13_配置免密登录

1.生成密钥对

[root@centos79 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fnVf04u0NK2NkQHv8hU5yX0pKKrTR+04dr7IV8isk0s root@centos79
The keys randomart image is:
+---[RSA 2048]----+
|           .     |
|            + . =|
|         . . + Bo|
|        . o . = =|
|       .S.oooB.+o|
|      o.. o==oX.+|
|     o ..E+o.* o.|
|      . ===.     |
|         ++o.    |
+----[SHA256]-----+


# 一键生成密钥对
[root@centos1 .ssh]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:LNcQvqnGg3ImJWaf7g2mrnDZj0MfuEGdTqcy7RQ4Ces root@centos1
The keys randomart image is:
+---[RSA 2048]----+
|        .        |
|  .    . .       |
|   o + .o        |
|  . = =..=       |
| .+..*.+S .      |
| oE**+*+         |
|. =.XO=.         |
|.. Oo*o.         |
|.oo.+.o          |
+----[SHA256]-----+

2.访问记录查看

# 查看在线状态
[root@centos2 .ssh]# w
 22:07:52 up 6 min,  3 users,  load average: 0.03, 0.05, 0.04
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1                      22:02    5:52   0.02s  0.02s -bash
root     pts/0    10.1.1.1         22:06    0.00s  0.03s  0.00s w
root     pts/1    10.1.1.3         22:07   19.00s  0.01s  0.01s -bash

# 查看谁登录成功过
[root@centos2 ~]# last
root     pts/1        10.1.1.3         Tue Oct 10 22:07 - 22:08  (00:00)
root     pts/1        10.1.1.3         Tue Oct 10 22:07 - 22:07  (00:00)
root     pts/0        10.1.1.1         Tue Oct 10 22:06   still logged in
root     pts/0        10.1.1.1         Tue Oct 10 22:05 - 22:06  (00:00)


# 查看谁登录失败过
[root@centos2 ~]# lastb
root     ssh:notty    10.1.1.3         Tue Oct 10 22:07 - 22:07  (00:00)
root     ssh:notty    10.1.1.3         Tue Oct 10 22:07 - 22:07  (00:00)
main     ssh:notty    10.1.1.3         Tue Oct 10 20:12 - 20:12  (00:00)
main     ssh:notty    10.1.1.3         Tue Oct 10 20:11 - 20:11  (00:00)
main     ssh:notty    10.1.1.3         Tue Oct 10 20:11 - 20:11  (00:00)
root     tty1                          Mon Oct  9 11:05 - 11:05  (00:00)
root     tty1                          Sun Oct  8 11:34 - 11:34  (00:00)

btmp begins Sun Oct  8 11:34:44 2023

3.把自己的公钥发给对方 入侵

# 服务费微风
[root@centos1 .ssh]# ssh-copy-id root@10.1.1.5
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Warning: Permanently added '10.1.1.5' (ECDSA) to the list of known hosts.
root@10.1.1.5 password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.1.1.5'"
and check to make sure that only the key(s) you wanted were added.

# 登录对方
ssh root@${IP}