linux下跳板机跟客户端之间无密码登陆
创建证书:
[root@lnmp src]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): #这里设入密码123456 Enter same passphrase again: #再次输入密码123456 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 90:e2:92:f5:73:09:46:d1:30:74:98:68:e1:38:bd:c5 root@lnmp The key's randomart image is: +--[ RSA 2048]----+ | .+**. | | +ooo+. | | o.= E | | = * o . | | o o o S | | . o | | | | | | | +-----------------+
这一步里,系统将自动生成一个公钥(public key)并保存在/home/root/.ssh/id_rsa.pub这个文件里。
[root@lnmp src]# ls /root/.ssh/id_rsa.pub
/root/.ssh/id_rsa.pub
看一下里面的内容:
[root@lnmp src]# cat /root/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== root@lnmp
我们把公钥(public key)复制到远程机器上面去:
[root@lnmp src]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.12 The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established. RSA key fingerprint is 5e:5b:d3:54:cd:99:74:40:a1:45:f2:ed:9c:ac:97:57. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts. root@192.168.1.12's password: #输入192.168.1.12的登录密码 Now try logging into the machine, with "ssh 'root@192.168.1.12'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
注意ssh-copy-id将key写到远程机器的~/.ssh/authorized_key文件中:
[root@ok ~]# ls ~/.ssh/authorized_keys /root/.ssh/authorized_keys [root@ok ~]# cat ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== root@lnmp
登录远程机器192.168.1.12就不需要密码了。
[root@lnmp src]# ssh 192.168.1.12 Enter passphrase for key '/root/.ssh/id_rsa': #输入刚才生成公钥的时候,设的密码123456如果当时没设的话就是空!!! Last login: Sun Sep 11 16:32:41 2016 from 192.168.1.103
=============================================================================
上面的测试还没真正实现无密码登录,下面从新做一边:
删除上面生成的公钥和远程机上的私钥:
root@lnmp .ssh]# ls id_rsa id_rsa.pub known_hosts [root@lnmp .ssh]# rm id_rsa rm: remove regular file `id_rsa'? y 删除远程机上的私钥: [root@ok .ssh]# ls authorized_keys known_hosts known_hosts.bak [root@ok .ssh]# rm authorized_keys rm: remove regular file `authorized_keys'? y
重新生成公钥:
[root@lnmp .ssh]# rm id_rsa rm: remove regular file `id_rsa'? y [root@lnmp .ssh]# cd [root@lnmp ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): #这里是空的话,就真正实现了,无需输入密码,登录远程主机 Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c9:fe:64:6a:7c:e1:2a:ba:aa:6e:2c:f0:ee:83:7d:af root@lnmp The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | . . | | S | |. . . | |o+ ...o. | |oo+ . . o=o | |==++E=.ooo. | +-----------------+ [root@lnmp ~]# ls ~/.ssh/ id_rsa id_rsa.pub known_hosts [root@lnmp ~]# ls ~/.ssh/id_rsa /root/.ssh/id_rsa [root@lnmp ~]# cat ~/.ssh/id_rsa -----BEGIN RSA PRIVATE KEY----- MIIEoQIBAAKCAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vt gPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspU Ir5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJ I2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+Lh C6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/U MduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQIBIwKCAQBr8lzU9JeTA/4bRS1m /5okO0DbGtnOJqc6DLCArrs1V9I9bykov9VKHDHLIk5fAncmw/+T8bE7nOqgOj8I g8sCMny7aImQDlXxD9EYDk/7GS/g1DxNYAlGvDBMfTHkLAt1vhlqAoWPAvxzAAvz Po4x9cowDxaBOvix1omSYwe3O2xBQ9c7W4RXMdArzFQluC16gqtjt7DZnloNSbex gXDAsKCn62NFuiUTRz2+3B5j4/ryE7vljmZbx482yAsVMAg9ZpvfRfoFqafJ9+IG YUySna/hD5SfZJPd3W4anmuLsRqUiA7RTv9OEvddVYDFn5yL0uo53qoYuLwicxQr +qwLAoGBAPm2cvvsKXXl8S2jL0AXMJ27lHmgeVhcOwYW0d0Iw5wRkUt2UNcj3fqd OLjb5Ee8ZQbFPMqAUOHexgaTziPZ4kYTqckVUymLM3nX+rcDjdzHb6P+UGyrZdB9 kYQ7O6VZz2egnHY93zYCt4+Ooy6XipCWjtr9C32OjEzUppd5lAHZAoGBAMvbHBGT /TRa3xmYCzKHRPKUPz7jNngZ2F9nh8FOdXJ3SU4ancG/RXfLYhjuZzmQrDLpjzWu lrA9l8Ey/EJEJtFbk9JqdGUi+rYhjNIsp/plEzycDGYcvcD/tGy7auoWycv9+0Ko T901vXAEuq4t+XDUYz+Z552atbmoISo/XG6xAoGBAORPCgrmjE6JFwUne6hPt2uk L/osUa/fS+hPYMoWpDbrfYbSkw3XpmF5zXXQW69NKSrC9cB1UUOJ2Z+dFD4JCWSk Q3YE3lHeWvMOnBUKkFTTmUV6zTAnrYtrfbq50CImOfhYVIldI9mcFYqRCjk6GEmu OXfCyK1PITBNZRzG7biLAoGAaNcVv+W1a2HvFHoUYyD+4yerf22JuhvrnseHpT5L B6sPwcSLpXhPnLG9a+hSWB6EcfR1iVJ5YfPKY1wMtF2QTmmcetepkxlNvMDMFFF6 9c2U3VeRWRYYceKXTdy6pEY75UDKXMuWyYlaHFo0HxBUZemSILWNDzmfSYmqqANU G6sCgYAr/Fom3TlFZ9RzYtMLVYeS0U0OZ7Lerrv/3hOtXgEc7frp3MFPEdCwvVI2 zSDPMx7Ts44OalQdIbDi9tdJJeCLCWY3TvLoi1O0blPhwi+uKwtDsPACfIZ+3MLi zCUhHxkwjKxrvI6BmYPzOAazob10HWfLhppKtotiwH3BfudICg== -----END RSA PRIVATE KEY-----
用ssh-copy-id将公钥复制到远程机器中:
[root@lnmp ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.12 root@192.168.1.12's password: Now try logging into the machine, with "ssh 'root@192.168.1.12'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
查看远程主机上生成的私钥:
[root@ok ~]# cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vtgPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspUIr5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJI2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+LhC6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/UMduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQ== root@lnmp
成功实现无密码登录:
[root@lnmp ~]# ssh 192.168.1.12 Last login: Sun Sep 11 22:38:43 2016 from 192.168.1.105
特别注意一定要把私钥保管好,如果被其它的服务器得到,那么这台得到你的私钥的服务器将可以无密码豋录所有认证过的服务器!!!!!
联系方式QQ:326528263 EMAIL:clnking@163.com 网名:bass 分享技术 突破难点 创新思维