BenjaminYang In solitude, where we are least alone

ssh登录服务器免密钥

我有三台Linux,IP分别为a:10.0.0.20/b:10.0.0.50/c:10.0.0.60/d:10.0.0.70

# a为本地主机  b c d为远程主机

#在a上生成密钥对(3次回车出现图案)
[root@manager scripts]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b6:23:13:46:a0:12:5c:9f:8a:21:90:f2:2c:d4:4e:ff root@manager
The key's randomart image is:
+--[ RSA 2048]----+
|+.o..            |
|++ +...          |
|=++ .o.          |
|o.=..o           |
| o .  + S        |
|     . E .       |
|      o o        |
|       o .       |
|                 |
+-----------------+

# 在a上分别执行远端服务器命令

[root@manager scripts]# ssh root@10.0.0.50 "mkdir .ssh; chmod 0700 .ssh" (未将公钥发送之前需要输密码)

# 在a上分别向b c d 主机发送公钥

scp ~/.ssh/id_rsa.pub root@10.0.0.50:/root/.ssh/id_rsa.pub  (需要输入密码,发完后就不需要输密码了)

# 在b c d分别执行

[root@cadicate-master ~]# touch .ssh/authorized_keys
[root@cadicate-master ~]# chmod 600 ~/.ssh/authorized_keys 
[root@cadicate-master ~]# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys

 [root@cadicate-master ~]# rm -f /root/.ssh/id_rsa.pub (安全起见删除公钥)

回到A机器:
# ssh root@10.0.0.50 (不需要密码, 登录成功)
 
注:假如失败, 看看selinux是否打开
关闭selinux  : setenforce 0(临时关闭)
                        vim /etc/selinux/config 
                           
将SELINUX=enforcing改为SELINUX=disabled   重启就好

 

 

 
 

 

posted @ 2018-03-08 20:53  benjamin杨  阅读(607)  评论(0编辑  收藏  举报