SSH免密登陆-白红宇

SSH免密登陆

阅读量：4992 次

发布时间：2019-06-12

本文共 4974 字，大约阅读时间需要 16 分钟。

SSH远程免密登录

环境：两台centos虚拟机，一台为192.168.134.129（用作远程主机），另一台为192.168.134.130.

首先查看一下两台linux的ip地址：

[root@promote ~]# ifconfigens33: flags=4163
    
       mtu 1500        inet 192.168.134.129  netmask 255.255.255.0  broadcast 192.168.134.255        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20
             ether 00:0c:29:eb:2d:01  txqueuelen 1000  (Ethernet)        RX packets 145  bytes 18326 (17.8 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 144  bytes 23724 (23.1 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73
     
        mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10
      
               loop  txqueuelen 1000  (Local Loopback)        RX packets 64  bytes 5696 (5.5 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 64  bytes 5696 (5.5 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

再来看一下另外一台：

[root@machine1 ~]# ifconfigens33: flags=4163
    
       mtu 1500        inet 192.168.134.130  netmask 255.255.255.0  broadcast 192.168.134.255        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20
             inet6 fe80::134a:dd7d:6b15:96ea  prefixlen 64  scopeid 0x20
             ether 00:0c:29:42:f7:1d  txqueuelen 1000  (Ethernet)        RX packets 127  bytes 15748 (15.3 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 134  bytes 21258 (20.7 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73
     
        mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10
      
               loop  txqueuelen 1000  (Local Loopback)        RX packets 64  bytes 5696 (5.5 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 64  bytes 5696 (5.5 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

先在192.168.134.130上远程登录192.168.134.129试试。

[root@machine1 ~]# ssh 192.168.134.129The authenticity of host '192.168.134.129 (192.168.134.129)' can't be established.ECDSA key fingerprint is SHA256:JqAC8jcLCLobvRy0wzY9VGBNuZU3EydpO8n2fEtQ178.ECDSA key fingerprint is MD5:5d:26:a1:60:c3:eb:02:e9:97:7a:bb:7a:49:8a:14:0b.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '192.168.134.129' (ECDSA) to the list of known hosts.root@192.168.134.129's password:

发现是要输入密码才可以登录的。

现在来实现免密登陆。

首先在192.168.134.130上生成公钥。

[root@machine1 ~]# ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:pRHW15F3aA7esrPe39CEchPqzPCKAIKd/+4liaigyzo root@machine1The key's randomart image is:+---[RSA 2048]----+|        o.   ..+ ||       . .. o = o||        . .o =...|| o .     +  o.oo ||. + .   S . oo+ .||   + o .   *oo + ||. . o + .   =o. .||E.   . + . ... ..||*+   o+ . ... ..o|+----[SHA256]-----+

接着将此公钥发送到远程主机192.168.134.129。

[root@machine1 ~]# ssh-copy-id 192.168.134.129/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.134.129's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh '192.168.134.129'"and check to make sure that only the key(s) you wanted were added.

传送完成之后，到远程主机192.168.134.129上修改ssh的配置文件/etc/ssh/sshd_config.

修改以下两条：PubkeyAuthentication yes和PasswordAuthentication no,即密钥登陆改为yes，密码登陆改为no.

接着重启一下sshd服务

[root@machine1 ~]# systemctl restart sshd

然后到192.168.134.130上远程免密登录192.168.134.129试试。

[root@machine1 ~]# ssh 192.168.134.129Last login: Thu Jul 12 00:01:07 2018 from 192.168.134.1[root@promote ~]# ifconfigens33: flags=4163
    
       mtu 1500        inet 192.168.134.129  netmask 255.255.255.0  broadcast 192.168.134.255        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20
             ether 00:0c:29:eb:2d:01  txqueuelen 1000  (Ethernet)        RX packets 1927  bytes 207095 (202.2 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 1693  bytes 174581 (170.4 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73
     
        mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10
      
               loop  txqueuelen 1000  (Local Loopback)        RX packets 64  bytes 5696 (5.5 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 64  bytes 5696 (5.5 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

免密登录成功！

转载于:https://www.cnblogs.com/Timesi/p/9282653.html

你可能感兴趣的文章

【投票】你心目中的Excel催化剂价值有多大（附主流国内外收费插件供参考）？...

查看>>

算法复习——半平面交（bzoj2618凸多边形）

查看>>

关于在Intellij Idea中使用JSTL标签库报错的问题

查看>>

如何用自己电脑做服务器，绑定域名建一个个人网站

查看>>

.ds_store是什么文件