[系统运维] linux配置ssh单向免密登录

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 系统运维 -> linux配置ssh单向免密登录 -> 正文阅读

[系统运维]linux配置ssh单向免密登录

[userA@serverA ~]$ ssh-keygen -t rsa							#指定加密算法为rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/userA/.ssh/id_rsa):  #保存私钥文件的安全路径
Created directory '/home/userA/.ssh'.
Enter passphrase (empty for no passphrase): 					#密码可以为空
Enter same passphrase again: 
Your identification has been saved in /home/userA/.ssh/id_rsa.
Your public key has been saved in /home/userA/.ssh/id_rsa.pub.	#生成的公钥文件
The key fingerprint is:
b7:b7:2e:6c:28:c2:0c:b3:d9:03:a2:44:56:8f:a7:26 userA@serverA
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|   .             |
|  . o            |
| o . o           |
|o   o   S .      |
|.E+o     . .     |
|o.oX     o. .    |
|. o * . . +. .   |
|     o . . oo    |
+-----------------+
[userA@serverA ~]$

在userA的home目录下生成.ssh目录其中包括公钥文件（id_rsa.pub），所有内容如下：

[userA@serverA ~]$ ls -la .ssh
total 12
drwx------ 2 userA userA   57 Mar  2 12:04 .
drwx------ 3 userA userA  116 Mar  3 04:36 ..
-rw------- 1 userA userA 1679 Mar  2 12:03 id_rsa
-rw-r----- 1 userA userA  396 Mar  2 12:03 id_rsa.pub

3、传输密钥

方法一：（ssh-copy-id ）

使用ssh-copy-id命令，会根据userA@serverA的公钥文件“/home/userA/.ssh/id_rsa.pub”在userB@serverB的home目录下生成“/home/userB/.ssh/authorized_keys”文件，或在原有的authorized_keys文件中追加新的密钥

ssh-copy-id userB@serverB_IP

[userA@serverA ~]$ ssh-copy-id userB@10.120.120.100
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/userA/.ssh/id_rsa.pub"
The authenticity of host '10.120.120.100 (10.120.120.100)' can't be established.
RSA key fingerprint is SHA256:afq3Tt/sx7TKZksS2vRRGa/MY267gqZleZEvNfqrPA4.
RSA key fingerprint is MD5:d6:14:43:b8:0d:b6:ed:b0:71:7d:9b:00:e0:26:2a:7b.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
userB@10.120.120.100's password: 		#输入userB密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'userB@10.120.120.100'"
and check to make sure that only the key(s) you wanted were added.

[userA@serverA ~]$

方法二：（ssh）

在userB@serverB用户的authorized_keys文件中追加userA@serverA用户的公钥文件内容

#可以在ssh后接-p参数指定端口号
cat ~/.ssh/id_rsa.pub|ssh -p 22 userB@serverB_IP 'cat>>~/.ssh/authorized_keys'

示例：

[userA@serverA ~]$ cat ~/.ssh/id_rsa.pub|ssh -p 22 userB@10.120.120.100 'cat>>~/.ssh/authorized_keys'
cat: /home/userB/.ssh/id_rsa.pub: No such file or directory
The authenticity of host '10.120.120.100 (10.120.120.100)' can't be established.
RSA key fingerprint is d6:14:43:b8:0d:b6:ed:b0:71:7d:9b:00:e0:26:2a:7b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.120.120.100' (RSA) to the list of known hosts.
userB@10.120.120.100's password:
[userA@serverA ~]$

方法三：（scp）

笨方法，使用scp将密钥文件传输到userB@serverB的（home）目录下，在手动写入~/.ssh/authorized_keys文件中

[userA@serverA ~]$ scp -P 22 ~/.ssh/id_rsa.pub userB@serverB:~/

登录userB@serverB

[userB@serverB ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys

注意：使用该命令传输公钥文件如果userB@serverB用户的（home）目录下之前存在”.ssh/authorized_keys“文件会将其覆盖，一定要确认好userB@serverB用户home目录下是否存在该文件。

4、免密登录：

[userA@serverA ~]$ ssh userB@10.120.120.100
Last login: Thu Mar  3 18:45:37 2022 from 10.120.120.99
[userB@serverB ~]$

系统运维最新文章

配置小型公司网络WLAN基本业务（AC通过三层

如何用DWDM射频光纤技术实现200公里外的站点

国内顺畅下载k8s.gcr.io的镜像

自动化测试appium

ctfshow ssrf

Linux操作系统学习之实用指令（Centos7/8均

加:2022-03-12 18:00:11 更:2022-03-12 18:04:11

360图书馆购物三丰科技阅读网日历万年历 2024年11日历

-2024/11/16 1:32:57-

图片自动播放器
↓图片自动播放器↓

TxT小说阅读器
↓语音阅读,小说下载,古典文学↓

一键清除垃圾
↓轻轻一点,清除系统垃圾↓

图片批量下载器
↓批量下载图片,美女图库↓

网站联系: qq:121756557 email:121756557@qq.com IT数码