两台Linux server 做免密登录

需求

Linux server1 需要免密登录 Linux server2

步骤

1. 在server生成一对RSA公钥和私钥

ssh-keygen -b 2048 -t rsa -C "<Linux server1 user>@<key name>"

2.把公钥私钥安装到server1(该FQDN下的所有server)

private key: 400
public key: 640

3.把公钥提供给serve2

4. Linux server2 提供如下信息给server1

FQDN
port
SFTP profile
path to receive the file
known host key, 参考 https://blog.51cto.com/u_13236892/5455735

##显示FQDN的主机密钥
ssh-keyscan -t rsa <FQDN>
##显示ip的主机密钥
ssh-keyscan -t rsa <ip>

如果server2没有提供known host key, 在从server第一次连接serve2时，server2的known host 会自动添加到~/.ssh/known_hosts

5. Serve2 导入server1的public key (server2 FQDN 下的所有server都要安装)

Upload the key file to your sftp profile path, such as ~/.ssh
Append public key content to authorized_keys file, such as using command

## 添加空行
echo "" >> ~/.ssh/authorized_keys
##把public key文件内容添加到authorized_keys 文件最后
cat test.pub >> ~/.ssh/authorized_keys

6.server1 安装 server2的known host key

##backup
cp -p ~/.ssh/known_hosts ~/.ssh/known_hosts_backup
##添加空行
echo "" >> ~/.ssh/known_hosts
cat known_host_key_server2.txt >> ~/.ssh/known_hosts

7. connectivity test, 从server1免密登录server2

ssh -i <private key> <profile of remote server>@<FQDN or ip of remote server>
scp -i <private key> -P 22 /local/test_juniper.txt <profile of remote server>@<FQDN or ip of remote server>:/remotepath/

sftp -i <private key> <profile of remote server>@<FQDN or ip of remote server>

Known host key:

第一次用ssh user@server 会生成对方server的host key, 自动追加在/~/.ssh/known_hosts
或者已知remote server host key，直接把key手动追加在~/.ssh/known_hosts，连接remtoe server就不会问是不是信任
如果remote server是一个FQDN下挂多个server, 那么首先要确定这两台server的host key是不是一样. 可以分别手动连一下remote server ip，看下known_hosts里的host key是不是一样的

查看FQDN是不是有多个ip
命令: nslookup FQDN

如果FQDN下有多个IP，查看每个IP的hostkey是不是一样
命令: ssh user@ip
以上命令会在known_host文件生成hostkey

known_hosts每一行格式
一个FQDN一台server
FQDN,serverip hostkey
Servername,serverip hostkey(ssh-rsa AAAAB3Nza)

一个FQDN多台server，并且多台server hostkey不一样:
FQDN,serverip1,hostkey1
FQDN,serverip2,hostkey2

一个FQDN多台server，并且多台server hostkey一样:
FQDN,servername1,servername2,FQDN IP,serverip1,serverip2 hostkey

posted on 2022-03-03 10:14 dreamstar 阅读(26) 评论(0) 编辑收藏举报