站长资讯网
最全最丰富的资讯网站

RHEL7.4下实现SSH免密码登录

ssh是记录你密码信息的, 没有登录过root (或是没有执行过ssh-keygen命令),是没有.ssh 文件夹的

需求:当你需要访问一台linux服务器或两台服务器互相免密访问时,ssh keys这时需要,创建办法是当前主机上执行命令:

ssh-keygen  或  ssh-keygen -t rsa  或 ssh-keygen -t dsa

AB机器,如果A访问B免密,就把A的公钥给B,反之亦然

执行后会在当前用户登录目录下生成.ssh目录和两个文件

RHEL7.4下实现SSH免密码登录

使用ssh-keygen生成私钥和公钥

命令如下:

ssh-keygen -t rsa

参数 -t rsa 表示使用rsa算法进行加密,执行后,会在/root当前用户/.ssh目录下找到id_rsa(私钥)和id_rsa.pub(公钥)

也可以使用 dsa 加密算法进行加密,命令如下:

ssh-keygen -t dsa

id_rsa.pub里是公钥,如果需要登录到远程主机,需要到远程主机/root/root/.ssh目录下,新建authorized_keys文件,并将id_rsa.pub里的内容复制进去:

# touch /root/.ssh/authorized_keys

这个操作看要不要登录到远程的机器上,如果需要,就添加,不需要,可以不建。

注意:新建后,需要更改authorized_keys文件的用户权限,不然文件无法生效,ssh公钥生效需满足至少下面两个条件:  1、 .ssh目录的权限必须是700  2 、.ssh/authorized_keys文件权限必须是600

执行下面命令

chmod 600 ~/.ssh/authorized_keys

RHEL7.4下实现SSH免密码登录

远程免密登录

常用以下几种方法:

3台rhel7.4

HOSTNAME IP ROLE
server1 192.168.2.3 Master
server2 192.168.2.5 Slave1
server3 192.168.2.10 Slave2

2.1 通过ssh-copy-id的方式:

命令: ssh-copy-id -i ~/.ssh/id_rsa.pub <romte_ip>

举例:

root用户登录远程root用户(第一次需要密码登录)  [root@linuxidc ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.2.5  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"  /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed  /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys  root@192.168.2.5's password:   Number of key(s) added: 1  Now try logging into the machine, with:   "ssh '192.168.2.2'"  and check to make sure that only the key(s) you wanted were added.  [root@linuxidc ~]#   [root@linuxidc ~]# ssh root@192.168.2.5  Last login: Thu Nov 15 16:23:42 2018 from 192.168.2.3  [root@D ~]#    常见错误:  [root@test ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.2.5  -bash: ssh-copy-id: command not found //提示命令不存在  解决办法:yum -y install openssh-clients      root用户远程非root用户(普通用户),第一次需要密码登录  [root@linuxidcjustyumserver ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub test@192.168.2.2  /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"  /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed  /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys  test@192.168.2.2's password:     Number of key(s) added: 1    Now try logging into the machine, with:   "ssh 'Oracle@192.168.2.2'"  and check to make sure that only the key(s) you wanted were added.

2.2、通过scp将内容写到对方的文件中

命令:scp -p ~/.ssh/id_rsa.pub root@<remote_ip>:/root/.ssh/authorized_keys

举例:

# scp -p ~/.ssh/id_rsa.pub root@192.168.2.5:/root/.ssh/authorized_keys  #root@10.40.34.183's password:   id_rsa.pub   # ssh root@192.168.2.5  Last login: Thu Nov 15 16:54:59 2018 from 192.168.2.3

也可以分为两步操作:

# scp ~/.ssh/id_rsa.pub root@<remote_ip>:pub_key //将文件拷贝至远程服务器  # cat ~/pub_key >>~/.ssh/authorized_keys //将内容追加到authorized_keys文件中, 不过要登录远程服务器来执行这条命令

2.3、每台服务器下都输入命令 ssh-keygen -t rsa,生成 key,一律不输入密码,直接回车,/root 就会生成 .ssh 文件夹。

在 Master 服务器下,合并公钥到 authorized_keys 文件,进入 /root/.ssh 目录,通过 SSH 命令合并:

[root@linuxidc ~]# cd /root/.ssh/ [root@linuxidc .ssh]# cat id_rsa.pub  >> authorized_keys [root@linuxidc .ssh]# ssh root@192.168.2.10 cat ~/.ssh/id_rsa.pub>> authorized_keys 这里的id_rsa.pub是slave服务器的,合并到Mastere服务器的文件中

把 Master 服务器的 authorized_keys复制到 Slave 服务器的 `/root/.ssh 目录

[root@linuxidc.ssh]# scp authorized_keys root@192.168.2.10:/root/.ssh/

完成,ssh root@192.168.2.10 就不需要输入密码登录了

赞(0)
分享到: 更多 (0)
网站地图   沪ICP备18035694号-2    沪公网安备31011702889846号