Cenos7---linux下ssh/scp无密钥远程登陆其他服务器方法

一、双方机器都是root用户登陆方法

A为本地主机(即用于控制其他主机的机器) ;
B为远程主机(即被控制的机器Server), 假如ip为192.168.60.110;
A和B的系统都是Linux

在A上运行命令:
# ssh-keygen -t rsa (连续三次回车,即在本地生成了私钥(id_rsa) 与公钥 (id_rsa.pub),不设置密码)
# ssh root@10.9.192.44 "mkdir .ssh" (需要输入密码)
# scp ~/.ssh/id_rsa.pub root@192.168.60.110:.ssh/id_rsa.pub (需要输入密码)

在B上的命令:

# touch /root/.ssh/authorized_keys (如果已经存在这个文件, 跳过这条)
# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys (将id_rsa.pub的内容追加到authorized_keys 中)

回到A机器:
# ssh root@192.168.60.110 (不需要密码, 登录成功)

 

二、远程主机不是root用户(比如普通用户test)登陆方法

A为本地主机(即用于控制其他主机的机器) ;
B为远程主机(即被控制的机器Server), 假如ip为192.168.60.110;
A和B的系统都是Linux

在A上运行命令:
# ssh-keygen -t rsa (连续三次回车,即在本地生成了公钥和私钥,不设置密码)
# ssh test@192.168.60.110 "mkdir .ssh" (需要输入密码)
# scp ~/.ssh/id_rsa.pub test@192.168.60.110:.ssh/id_rsa.pub (需要输入密码)

在B上的命令:
# touch /home/test/.ssh/authorized_keys (如果已经存在这个文件, 跳过这条)
# cat /home/test/.ssh/id_rsa.pub >> /home/test/.ssh/authorized_keys (将id_rsa.pub的内容追加到authorized_keys 中)

修改test/.ssh和authorized_keys的权限

#chmod 700 test

#chmod 700 .ssh

#chmod 600 authorized_keys

回到A机器:
# ssh test@192.168.60.110 (不需要密码, 登录成功)

 

 

 

三、ssh免密另一版本。

1.环境准备

[root@CentOS 7 ~]# cat /etc/redhat-release 

CentOS Linux release 7.2.1511 (Core) 

[root@CentOS 7 ~]# uname -r

3.10.0-327.el7.x86_64

[root@CentOS 7 ~]# getenforce 

Disabled

[root@CentOS 7 ~]# systemctl status firewalld.service 

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: inactive (dead)

 

2.查看SSH端口

[root@CentOS 7 ~]# netstat -lntup | grep sshd

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1518sshd           

tcp6       0      0 :::22                   :::*                    LISTEN      1518sshd           

 

3.密钥认证

3.1创建密钥对

[root@CentOS 7 ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):           ----密钥对保存路径

Created directory '/root/.ssh'. 

Enter passphrase (empty for no passphrase):          ----为密钥对创建密码

Enter same passphrase again:                                 ----确认密码

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

7d:dc:8c:89:80:5d:79:97:6b:e4:2d:53:89:ba:d6:13 root@CentOS 7

The key's randomart image is:

+--[ RSA 2048]----+                          ----加密的位数为20048

|          ..  ...|

|       o .. ..+..|

|      . o  ..+ + |

|         o + E* .|

|        S o B.+o |

|           + o   |

|          .   .  |

|                 |

|                 |

+-----------------+

 

3.2分发公钥

[root@CentOS 7 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.63

(ssh-copy-id -i /root/.ssh/id_rsa.pub IPADDR(将公钥放到本机和其他被远程主机))

The authenticity of host '172.16.1.63 (172.16.1.63)' can't be established.

ECDSA key fingerprint is 0b:bf:14:a7:9e:87:69:5d:7c:a5:25:b9:65:22:35:08.

Are you sure you want to continue connecting (yes/no)? yes                 

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

root@172.16.1.63's password:             ----第一次分发公钥,需要输入密码

 

Number of key(s) added: 1

 

Now try logging into the machine, with:   "ssh 'root@172.16.1.63'"

and check to make sure that only the key(s) you wanted were added.

 

3.3测试

[root@CentOS 7 ~]# ssh 172.16.1.63

Last login: Fri Mar 30 17:11:08 2018 from 10.0.0.1

4.认证代理

4.1管理主机创建密钥对(以上步骤)

4.2分发公钥(以上步骤)

4.3管理主机启动认证代理

[root@CentOS 7 ~]# eval `ssh-agent -s`

Agent pid 2994

 

4.4管理主机向agent代理服务器注册本地服务器私钥信息

[root@CentOS 7 ~]# ssh-add

Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)

 

4.5管理主机将凭证信息通过远程登陆方式给被代理主机

[root@CentOS 7 ~]# ssh -A 172.16.1.63

Last login: Fri Mar 30 20:03:21 2018 from 172.16.1.21

 

4.6测试

[root@gitlab ~]# ssh 172.16.1.21

Last login: Fri Mar 30 20:08:27 2018 from 172.16.1.63

 

5.自动创建密钥对,分发公钥(Shell脚本)

#!/bin/bash

##############################################################

# File Name: ssh_fenfa.sh

# Version: V7.4

# Author: feng yu

# Organization: http://blog.51cto.com/13520761

# Created Time : 2018-03-30 20:13:36

# Description:

##############################################################

fil=/root/.ssh/id_rsa*

if [ $(ls $fil|wc -l) > 0 ];then

    rm -rf $fil

    ssh-keygent -t rsa -f /root/.ssh/id_rsa -P "" >> /dev/null 2>&1

else

    ssh-keygent -t rsa -f /root/.ssh/id_rsa -P "" >> /dev/null 2>&1

fi

 

if [ $(rpm -qa sshpass|wc -l) -lt 1 ];then

    yum install -y sshpass &>/dev/null

fi

 

for ip in 21 63

  do

    sshpass -p123456 ssh-copy-id -i /root/.ssh/id_rsa.pub "172.16.1.$ip -o StrictHostKeyChecking=no"

done

 参考链接:http://blog.51cto.com/13520761/2095798

posted @ 2018-04-17 19:08  勇敢の牛肉丸  阅读(396)  评论(0编辑  收藏  举报