ssh免密码登录配置
生成秘钥对
[root@localhost ~]# ssh-keygen Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:D0kugFN+1mryj+fpOrQ5vzZSsLr/jKnTmm26fJvqb7g root@localhost.localdomain
The key"s randomart image is:
+---[RSA 2048]----+
| . |
| + . |
| o o o o |
| . +.+ . |
| . +oS |
| +o..o |
| =.+ . |
| .+o@B+. |
| .E/@&Xo |
+----[SHA256]-----+
[root@localhost ~]# ll -d .ssh/
drwx------. 2 root root 80 Jan 5 04:37 .ssh/
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ll -h
total 16K
-rw-r--r--. 1 root root 398 Nov 15 10:07 authorized_keys
-rw-------. 1 root root 1.7K Jan 5 04:37 id_rsa
-rw-r--r--. 1 root root 408 Jan 5 04:37 id_rsa.pub
-rw-r--r--. 1 root root 346 Jan 2 18:40 known_hosts
使用 ssh-copy-id 分发秘钥
[root@localhost ~]# ssh-copy-id root@192.168.32.21/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.32.21"s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh "root@192.168.32.21""
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh root@192.168.32.21
Last login: Fri Jan 5 04:00:03 2018 from 192.168.32.1
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.32.21 netmask 255.255.255.0 broadcast 192.168.32.255
inet6 fe80::b224:e68a:47a:de56 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:f0:c4:2d txqueuelen 1000 (Ethernet)
RX packets 8929 bytes 750149 (732.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8240 bytes 691005 (674.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 20 bytes 1720 (1.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 20 bytes 1720 (1.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUf5wmYf6nM2d5WiZ5yzBtKx6zGEVmp0kUfZq4lnA3dO5j1JE1vZofJSA8qePI8s9iiMv9nql5ldNgqqjuaLhvlukXuKbK0egPgIJC8nZKB9SKOE4S/x7XdTEMgNZEjGXG9mkRdbHtrU2yNsDlsapwm3EUbmURh6NnVdyAvkOc+M7MefG3KXDvtphny/qllxecGV1yYPLaAN3cB9OGiF1KtPUbFhWWATTd/HMB5XXa9+nuzv7570gv6N8tx6InOJSQ35qXHy7CAsZ9CC3KQXuM7K402WzgEnoBIZJFoAws49LE9smQDZo4S9nbfvFY9o4dFXRhADCW1I35T0Q0WGwJ sunjinri@163.com
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD8DQqA+vVit0OwMXB2VLiwjjo2Scj7qWeWlEB+qWHYuk+K6WN8frI/HRW0TRe89fq3V/4HmE6KvG03r1r9Cd72Q16hi7wPlhnt3qS1WRGafQJXxbHZB2FJinhwIkDkBKnE1NNwbDlnyVxvUINKILbTrkwI3mu4GjZ9uLEQ+lQlSUEWCn9rNw3DNmIRMishNFz7bHFm//I71fdPFP0tx/ldLZ0A4qGuAfftv4VF2KtzLnqqkiqzSvHXhjt5x+I17FskLBRlr6tg4ha3SVSHSlg7t0jyKs0bAGS2+8j0mp6F95E1HPhvNsGOeIihFDs06e+oeUM+BpthBaCvAt648bv5 root@localhost.localdomain
[root@localhost ~]# exit
logout
Connection to 192.168.32.21 closed.
注意
1. 免密码登录时单向的2. 秘钥是基于用户的,只对指定的用户生效
3. 批量分发秘钥的时候,每次都要输入密码,可以使用 expect 命令处理
以上是 ssh免密码登录配置 的全部内容, 来源链接: utcz.com/z/512011.html