ssh-keygen和ssh-copy-id实现SSH无密码登录
2016-01-15 15:25
525 查看
安装了jumpserver跳板机,通过跳板机登录到各个服务器,因此想实现ssh无密码登录,用ssh-keygen和ssh-copy-id实现。
ssh-keygen: generates, manages and converts authentication keys for ssh
创建公钥和密钥
ssh-copy-id: a script that uses ssh to log into a remote machine
默认情况下,把本地主机的公钥append到远程主机的~/.ssh/authorized_keys文件上
server 2: 172.16.16.80, 用户名:zhai
注意:
如果远程服务器的sshd的服务端口不是默认的22,使用如下命令:
参考:
1 http://blog.chinaunix.net/uid-26284395-id-2949145.html
2 http://roclinux.cn/?p=2551
ssh-keygen: generates, manages and converts authentication keys for ssh
创建公钥和密钥
ssh-copy-id: a script that uses ssh to log into a remote machine
默认情况下,把本地主机的公钥append到远程主机的~/.ssh/authorized_keys文件上
实现过程
1 服务器情况
server 1: 172.16.16.70, 用户名:testtest@host70:~$ ls -a . .. .bash_history .ssh test@host70:~$ ls -l .ssh/ total 4 -rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts test@host70:~$ cat .ssh/known_hosts |1|0ZfKXQmtuKnq2tlIndFLC6+ySc8=|0S7Plqf/gOzZU8jPQLDKEnv31Gg= ecdsa-sha2-nistp256 AAAA E2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOET4VFGdPJ8dFOQV5BN/x+gRU4T0MILTSr2D 2PLBid8ik715irXDDIsNAHSE+7yHFYG6XpqaOZmvRDn6TObhys= test@host70:~$ ssh zhai@172.16.16.80 The authenticity of host '172.16.16.80 (172.16.16.80)' can't be established. ECDSA key fingerprint is f5:d4:4a:3d:93:fa:73:da:47:82:35:38:38:fb:49:8e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.16.80' (ECDSA) to the list of known hosts. zhai@172.16.16.80's password:登录server2需要密码
server 2: 172.16.16.80, 用户名:zhai
zhai@host80:~$ ls -a . .. .bash_history .bash_logout .bashrc .cache .profile
2 在server1上,用ssh-keygen生成公钥和私钥对
命令:ssh-keygen -t rsatest@host70:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/test/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/test/.ssh/id_rsa. Your public key has been saved in /home/test/.ssh/id_rsa.pub. The key fingerprint is: 81:d4:64:d0:e4:9f:6a:de:74:0d:49:03:01:fd:02:8b test@test The key's randomart image is: +--[ RSA 2048]----+ | o*=oo. | | . ++ .. | | ..oo .o | | E .o.o.o | | S o.o | | . o | | o . . . | | o o . | | . . | +-----------------+ test@host70:~$ ls -l .ssh/ total 12 -rw------- 1 test test 1675 Jan 14 16:53 id_rsa -rw------- 1 test test 391 Jan 14 16:53 id_rsa.pub -rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts test@host70:~$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9 p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5 5W79oTEIYkH/dlyVzJDGz9IdV1 test@test
3 在server1上,用ssh-copy-id将公钥复制到远程机器server2中
test@host70:~$ ssh-copy-id zhai@172.16.16.80 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys zhai@172.16.16.80's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'zhai@172.16.16.80'" and check to make sure that only the key(s) you wanted were added.在server2上查看是否已经生成文件authorized_keys
zhai@host80:~$ ls -a . .. .bash_history .bash_logout .bashrc .cache .profile .ssh通过比较发现:authorized_keys文件与server1上的id_rsa.pub文件内容一致。
zhai@host80:~$ ls .ssh/
authorized_keys
zhai@host80:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
5W79oTEIYkH/dlyVzJDGz9IdV1 test@test
4 无密码登录远程服务器
test@host70:~$ ssh zhai@172.16.16.80 Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic ppc64le) * Documentation: https://help.ubuntu.com/ Last login: Thu Jan 14 16:51:16 2016 from 172.16.16.173 zhai@host80~$ exit logout Connection to 172.16.16.80 closed.
注意:
如果远程服务器的sshd的服务端口不是默认的22,使用如下命令:
test@host70:~$ ssh-copy-id “-p 20000 zhai@172.16.16.80”
参考:
1 http://blog.chinaunix.net/uid-26284395-id-2949145.html
2 http://roclinux.cn/?p=2551
相关文章推荐
- sqoop使用经验总结及问题汇总
- nginx下502和504错误的解决办法
- Ubuntu安装配置JDK、Tomcat、SVN服务器
- Linux下、sudoers的权限被更改后,不能sudo的解决办法
- linux下sh脚本的一个小问题#!/bin/sh^M不是一个file的错误
- 开发自动化运维管理平台
- Linux 内核模块参数学习module_param
- 对Shell几个冷知识的总结(IFS,数组,替换,切割,查找)
- OpenCV2:Mat属性type,depth,step
- 《大型网站技术架构:核心原理与案例分析》读书笔记 - 网站的技术升级路线
- Apache POI生成Excel表格并下载的一些注意事项
- TopShelf配置
- 网站维护更换服务器的注意点
- 创建并部署自签名的 SSL 证书到 Nginx
- opengl 分析
- android从零单排之openFileOutput()使用
- Mybatis-异常-There is no getter for property named 'VARCHAR' in 'class com.xxx.xxxxx
- Linux找不到主机名解决办法
- docker registry v2 nginx
- Linux命令 du