1.1 执行命令生成配对密钥
[root@centos78 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:stDcOwNKjQpxtGxoiZ0wJIdxaWOZ2NENHA9BUwc/eBw root@centos78 The key's randomart image is: +---[RSA 2048]----+ |**=OB*o.E | |=XXoo+.= . | |+=B. o = | |.+ = o . | |. + * S | | . o o + . | | . . . + | | o | | | +----[SHA256]-----+ [root@centos78 ~]# ls .ssh/ id_rsa id_rsa.pub
ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa
-P表示密码,-P '' 就表示空密码,用-P就一次回车。生成.ssh目录,.ssh下有id_rsa和id_rsa.pub。
1.2 拷贝 id_rsa.pub 到 远程主机
[root@cl-node03 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.234.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.234.12's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.234.12'"
and check to make sure that only the key(s) you wanted were added.
1.3 实现免密登录及拷贝
[root@cl-node03 docker_image_build]# ssh root@192.168.234.12 Last login: Tue Aug 3 14:53:33 2021 from 192.168.234.1 [root@cl-node02 ~]# exit 登出 Connection to 192.168.234.12 closed. # 远程scp拷贝,不再需要密码 [root@localhost ~]# touch sshtest.ext [root@localhost ~]# scp sshtest.ext root@172.16.2.200:/root sshtest.ext 100% 0 0.0KB/s 00:00
1.4 ssh-copy-id 实现: 将 .ssh 目录中的 id_rsa.pub 文件复制到 远程主机的 ~/.ssh/ 目录中,并改名为 authorized_keys。authorized_keys的权限要是600。
[root@my-node10 .ssh]# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCKZJKsvPDL3n8+2I2zPCRXUP8eugtnnmOnfNgtofzV65XVuv4gonT/lDCfVNW/H4Zn9vk//GKAWSvpXLYJzGyhbLouNBCiA2+/Q8A5ZfseQ8afzs G3260IsaRNfmhPOeSBLW53Dl2okLtvJ+IkaWZkPiZ3AcO3R1+tfGmFGSwekKFGaYKLv6WY2dujZfUBWPNKTa6kfEa2SFDi+KqaXb+4BcyPgSWbnCQP9cw+nsOyKXDnt3uCI2Ahnpi16LsrtSwxYohwi/Y I7B4p3QB9xuhNS45KatwO2541QaYRleknjuce9ymbNpgGoOhF7LD8ctiFGYwY6b1z5xCu9mC33wX root@centos78
1.5 主机自身免密
[root@centos78 .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.6.78 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '192.168.6.78 (192.168.6.78)' can't be established. ECDSA key fingerprint is SHA256:jUOWy9seNbDM9KM22p2Wv0c4wsdG6iVl8yoT6uqrgbw. ECDSA key fingerprint is MD5:4e:c3:00:23:46:73:96:91:da:06:c6:77:42:9a:56:db. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.6.78's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.6.78'" and check to make sure that only the key(s) you wanted were added. [root@centos78 .ssh]# ls authorized_keys id_rsa id_rsa.pub known_hosts
[root@centos78 .ssh]# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCKZJKsvPDL3n8+2I2zPCRXUP8eugtnnmOnfNgtofzV65XVuv4gonT/lDCfVNW/H4Zn9v k//GKAWSvpXLYJzGyhbLouNBCiA2+/Q8A5ZfseQ8afzsG3260IsaRNfmhPOeSBLW53Dl2okLtvJ+IkaWZkPiZ3AcO3R1+tfGmFGSwekKFGaYKLv6WY2dujZfUBWPNKTa6kfEa2SFDi+KqaXb+4BcyPgSWbnCQP9 cw+nsOyKXDnt3uCI2Ahnpi16LsrtSwxYohwi/YI7B4p3QB9xuhNS45KatwO2541QaYRleknjuce9ymbNpgGoOhF7LD8ctiFGYwY6b1z5xCu9mC33wX root@centos78 [root@centos78 .ssh]# ssh root@192.168.6.78 Last login: Wed Feb 22 20:31:17 2023 from 192.168.6.101 [root@centos78 ~]# ssh root@192.168.6.78 Last login: Wed Feb 22 20:48:49 2023 from centos78
