17od4htnfkv5+zrfbki5vfsetffn49q4xa7sb9o7z6scvrhjcmw3gbzzgyupsj0wkqdtw2un0nh4ugqo7jfyilrvztwim7p6ygsi7vma/vrp0aw== usera@servera
另外我们要注意,.ssh目录的权限为700,其下文件authorized_keys和私钥的权限为600。否则会因为权限问题导致无法免密码登录。我们可以看到登陆后会有known_hosts文件生成。
[useb@serverb ~]$ ls -la .ssh total 24 drwx------. 2 useb useb 4096 jul 27 16:13 . drwx------. 35 useb useb 4096 aug 24 09:18 .. -rw------- 1 useb useb 796 aug 24 09:24 authorized_keys -rw------- 1 useb useb 1675 jul 27 16:09 id_rsa -rw-r--r-- 1 useb useb 397 jul 27 16:09 id_rsa.pub -rw-r--r-- 1 useb useb 1183 aug 11 13:57 known_hosts
这样做完之后我们就可以免密码登录了
[usera@servera ~]$ ssh userb@10.124.84.20
另外,将公钥拷贝到服务器的~/.ssh/authorized_keys文件中方法有如下几种:
1、将公钥通过scp拷贝到服务器上,然后追加到~/.ssh/authorized_keys文件中,这种方式比较麻烦。scp -p 22 ~/.ssh/id_rsa.pub user@host:~/。
2、通过ssh-copy-id程序,就是我演示的方法,ssh-copyid user@host即可
3、可以通过cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host ‘cat >> ~/.ssh/authorized_keys',这个也是比较常用的方法,因为可以更改端口号。
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持移动技术网。
如对本文有疑问, 点击进行留言回复!!
我要评论
网友评论