ssh免密碼登錄配置方法的詳細解析
這篇文章主要講解了ssh免密碼登錄配置方法的詳細解析�,內容清晰明了��,對此有興趣的小伙伴可以學習一下��,相信大家閱讀完之后會有幫助�。
首先�,說明一下我們要做的是�,serverA 服務器的 usera 用戶免密碼登錄 serverB 服務器的 userb用戶����。
我們先使用usera 登錄 serverA 服務器
[root@serverA ~]# su - usera
[usera@serverA ~]$ pwd
/home/usera
然后在serverA上生成密鑰對
[usera@serverA ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/usera/.ssh/id_rsa):
Created directory '/home/usera/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/usera/.ssh/id_rsa.
Your public key has been saved in /home/usera/.ssh/id_rsa.pub.
The key fingerprint is:
39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA
The key's randomart image is:
+--[ RSA 2048]----+
| Eo* |
| @ . |
| = * |
| o o . |
| . S . |
| + . . |
| + . .|
| + . o . |
| .o= o. |
+-----------------+
此時會在/home/usera/.ssh目錄下生成密鑰對
[usera@serverA ~]$ ls -la .ssh
總用量 16
drwx------ 2 usera usera 4096 8月 24 09:22 .
drwxrwx--- 12 usera usera 4096 8月 24 09:22 ..
-rw------- 1 usera usera 1675 8月 24 09:22 id_rsa
-rw-r--r-- 1 usera usera 399 8月 24 09:22 id_rsa.pub
然后將公鑰上傳到serverB 服務器的���,并以userb用戶登錄
[usera@portalweb1 ~]$ ssh-copy-id userb@10.124.84.20
The authenticity of host '10.124.84.20 (10.124.84.20)' can't be established.
RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.124.84.20' (RSA) to the list of known hosts.
userb@10.124.84.29's password:
Now try logging into the machine, with "ssh 'userb@10.124.84.20'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
這個時候usera的公鑰文件內容會追加寫入到userb的 .ssh/authorized_keys 文件中
[usera@serverA ~]$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA
查看serverB服務器userb用戶下的 ~/.ssh/authorized_keys文件�,內容是一樣的���,此處我就不粘貼圖片了���。
[userb@serverB ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA
另外我們要注意�,.ssh目錄的權限為700����,其下文件authorized_keys和私鑰的權限為600��。否則會因為權限問題導致無法免密碼登錄�����。我們可以看到登陸后會有known_hosts文件生成�。
[useb@serverB ~]$ ls -la .ssh
total 24
drwx------. 2 useb useb 4096 Jul 27 16:13 .
drwx------. 35 useb useb 4096 Aug 24 09:18 ..
-rw------- 1 useb useb 796 Aug 24 09:24 authorized_keys
-rw------- 1 useb useb 1675 Jul 27 16:09 id_rsa
-rw-r--r-- 1 useb useb 397 Jul 27 16:09 id_rsa.pub
-rw-r--r-- 1 useb useb 1183 Aug 11 13:57 known_hosts
這樣做完之后我們就可以免密碼登錄了
[usera@serverA ~]$ ssh userb@10.124.84.20
另外����,將公鑰拷貝到服務器的~/.ssh/authorized_keys文件中方法有如下幾種:
1�、將公鑰通過scp拷貝到服務器上����,然后追加到~/.ssh/authorized_keys文件中�����,這種方式比較麻煩����。scp -P 22 ~/.ssh/id_rsa.pub user@host:~/�。
2���、通過ssh-copy-id程序��,就是我演示的方法���,ssh-copyid user@host即可
3����、可以通過cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host ‘cat >> ~/.ssh/authorized_keys'���,這個也是比較常用的方法�����,因為可以更改端口號�。
看完上述內容�����,是不是對ssh免密碼登錄配置方法的詳細解析有進一步的了解�,如果還想學習更多內容���,歡迎關注億速云行業資訊頻道���。
