ssh 免密登录

  1. [root@localhost .ssh]# /usr/bin/ssh-keygen -t rsa

    Generating public/private rsa key pair.

    Enter file in which to save the key (/root/.ssh/id_rsa): 

    Enter passphrase (empty for no passphrase): 

    Enter same passphrase again: 

    Your identification has been saved in /root/.ssh/id_rsa.

    Your public key has been saved in /root/.ssh/id_rsa.pub.

    The key fingerprint is:

    30:f6:d7:2a:ac:56:eb:3f:fa:40:25:8d:90:96:68:cb 

    root@localhost.localdomain

    在主机/.ssh目录下生成密匙

    使用ssh的rsa密匙

    其中

    id_rsa 私匙

    id_rsa.pub 公匙

    下述命令产生不同类型的密钥

    ssh-keygen -t dsa 

    ssh-keygen -t rsa 

    ssh-keygen -t rsa1 

  2. [root@localhost .ssh]# scp /root/.ssh/id_rsa.pubroot@172.16.142.5:/root/.ssh/authorized_keys

    The authenticity of host '172.16.142.5 (172.16.142.5)' can't be established.

    RSA key fingerprint is 4b:a5:74:fb:2e:08:60:af:fa:76:d4:b0:26:4c:13:75.

    Are you sure you want to continue connecting (yes/no)? yes

    Warning: Permanently added '172.16.142.5' (RSA) to the list of known hosts.

    root@172.16.142.5's password:

    id_rsa.pub                                                                                        100% 236     0.2KB/s   00:00 

    说明:

    将公钥拷贝到远端主机,并写入授权列表文件

    你也可以把公钥文件拷贝过去后,在远端主机下直接执行

    touch /root/.ssh/authorized_keys

    cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

  3. 操作完毕,登陆检查。   

    [root@localhost .ssh]# ssh 172.16.142.5

    root@172.16.142.5's password:

    请注意此时如果仍提示输入密码,请检查如下文件夹和文件的操作权限,这是非常重要的, 否则ssh公钥认证体制不能正常工作:

    172.16.142.4(客户端)

    /home/root文件夹的权限是600

    /home/root/.ssh文件夹的权限是600 (好像这个权限关系不是很大)

    /home/root/.ssh/id_dsa私钥的权限600

    172.16.142.5(远端主机)

    /home/root文件夹的权限是644

    /home/root/.ssh文件夹的权限是644 (好像这个权限关系不是很大)

    /root/.ssh/authorized_keys公钥的权限644

  4. 4

    [root@localhost ~]# ssh 172.16.142.5

    Last login: Sat Dec 15 21:10:17 2007 from 172.16.142.4

    [root@localhost ~]# 

    无密码SSH登陆成功!

posted @ 2017-05-27 22:06  D_R_Y  阅读(394)  评论(0编辑  收藏  举报