默认公钥文件/root/.ssh/id_rsa.pub
默认私钥文件/root/.ssh/id_rsa
默认私钥文件/root/.ssh/id_rsa
只有将公钥文件文件拷到其他的服务器上才能登录别的服务器。
服务器A 192.168.1.133
[root@master .ssh]# ssh-keygen -t rsa #生成密匙 主
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
79:ee:ed:03:6f:68:d6:ad:b1:3a:05:2c:5b:19:2f:fc root@master
[root@master .ssh]# scp id_rsa.pub 192.168.1.131:/root/.ssh/192.168.1.133 #将公匙拷贝到B服务器 主
The authenticity of host '192.168.1.131 (192.168.1.131)' can't be established.
RSA key fingerprint is e1:b8:f2:e0:f8:74:08:98:b6:63:ea:66:04:ae:60:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.131' (RSA) to the list of known hosts.
root@192.168.1.131's password:
id_rsa.pub 100% 393 0.4KB/s 00:00
You have new mail in /var/spool/mail/root
[root@master .ssh]# cat 192.168.1.133 >> authorized_keys #将公匙添加到文件authorized_keys文件中。 192.168.1.131上运行 从
You have new mail in /var/spool/mail/root
[root@master .ssh]# ls
192.168.1.131 authorized_keys id_rsa id_rsa.pub known_hosts
[root@master .ssh]# ssh root@192.168.1.131 date #测试 192.168.1.133上运行 主
2013年 04月 09日 星期二 10:15:31 CST
[root@master .ssh]#
注:运行测试成功后可以将复制到192.168.1.131 上的192.168.1.133删除
//一定要关闭selinux
setenforce 0
sed -i 's/enforcing/disabled/g' /etc/selinux/config
四、SSH无密码验证的原理:
Master作为客户端,要实现无密码公钥认证,连接到服务器Salve上时,需要在Master上生成一个密钥对,包括一个公钥和一个私钥,而后将公钥复制到所有的Salve上。当Master通过SSH链接到Salve上时,Salve会生成一个随机数并用Master的公钥对随机数进行加密,并发送给Master。Master收到加密数之后再用私钥解密,并将解密数回传给Salve,Salve确认解密数无误之后就允许Master进行连接了。这就是一个公钥认证过程,期间不需要手工输入密码,重要的过程是将Master上产生的公钥复制到Salve上。
