linux ssh免密登录

LINUX SSH免密登录

即看即用

Server A 要免密登录Server B (192.168.254.129)

在Server A 上

1、生成公钥,一路enter选择默认

  ssh-keygen -t rsa 

2、公钥拷贝到Server B(192.168.254.129)上并授权

  ssh-copy-id  192.168.254.129 

3、确认能免密登录

  ssh  192.168.254.129

退出:logout或exit

 

ssh 重启命令

systemctl restart sshd.service

 

ssh-copy-id 卡住问题

解决方法:

重新打开SSH窗口

ssh-copy-id 卡住问题_t0m的专栏-CSDN博客

 

ssh-copy-id 报错问题

[SDS_Admin@rdma65 ~]$ ssh-copy-id  182.200.31.109
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/SDS_Admin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: SHA256:XLT1B1ux5ga+061Fh3O2cNaP2ZiqeNBNl15N7fd37ms.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /home/SDS_Admin/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /home/SDS_Admin/.ssh/known_hosts:5
ERROR: ECDSA host key for 182.200.31.109 has changed and you have requested strict checking.
ERROR: Host key verification failed.

用SSH传输文件时出现下面的信息
文件传输不过去,只需要删除.ssh目录下的known_hosts文件就能传输了
[root@xx]# rm -rf ~/.ssh/known_hosts
原文链接:https://blog.csdn.net/weixin_44545265/article/details/88362272

 

参考:Linux ssh免密登录配置_C.-CSDN博客_linux之ssh免密登录配置

 

详细说明

Linux ssh免密登录配置_C.-CSDN博客_linux之ssh免密登录配置

 

免密登录原理

这里写图片描述
 

Secure Shell 免密认证登录

ssh Secure shell 免密码登录简单教程:http://www.cnblogs.com/godtrue/p/4185689.html

     1.ssh软件界面:选择 Edit->settings->user authentication > Keys

     2. 点击“Generate New”,下一步,可选择 rsa dsa两种加密方式(选择rsa)下一步

     3. 点击下一步,输入生成Key的文件名(如4251)和注释,打算使用空密码登录则Passphrase中不输入密码,下一步
     4. 完成
     5. 登录SSH Server,再到Edit->Settings->key下,点选刚才生成的key (4251),选择”upload”,destination的 .ssh2 改为.ssh ,下一步,选择”upload”

     这时候,key已经传到了linux远程主机的~/.ssh 目录下,在linux上,进入到~/.ssh 目录,看到刚才传上来的4251.pub

     6. 因为SSH Server是Linux,而SSH Secure Shell Client客户端上Windows,所以密钥4251.pub需要进行格式转换同时加入到authorized_keys文件中

     cd ~/.ssh/

     ssh-keygen -i -f xxx.pub >> authorized_keys
    
   7. 修改sshd_config

     sudo vi /etc/ssh/sshd_config
   
     让这几项生效:
     RSAAuthentication yes
     PubkeyAuthentication yes

     AuthorizedKeysFile %h/.ssh/authorized_keys


     可选择关闭输入pasword认证:
     PasswordAuthentication no

 

     8. 重启sshd服务 sudo service ssh restart

 

     9. 连接即可,自己生成的keys在c:\Users\\AppData\Roaming\SSH\UserKeys中


有时候权限太开放,被拒绝执行文件,则需要将文件的权限该为0600:chmod  0600 authorized_keys

如果客户端是linux机器,如何管理多个rsa ?

在.ssh 目录下 创建config文件,进行配置填写:

Host github.com
 HostName github.com
  User git
  IdentityFile C:/Users.ssh/id_rsa
  Host github2
  HostName github.com
  User git
  IdentityFile C:/Users.ssh/id_rsa_work

参考:http://5ydycm.blog.51cto.com/115934/251198/

          http://www.cnblogs.com/zichi/p/4704824.html

 

linux 生成密钥

命令ssh-keygen -t rsa 

私钥 id_rsa和公钥id_rsa.pub 

获取本机的公钥 cat ~/.ssh/id_rsa.pub 

windows 生成密钥

先安装git,然后打开git bash,执行口令

git下载链接 https://download.csdn.net/download/best_luxi/12661470

下载完直接安装即可,安装完成之后,右键点开git bash

 

执行口令 ssh-keygen -t rsa -C "你的邮箱",回车。

如:$ ssh-keygen -t rsa -C "youremail@example.com",回车。

 

第一个生成文件名字和位置,我习惯性一般不填文件名(填写的话一般在你当前右键的目下生成公钥和私钥),回车。两次输入密码,继续回车,即可生成秘钥。:

lenovo@Lx-PC MINGW64 /f/idea_workspace
$ ssh-keygen -t rsa -C "xxx@qq.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/lenovo/.ssh/id_rsa):  生成文件名字和位置,一般不填
Created directory '/c/Users/lenovo/.ssh'.  默认生成的公钥和私钥的位置
Enter passphrase (empty for no passphrase): 输入你的密码
Enter same passphrase again:  再次确认输入密码
Your identification has been saved in /c/Users/lenovo/.ssh/id_rsa.  生成的私钥
Your public key has been saved in /c/Users/lenovo/.ssh/id_rsa.pub.  生成的公钥
The key fingerprint is:
SHA256:Bu3zVUvcCHwW1qkCtV6QPMdxzcEFybbie06f+lP6nu8 xi.l@telelands.com
The key's randomart image is:
+---[RSA 2048]----+
|          o++o*O*|
|       . . ++*B=+|
|      . . ..o=*..|
|       o  ..o+.. |
|        S  oo..  |
|       . o ..   .|
|          .  ....|
|            ..ooo|
|             ++BE|
+----[SHA256]-----+
lenovo@Lx-PC MINGW64 /f/idea_workspace


找到生成的公钥,用记事本打开即可,将公钥复制gitlab。然后登陆和链接,可以自行百度。

生产公钥后,执行这个命令:ssh-copy-id  192.168.254.129 (即公钥拷贝到Server B(192.168.254.129)上并授权)

免密登录shell脚本

给用户SDS_Admin做免密登录:

#!/bin/bash
#把本机的公钥拷贝到/etc/ceph/ceph.conf 中 all_manage_ip 指定的所以IP的主机上

line=`cat /etc/ceph/ceph.conf |grep -E 'all_manage_ip'`&&HOSTS=$(echo ${line#*=}|sed s/[[:space:]]//g)

OLD_IFS="$IFS"   #备份原值
IFS=","     #设分隔符为“,”

for ip_addr in ${HOSTS}
do
    echo "$ip_addr"
    ip_addr=$ip_addr expect << 'EOS'
      set timeout 10
      spawn ssh-copy-id  SDS_Admin@$::env(ip_addr)
      expect "*password*"
      send "Admin@123stor\r"
      expect eof; 
      #exit 0
EOS
done
IFS="$OLD_IFS"

转自:https://www.cnblogs.com/bandaoyu/p/16752896.html

posted @ 2023-11-30 11:33  郭大侠1  阅读(98)  评论(0编辑  收藏  举报