Centos 7 做ssh免密登录
一、准备阶段
1、两台Centos系统,并已经安装了ssh
jerry7-11 10.4.7.11
jerry7-12 10.4.7.12
2、关闭防火墙,如果防火墙开启,将端口加入到防火墙规则中。
二、操作步骤
1、 22端口修改
可以修改ssh的22端口,或者不改 vim /etc/ssh/sshd_config,找到如下部分
#Port 22
将#去除,22改为想要的端口号。然后重启sshd服务
systemctl restart sshd
使用netstat -tlunp | grep sshd查看端口号
2、单向免密登录
jerry7-11使用ssh远程jerry7-12不需要密码,反之需要密码
在jerry7-11上使用ssh-keygen生成公钥和私钥(这里使用默认的rsa),一路默认即可
[root@ jerry7-11 ~]# ssh-keygen -t rsa //默认指定算法的是rsa,可以没有-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
//保存私钥的路径默认/root/.ssh/id_rsa,可以指定生成地址
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): //密码
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa. 生成私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. 生成公钥
The key fingerprint is:
SHA256:PXTg9KW4P582PWJMEwUstPfyXk6NWdrB518yCORbisc root@hdss7-11
The key's randomart image is:
+---[RSA 2048]----+
| +...o |
| o =.+ . |
| =.=.. |
| = o..o |
| S * ...+o|
| o B +oB+|
| . E * BoB|
| . *+B=|
| ..+o+|
+----[SHA256]-----+
[root@ jerry7-11 ~]#
在没有指定生成地址时,会默认生成到家目录下的.ssh/目录下。使用rsa就会生成id_rsa和id_rsa.pub两个文件,如果使用的是dsa则生成的是id_dsa和id_dsa.pub两个文件。
[root@ jerry7-11 ~]# ll /root/.ssh/
-rw-------. 1 root root 1679 9月 16 14:53 id_rsa
-rw-r--r--. 1 root root 395 9月 16 14:53 id_rsa.pub
接着使用命令ssh-copy-id命令将本机生成的公钥发给jerry7-12被远程的服务器
[root@ jerry7-11 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub -p22 root@10.4.7.12
//-p是指你要发送对方的端口号
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.4.7.12 (10.4.7.12)' can't be established.
ECDSA key fingerprint is SHA256:iGP1Ez7V8/O5JAgo9FJ5GZ20TMU9l/dEVQkpRQrPO58.
ECDSA key fingerprint is MD5:d9:7f:07:c6:a7:77:8f:56:32:bc:69:83:cb:17:a6:c2.
Are you sure you want to continue connecting (yes/no)? yes //yes继续
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.4.7.12's password: //输入jerry7-12服务器上的root用户的密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '22' 'root@10.4.7.12'"
and check to make sure that only the key(s) you wanted were added.
[root@ jerry7-11 ~]#
公钥传完后在本地.ssh/ 下生成known_hosts文件
[root@jerry7-11 ~]# ll /root/.ssh/
-rw-------. 1 root root 1679 9月 16 14:53 id_rsa
-rw-r--r--. 1 root root 395 9月 16 14:53 id_rsa.pub
-rw-r--r--. 1 root root 171 9月 16 15:02 known_hosts
而在jerry7-12 服务器的root用户的家目录下生成.ssh目录,并含有authorized_keys文件。
[root@jerry7-12 .ssh]# ll /root/.ssh/
-rw------- 1 root root 395 9月 16 15:02 authorized_keys
测试:在hdss7-11测试ssh jerry7-12
[root@jerry7-11~]# ssh root@10.4.7.12 -p 22
Last login: Wed Sep 16 12:59:08 2020 from 10.4.7.1
[root@jerry7-12 ~]#
3、双向免密登录
双向免密就是互换公钥即可,这里接着上面把jerry7-12 的公钥发送到jerry7-11 上,并进行测试。
jerry7-12 :
[root@jerry7-12 .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:0N5SHnrZtgCwqcXd+W1waUrPpKaZN864xfKVp8LWiqU root@hdss7-12
The key's randomart image is:
+---[RSA 2048]----+
| . |
| . * . . . |
| * + = o = |
| o o * * @ |
| . S * B = |
| o O o . |
| =.B.o .|
| %+o.o |
| Eo=o. |
+----[SHA256]-----+[root@jerry7-12 .ssh]# cd /root/.ssh/
[root@jerry7-12 .ssh]# ll
-rw------- 1 root root 395 9月 16 15:02 authorized_keys
-rw------- 1 root root 1679 9月 16 15:21 id_rsa
-rw-r--r-- 1 root root 395 9月 16 15:21 id_rsa.pub[root@jerry7-12 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub -p22 root@10.4.7.11
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.4.7.11 (10.4.7.11)' can't be established.
ECDSA key fingerprint is SHA256:iGP1Ez7V8/O5JAgo9FJ5GZ20TMU9l/dEVQkpRQrPO58.
ECDSA key fingerprint is MD5:d9:7f:07:c6:a7:77:8f:56:32:bc:69:83:cb:17:a6:c2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.4.7.11's password:Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '22' 'root@10.4.7.11'"
and check to make sure that only the key(s) you wanted were added.
jerry7-11 :
[root@jerry7-12 ~]# ll /root/.ssh/
-rw------- 1 root root 395 9月 16 15:02 authorized_keys
-rw------- 1 root root 1679 9月 16 15:21 id_rsa
-rw-r--r-- 1 root root 395 9月 16 15:21 id_rsa.pub
-rw-r--r-- 1 root root 171 9月 16 15:22 known_hosts
jerry7-12 :
[root@jerry7-12 .ssh]# ssh 10.4.7.11 -p 22
Last login: Wed Sep 16 12:59:07 2020 from 10.4.7.1
[root@jerry7-11 ~]#
相关文章
- Docker-为镜像添加SSH服务
- CentOS配置ssh无密码登录
- 用了一天的时间,linux下expect实现ssh自己主动登录server记,歧视下网上各种抄来抄去残段子
- Linux ssh协议
- CentOS报错:Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&i
- 使用 chroot 监狱限制 SSH 用户访问指定目录
- ant使用ssh和linux交互 如:上传文件
- SSH
- jenkins学习笔记第十六篇 Jenkins·配置 Publish Over SSH 插件——访问远程服务器
- 阿里云 ssh 登陆请使用(公)ip
- 3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id
- 《jQuery EasyUI开发指南》——1.8 搭建SSH开发框架
- 《树莓派开发实战(第2版)》——2.7 利用SSH远程控制树莓派
- SSH框架测试
- 一款比较好用的 ssh、 ftp 服务的客户端软件 —— NxShell
- SSH的相关原理(转)
- socat管理haproxy配置 ssh-keygen -N '' -t rsa -q -b 2048
- 在SSH中增加JUNIT4单元测试
- 用SSH访问内网主机的方法
- 如何在CentOS/RHEL上设置SSH免密码登录