linux配置ssh单向免密登录
用户投稿 学习笔记 20阅读
目录 1、检查端口:2、生成密钥:3、传输密钥方法一:(ssh-copy-id )方法二:(ssh)方法三:(scp) 4、免密登录: 环境:
服务器:用户:IP:servserAuserA10.120.120.11servserBuserB10.120.120.100
目标: 需要在serverA服务器通过userA用户免密登录serverB服务器的userB用户
1、检查端口:首先检查一下两台服务器ip能否ping通
ping serverB_IP检查ssh端口是否互通,(SSH默认端口:22)
#-v显示输出,-z测试端口,-w超时时间(默认秒)nc -vz -w10 serverB_IP 22或
#telnet serverB_IP 22就可以,但是不能自动退出,需要先执行(CTRL+])再执行quit退出telnet。#命令前面加echo "" | 连接成功并退出:echo "" | telnet serverB_IP 22 nc连接成功输出如下: # nc -vz -w10 10.120.120.100 22Ncat: Version 7.50 ( https://nmap.org/ncat )Ncat: Connected to 10.120.120.100:22.Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds. telnet连接成功输入如下: # echo "" | telnet 10.120.120.100 22Trying 10.120.120.100...Connected to 10.120.120.100.Escape character is '^]'.Connection closed by foreign host.若没有nc或者工具,可以使用yum安装:
yum install nc.x86_64 yum install telnet.x86_64 2、生成密钥:在serverA上生成userA密钥,这里演示的是rsa加密算法,也可以使用dsa加密算法。
ssh-keygen -t rsa [userA@serverA ~]$ ssh-keygen -t rsa#指定加密算法为rsaGenerating public/private rsa key pair.Enter file in which to save the key (/home/userA/.ssh/id_rsa): #保存私钥文件的安全路径Created directory '/home/userA/.ssh'.Enter passphrase (empty for no passphrase): #密码可以为空Enter same passphrase again: Your identification has been saved in /home/userA/.ssh/id_rsa.Your public key has been saved in /home/userA/.ssh/id_rsa.pub.#生成的公钥文件The key fingerprint is:b7:b7:2e:6c:28:c2:0c:b3:d9:03:a2:44:56:8f:a7:26 userA@serverAThe key's randomart image is:+--[ RSA 2048]----+| || . || . o || o . o ||o o S . ||.E+o . . ||o.oX o. . ||. o * . . +. . || o . . oo |+-----------------+[userA@serverA ~]$在userA的home目录下生成.ssh目录其中包括公钥文件(id_rsa.pub),所有内容如下:
[userA@serverA ~]$ ls -la .sshtotal 12drwx------ 2 userA userA 57 Mar 2 12:04 .drwx------ 3 userA userA 116 Mar 3 04:36 ..-rw------- 1 userA userA 1679 Mar 2 12:03 id_rsa-rw-r----- 1 userA userA 396 Mar 2 12:03 id_rsa.pub 3、传输密钥 方法一:(ssh-copy-id )使用ssh-copy-id命令,会根据userA@serverA的公钥文件“/home/userA/.ssh/id_rsa.pub”在userB@serverB的home目录下生成“/home/userB/.ssh/authorized_keys”文件,或在原有的authorized_keys文件中追加新的密钥
ssh-copy-id userB@serverB_IP [userA@serverA ~]$ ssh-copy-id userB@10.120.120.100/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/userA/.ssh/id_rsa.pub"The authenticity of host '10.120.120.100 (10.120.120.100)' can't be established.RSA key fingerprint is SHA256:afq3Tt/sx7TKZksS2vRRGa/MY267gqZleZEvNfqrPA4.RSA key fingerprint is MD5:d6:14:43:b8:0d:b6:ed:b0:71:7d:9b:00:e0:26:2a:7b.Are you sure you want to continue connecting (yes/no)? yes/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysuserB@10.120.120.100's password: #输入userB密码Number of key(s) added: 1Now try logging into the machine, with: "ssh 'userB@10.120.120.100'"and check to make sure that only the key(s) you wanted were added.[userA@serverA ~]$ 方法二:(ssh)在userB@serverB用户的authorized_keys文件中追加userA@serverA用户的公钥文件内容
#可以在ssh后接-p参数指定端口号cat ~/.ssh/id_rsa.pub|ssh -p 22 userB@serverB_IP 'cat>>~/.ssh/authorized_keys'示例:
[userA@serverA ~]$ cat ~/.ssh/id_rsa.pub|ssh -p 22 userB@10.120.120.100 'cat>>~/.ssh/authorized_keys'cat: /home/userB/.ssh/id_rsa.pub: No such file or directoryThe authenticity of host '10.120.120.100 (10.120.120.100)' can't be established.RSA key fingerprint is d6:14:43:b8:0d:b6:ed:b0:71:7d:9b:00:e0:26:2a:7b.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '10.120.120.100' (RSA) to the list of known hosts.userB@10.120.120.100's password:[userA@serverA ~]$ 方法三:(scp)笨方法,使用scp将密钥文件传输到userB@serverB的(home)目录下,在手动写入~/.ssh/authorized_keys文件中
[userA@serverA ~]$ scp -P 22 ~/.ssh/id_rsa.pub userB@serverB:~/登录userB@serverB
[userB@serverB ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys注意:使用该命令传输公钥文件如果userB@serverB用户的(home)目录下之前存在”.ssh/authorized_keys“文件会将其覆盖,一定要确认好userB@serverB用户home目录下是否存在该文件。
4、免密登录: [userA@serverA ~]$ ssh userB@10.120.120.100Last login: Thu Mar 3 18:45:37 2022 from 10.120.120.99[userB@serverB ~]$标签: