linux中,ssh实现免密自动登录到远程主机,ssh信任的实现
需求描述:
平时使用ssh的时候,一般使用ssh都是通过用户名和密码登录到远程主机上,
然后执行一些命令,远程登录过程中,需要手动的输入密码(提示输入密码之后),
但是,在实际的应用过程中,涉及到让脚本后台或者自动执行登录到远程主机来
执行一些命令,也就是要省略输入密码的过程即免密自动登录到远程主机。
实现过程:
1.在ssh的客户端生成认证密钥,执行以下命令创建ssh密钥
[mysql@redhat6 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/mysql/.ssh/id_rsa): Created directory '/home/mysql/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/mysql/.ssh/id_rsa. Your public key has been saved in /home/mysql/.ssh/id_rsa.pub. The key fingerprint is: 88:62:ed:43:0d:63:d1:13:c9:c8:f6:f7:a6:a1:2b:ee mysql@redhat6 The key's randomart image is: +--[ RSA 2048]----+ | ..+.o | | +.= | | .+. . | | o =... | | o + o.S. | | . + . o | | o . + | | ... . | | oE... | +-----------------+
备注:通过-t参数指定加密算法类型为RSA,命令执行过程中需要输入内容时,一路回车就可以了,无需自行输入任何内容。
2.已经生成了ssh的密钥
[mysql@redhat6 ~]$ cd .ssh/ [mysql@redhat6 .ssh]$ ls id_rsa id_rsa.pub
备注:
id_rsa.pub是生成的公钥,id_rsa是生成的私钥。
公钥id_rsa.pub必须要加入到远程服务~/.ssh/authorized_keys文件中,这台远程的服务器也就是我们想从当前主机自动登录到的那台服务器。
3.将生成的公钥的内容输入到远程主机~/.ssh/authorized_keys文件中
[mysql@redhat6 .ssh]$ ssh oracle@standby "cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub The authenticity of host 'standby (192.168.53.12)' can't be established. RSA key fingerprint is d2:b6:f9:00:10:34:f8:3c:2c:dd:87:35:66:2a:07:e3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'standby,192.168.53.12' (RSA) to the list of known hosts. oracle@standby's password:
备注:根据提示输入远程主机用户oracle的密码。
注意:这里的oracle是远程主机的用户,也就是通过ssh免密要登录到哪个用户下,standby是远程主机的主机域名或者主机名。
或者,通过ssh-copy-id工具自动将公钥加入到远程的authorized_keys文件中
[mysql@redhat6 .ssh]$ ssh-copy-id oracle@standby
oracle@standby's password:
Now try logging into the machine, with "ssh 'oracle@standby'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
4.测试通过ssh登录到oracle@standby是否仍然需要密码
[mysql@redhat6 .ssh]$ ssh oracle@standby Last login: Fri Mar 9 15:41:02 2018 from 192.168.53.1 [oracle@standby ~]$ exit logout Connection to standby closed.
备注:已经可以通过ssh免密码登录到standby主机的oracle用户下了。
5.可以将远程主机的主机名换成IP地址进程免密登录
[mysql@redhat6 .ssh]$ ssh oracle@192.168.53.12 Last login: Mon Mar 12 10:55:39 2018 from redhat6 [oracle@standby ~]$ exit logout Connection to 192.168.53.12 closed.
备注:将@后面的主机名standby换成了对应的IP地址192.168.53.12也是能够正常的免密登录。
小结:
通过以上的方法就实现了通过ssh免密登录远程主机,之后可以在远程主机上执行命令了,将ssh免密登录的内容放入到
相应的自动化脚本中,就实现了自动化的脚本执行。
文档创建时间:2018年3月12日10:59:30