Linux间ssh免密登录
目标
实现服务器A的ssh免密登录服务器B;
一、准备
- 服务器A(10.102.2.120):
[root@v75535 ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)- 服务器B(10.102.2.121):
[root@v-172 ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core) 二、生成秘钥
- 在服务器A上执行,一路回车即可。
[root@v75535 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:I7dosZwQryomnZkwJnJZIpbY8PaL8IlYAkl7PXElrtk root@v75535.kvm.u37210
The key's randomart image is:
+---[RSA 2048]----+
| ... |
|.. .... |
|o=o o o. |
|=+=..=+ |
|oo.=.o=ES |
|B.+ .+ B o |
|=@ *..* . |
|=.O... |
|o.. |
+----[SHA256]-----+- 检查秘钥是否生成
[root@v75535 ~]# ll ~/.ssh/
total 8
-rw------- 1 root root 1675 Jun 13 16:42 id_rsa
-rw-r--r-- 1 root root 404 Jun 13 16:42 id_rsa.pub看到上述两个文件即证明秘钥生成成功,其中id_rsa为私钥,id_rsa.pub为公钥;
三、公钥分发
- 将服务器A的公钥复制到服务器B,在服务器A上执行
[root@v75535 ~]# ssh-copy-id root@10.102.2.121
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '[10.102.2.121]:22 ([10.102.2.121]:22)' can't be established.
ECDSA key fingerprint is SHA256:P2n0AoNotnR9bZjUiADzdPKwUQtVYzYR1i9sDpCBhn4.
ECDSA key fingerprint is MD5:05:c1:34:1e:76:fe:de:8d:06:2f:03:8a:4c:73:57:c3.
Are you sure you want to continue connecting (yes/no)? 输入yes后回车;
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.102.2.121's password: 输入服务器B的root密码后回车;
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.102.2.121'"
and check to make sure that only the key(s) you wanted were added.- 检查公钥分发是否成功,在服务器B上执行
[root@v-67-219 ~]# cat ~/.ssh/authorized_keys
ssh-rsa AAAB3NzaC1yc2EAAAAAQABAAABAQDQFaAIrNB5z50m1HQBIamA51xI56/5qnjP+19MBte+ckQpEKkLpbqI8KazD9fjlpviGHlqabByJnhI8I9lQTqGKHLvYGciw4j3e6R+m17y+pXYDt8o5Hd0XlIGwArCsZ8m317PXkG54lnuJpb3VATbJcvUceRPsQQEgjP1NpzpkMOUAdHRtiBtjIJv8NPSTtPebYn4FL+faF7XvRtC21eOcYQ43y0Owj7/WII1DZckNJXRovsNaYGPooM3emua1mcRqYfW17pduSWttst7OFZ+ge0mx3oM3JIfCDKtuFvXZwHNYnDwwtQbN5UNGJ3EWIDRAJnABG0N root@v75535看到结尾有服务器A的hostname即代表分发成功
三、服务器A免密登录服务器B
- 在服务器A上执行
[root@v75535 ~]# ssh root@10.102.2.121
Last login: Thu Jun 13 16:48:38 2019 from 10.103.9.200
[root@v-67-219 ~]# 看见上述信息,表示登录成功
附:
- ssh端口非22会有如下报错
[root@v75535 ~]# ssh-copy-id root@10.102.2.121
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 10.102.2.121 port 22: Connection refused- 解决办法:
[root@v75535 ~]# ssh-copy-id -p 29540 root@10.102.2.121