Linux SSH 免密登录
1、配置ssh
(1)基本语法,ssh 另一台电脑的ip地址
[root@localhost ~]# ssh root@192.168.1.220 The authenticity of host '192.168.1.220 (192.168.1.220)' can't be established. ECDSA key fingerprint is SHA256:alUAo2jDmPaBZ+doVQhEWERG8ap21Ibii0mpQko0d2s. ECDSA key fingerprint is MD5:6c:e7:fe:f6:b4:a6:b1:e4:04:47:fc:6b:e6:51:55:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.220' (ECDSA) to the list of known hosts. root@192.168.1.220's password: Last login: Thu Jan 30 16:40:58 2020 from 192.168.1.6 [root@localhost ~]# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:c5:19:99 brd ff:ff:ff:ff:ff:ff inet 192.168.1.220/24 brd 192.168.1.255 scope global ens33 valid_lft forever preferred_lft forever inet6 2409:8a0c:12:a9b0:e7c8:b827:8589:fc7e/64 scope global noprefixroute dynamic valid_lft 259123sec preferred_lft 172723sec inet6 fe80::448f:7a09:b3fa:48e0/64 scope link valid_lft forever preferred_lft forever [root@localhost ~]# exit 登出 Connection to 192.168.1.220 closed.
(2)ssh server服务(默认有)
[root@localhost ~]# rpm -qa | grep ssh openssh-server-7.4p1-11.el7.x86_64 libssh2-1.4.3-10.el7_2.1.x86_64 openssh-7.4p1-11.el7.x86_64 openssh-clients-7.4p1-11.el7.x86_64
2、无密钥配置
(1)进入到我的home目录
[root@localhost ~]# cd ~/.ssh/
(2)生成公钥和私钥
[root@localhost .ssh]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:1mYFkSups5dRDiSGRTRT8BpW1Svcz/ZKtBtbjfq3o8c root@localhost.localdomain The key's randomart image is: +---[RSA 2048]----+ | =Boo.++ | | . o=. ... | | .oo.o o.. | | . o+.=.o | | ..S=+. o. | | o..o. .+o.| | o o .*.o| | . o o Eo| | . .oB+o| +----[SHA256]-----+ 注:敲三个回车,生成id_rsa(私钥)、id_rsa.pub(公钥)两个文件
(3)将公钥拷贝到要免密登录的目标机器上
[root@localhost .ssh]# ssh-copy-id 192.168.1.220 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.1.220's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.1.220'" and check to make sure that only the key(s) you wanted were added. [root@localhost .ssh]#
3、.ssh文件夹下的文件功能解释
known_hosts :记录ssh访问过计算机的公钥(public key)
id_rsa :生成的私钥
id_rsa.pub :生成的公钥
authorized_keys :存放授权过得无秘登录服务器公钥
[root@localhost .ssh]# ssh root@192.168.1.220 Last login: Thu Jan 30 16:42:03 2020 from 192.168.1.221 [root@localhost ~]# ifconfig ens33 ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.220 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::448f:7a09:b3fa:48e0 prefixlen 64 scopeid 0x20<link> inet6 2409:8a0c:12:a9b0:e7c8:b827:8589:fc7e prefixlen 64 scopeid 0x0<global> ether 00:0c:29:c5:19:99 txqueuelen 1000 (Ethernet) RX packets 105195 bytes 148908529 (142.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 23576 bytes 2633389 (2.5 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@localhost ~]# exit 登出 Connection to 192.168.1.220 closed.