如果你想在A服务器上直接登录B服务器,并对文件进行免密访问,可使用下列方法进行设置:
1、在A服务器上使用命令:cd /root/.ssh,进入到 /root/.ssh目录
2、在A服务器上对应目录上生成密钥对,命令:ssh-keygen -t rsa -P '',回车之后会生成id_rsa(私钥) 和 id_rsa.pub(公钥)两个文件。
[root@test-130 .ssh]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 直接回车即可
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ab:4c:94:c8:0f:45:c3:bf:5f:90:5b:77:32:f1:0f:fa root@test-130
The key's randomart image is:
+--[ RSA 2048]----+
| .o |
| ... . |
| .. . o |
| . o .. o . = o|
| + o S. + o =.|
| + ... o .|
| o .. . . |
| o . . E |
| o |
+-----------------+
[root@test-130 .ssh]# ll -a
total 20
drwx------. 2 root root 4096 Aug 5 11:20 .
dr-xr-x---. 5 root root 4096 Feb 27 15:38 ..
-rw-------. 1 root root 1675 Aug 5 11:20 id_rsa
-rw-r--r--. 1 root root 395 Aug 5 11:20 id_rsa.pub
-rw-r--r--. 1 root root 792 Apr 25 12:53 known_hosts
3、使用cat id_rsa.pub(公钥) 查看内容,并复制此条命令。
[root@test-130 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxY8VIFkPo0XmMQ41JUwg4bJXDq2X+35hdOriGPk6lt7FhHsXMPa2GxdaV3wsHvK21iJnWoENKH+3cSUaCktnNT3dY5D5GZYOAf1cLyny4hljDLNcJMpx3AyuWKQcej+p7tjNBAk0gcaHq8FHUZPg78TvJqaeIAbvvtGo/Tpleh+r6KZ3HW2GapBx9A2sCYw/uMddNmXWSkd9CrD+tHSYB/61uGlN8jp8pGMpJduI9LN6Jz0MIa3qLvh3NG92j2i2gsYdJ1TjoVzIxlzhgnbH4wJdXRkDbKRUtxDIia7D0tKcsle86B2Q06vH/X9+zCuC7qogPFRAE3+9C84iZJ9CEw== root@test-130
4、在B服务器上,进入目录:/root/.ssh,并执行如下命令:
101 as AKA9_49_0_, this^C
[root@bogon .ssh]# echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxY8VIFkPo0XmMQ41JUwg4bJXDq2X+35hdOriGPk6lt7FhHsXMPa2GxdaV3wsHvK21iJnWoENKH+3cSUaCktnNT3dY5D5GZYOAf1cLyny4hljDLNcJMpx3AyuWKQcej+p7tjNBAk0gcaHq8FHUZPg78TvJqaeIAbvvtGo/Tpleh+r6KZ3HW2GapBx9A2sCYw/uMddNmXWSkd9CrD+tHSYB/61uGlN8jp8pGMpJduI9LN6Jz0MIa3qLvh3NG92j2i2gsYdJ1TjoVzIxlzhgnbH4wJdXRkDbKRUtxDIia7D0tKcsle86B2Q06vH/X9+zCuC7qogPFRAE3+9C84iZJ9CEw== root@test-130' >> authorized_keys
5、如果还有其他应用服务器C,那么重复步骤4即可。
6、其他知识,在A服务器上可以使用产生的私钥登录到其他服务器,命令如下:
[root@test-130 .ssh]# ssh -i id_rsa root@192.168.10.138
The authenticity of host '192.168.10.138 (192.168.10.138)' can't be established.
RSA key fingerprint is d7:32:1b:97:4b:5b:02:f2:38:9c:4f:cc:89:f1:a7:71.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.138' (RSA) to the list of known hosts.
reverse mapping checking getaddrinfo for bogon [192.168.10.138] failed - POSSIBLE BREAK-IN ATTEMPT!
Last login: Wed Aug 5 10:25:22 2020 from 192.168.20.159
注意:在连接的过程中会看到前面那句failed,这个不影响我们使用,原因如下:
当使用SSH或SFTP连接某个host时,会有一系列的检查以保证你能够连接到你想连接的机器。其中一项是 “reverse lookup on the IP address”检查机器名称和你要连接的机器名称一致。否则,你会得到这样一个错误信息:”reverse mapping checking getaddrinfo for … POSSIBLE BREAK-IN ATTEMPT!”.
解决方法:
修改本地中的/etc/ssh/ssh_config,把参数GSSAPIAuthentication no修改就可以了。。或者修改服务器端上的/etc/ssh/sshd_config ,把参数GSSAPIAuthentication no改了也可以。要注意的是/etc/ssh/ssh_config和/etc/ssh/sshd_confg的区别。
以下我们看到登录的系统已经是B机了
[root@bogon ~]# cd .ssh/
[root@bogon .ssh]# ls
authorized_keys known_hosts
[root@bogon .ssh]# ll -a
total 16
drwx------. 2 root root 4096 Aug 5 11:26 .
dr-xr-x---. 6 root root 4096 Jul 29 18:12 ..
-rw-r--r--. 1 root root 395 Aug 5 11:26 authorized_keys
-rw-r--r--. 1 root root 396 Jun 12 2019 known_hosts
如果要退出,直接用exit命令即可。
[root@bogon .ssh]# exit
logout
Connection to 192.168.10.138 closed.