linux命令--建立主机信任关系

前景:

昨天在家配置rsync同步用到命令：

#rsync -avz --progress -e "ssh -p22"
root@192.168.22.149:/data/www/wwwroot/ /data/www/wwwroot/

复制代码

提示我输入192.168.22.149这台机器的密码

可是这在实际环境中运用是不可取的，要让B与A时建立ssh信任，登陆不要输入密码

过程：

软硬件环境： 两台linux服务器A和B 都编译安装上最新版的openSSH(建议)

openSSH的默认设置是允许root可以直接login. (PermitRootLogin yes),暂且保留这种设置，我们先考虑如何用SSH直接从A到B不需要密码，假设用用户root登录到A，想SSH到B也作为root不需要密码。

1。 分别从A和B上登录作为root后运行

#ssh-keygen

目的是简单地在/root下创建目录.ssh,当提示输入 passphase时打入两次回车。这将生成下面这两个文件：

/root/.ssh/id_rsa

•/root/.ssh/id_rsa.pub

复制代码

2。 先测试一下，从A登录作为root，输入

#ssh B

会要求提示

root@192.168.22.149's password:

复制代码

3。 现在从A登录作为root，运行

#scp /root/.ssh/id_rsa.pub
root@[B:ip]:/root/.ssh/authorized_keys

文件名必须不能弄错。

4。现在再从A运行

#ssh B

//则不需要密码了

实例：

A:

#ssh-keygen

Generating public/private rsa key pair.

•Enter file in which to save the key (/root/.ssh/id_rsa): [回车]

•Created directory '/root/.ssh'.

•Enter passphrase (empty for no passphrase): [回车]

•Enter same passphrase again: [回车]

•Your identification has been saved in /root/.ssh/id_rsa.

•Your public key has been saved in /root/.ssh/id_rsa.pub.

•The key fingerprint is:

•01:90:08:9e:7d:42:69:01:96:52:d7:ca:9f:53:43:df
root@test-1

复制代码

B：

#ssh-keygen

Generating public/private rsa key pair.

•Enter file in which to save the key (/root/.ssh/id_rsa): [回车]

•Created directory '/root/.ssh'.

•Enter passphrase (empty for no passphrase): [回车]

•Enter same passphrase again: [回车]

•Your identification has been saved in /root/.ssh/id_rsa.

•Your public key has been saved in /root/.ssh/id_rsa.pub.

•The key fingerprint is:

•3c:40:6d:c7:24:d1:99:27:5f:ea:5e:a4:41:0d:5a:26
root@test-2

复制代码

#scp /root/.ssh/id_rsa.pub root@192.168.22.149:/root/.ssh/authorized_keys

root@192.168.22.149's password: [输入密码]

复制代码

# ssh 192.168.22.149

Last login: Mon Mar 2 11:37:22 2009 from 192.168.22.156

复制代码

信任关系建立成功……