linux ssh免密登录
LINUX SSH免密登录
即看即用
Server A 要免密登录Server B (192.168.254.129)
在Server A 上
1、生成公钥,一路enter选择默认
ssh-keygen -t rsa
2、公钥拷贝到Server B(192.168.254.129)上并授权
ssh-copy-id 192.168.254.129
3、确认能免密登录
ssh 192.168.254.129
退出:logout或exit
ssh 重启命令
systemctl restart sshd.service
ssh-copy-id 卡住问题
解决方法:
重新打开SSH窗口
或ssh-copy-id 卡住问题_t0m的专栏-CSDN博客
ssh-copy-id 报错问题
[SDS_Admin@rdma65 ~]$ ssh-copy-id 182.200.31.109
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/SDS_Admin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: SHA256:XLT1B1ux5ga+061Fh3O2cNaP2ZiqeNBNl15N7fd37ms.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /home/SDS_Admin/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /home/SDS_Admin/.ssh/known_hosts:5
ERROR: ECDSA host key for 182.200.31.109 has changed and you have requested strict checking.
ERROR: Host key verification failed.
用SSH传输文件时出现下面的信息
文件传输不过去,只需要删除.ssh目录下的known_hosts文件就能传输了
[root@xx]# rm -rf ~/.ssh/known_hosts
原文链接:https://blog.csdn.net/weixin_44545265/article/details/88362272
参考:Linux ssh免密登录配置_C.-CSDN博客_linux之ssh免密登录配置
详细说明
Linux ssh免密登录配置_C.-CSDN博客_linux之ssh免密登录配置
免密登录原理
Secure Shell 免密认证登录
ssh Secure shell 免密码登录简单教程:http://www.cnblogs.com/godtrue/p/4185689.html
1.ssh软件界面:选择 Edit->settings->user authentication > Keys
2. 点击“Generate New”,下一步,可选择 rsa dsa两种加密方式(选择rsa)下一步
3. 点击下一步,输入生成Key的文件名(如4251)和注释,打算使用空密码登录则Passphrase中不输入密码,下一步
4. 完成
5. 登录SSH Server,再到Edit->Settings->key下,点选刚才生成的key (4251),选择”upload”,destination的 .ssh2 改为.ssh ,下一步,选择”upload”
这时候,key已经传到了linux远程主机的~/.ssh 目录下,在linux上,进入到~/.ssh 目录,看到刚才传上来的4251.pub
6. 因为SSH Server是Linux,而SSH Secure Shell Client客户端上Windows,所以密钥4251.pub需要进行格式转换同时加入到authorized_keys文件中
cd ~/.ssh/
ssh-keygen -i -f xxx.pub >> authorized_keys
7. 修改sshd_config
sudo vi /etc/ssh/sshd_config
让这几项生效:
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
可选择关闭输入pasword认证:
PasswordAuthentication no
8. 重启sshd服务 sudo service ssh restart
9. 连接即可,自己生成的keys在c:\Users\\AppData\Roaming\SSH\UserKeys中
有时候权限太开放,被拒绝执行文件,则需要将文件的权限该为0600:chmod 0600 authorized_keys
如果客户端是linux机器,如何管理多个rsa ?
在.ssh 目录下 创建config文件,进行配置填写:
Host github.com
HostName github.com
User git
IdentityFile C:/Users.ssh/id_rsa
Host github2
HostName github.com
User git
IdentityFile C:/Users.ssh/id_rsa_work
参考:http://5ydycm.blog.51cto.com/115934/251198/
http://www.cnblogs.com/zichi/p/4704824.html
linux 生成密钥
命令ssh-keygen -t rsa
私钥 id_rsa和公钥id_rsa.pub
获取本机的公钥 cat ~/.ssh/id_rsa.pub
windows 生成密钥
先安装git,然后打开git bash,执行口令
git下载链接 https://download.csdn.net/download/best_luxi/12661470
下载完直接安装即可,安装完成之后,右键点开git bash
执行口令 ssh-keygen -t rsa -C "你的邮箱",回车。
如:$ ssh-keygen -t rsa -C "youremail@example.com",回车。
第一个生成文件名字和位置,我习惯性一般不填文件名(填写的话一般在你当前右键的目下生成公钥和私钥),回车。两次输入密码,继续回车,即可生成秘钥。:
lenovo@Lx-PC MINGW64 /f/idea_workspace
$ ssh-keygen -t rsa -C "xxx@qq.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/lenovo/.ssh/id_rsa): 生成文件名字和位置,一般不填
Created directory '/c/Users/lenovo/.ssh'. 默认生成的公钥和私钥的位置
Enter passphrase (empty for no passphrase): 输入你的密码
Enter same passphrase again: 再次确认输入密码
Your identification has been saved in /c/Users/lenovo/.ssh/id_rsa. 生成的私钥
Your public key has been saved in /c/Users/lenovo/.ssh/id_rsa.pub. 生成的公钥
The key fingerprint is:
SHA256:Bu3zVUvcCHwW1qkCtV6QPMdxzcEFybbie06f+lP6nu8 xi.l@telelands.com
The key's randomart image is:
+---[RSA 2048]----+
| o++o*O*|
| . . ++*B=+|
| . . ..o=*..|
| o ..o+.. |
| S oo.. |
| . o .. .|
| . ....|
| ..ooo|
| ++BE|
+----[SHA256]-----+
lenovo@Lx-PC MINGW64 /f/idea_workspace
找到生成的公钥,用记事本打开即可,将公钥复制gitlab。然后登陆和链接,可以自行百度。
生产公钥后,执行这个命令:ssh-copy-id 192.168.254.129 (即公钥拷贝到Server B(192.168.254.129)上并授权)
免密登录shell脚本
给用户SDS_Admin做免密登录:
#!/bin/bash #把本机的公钥拷贝到/etc/ceph/ceph.conf 中 all_manage_ip 指定的所以IP的主机上 line=`cat /etc/ceph/ceph.conf |grep -E 'all_manage_ip'`&&HOSTS=$(echo ${line#*=}|sed s/[[:space:]]//g) OLD_IFS="$IFS" #备份原值 IFS="," #设分隔符为“,” for ip_addr in ${HOSTS} do echo "$ip_addr" ip_addr=$ip_addr expect << 'EOS' set timeout 10 spawn ssh-copy-id SDS_Admin@$::env(ip_addr) expect "*password*" send "Admin@123stor\r" expect eof; #exit 0 EOS done IFS="$OLD_IFS"