实现两台linux主机之间通过公钥验证能够互相实现免密登陆

环境准备

两台虚拟机都开启并且关闭防火墙和seliunx

[root@server ~]# systemctl status sshd #查看sshd的状态
● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor pres>
     Active: active (running) since Mon 2023-10-30 09:53:35 CST; 1min 50s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 923 (sshd)
      Tasks: 1 (limit: 11985)
     Memory: 5.9M
        CPU: 95ms
     CGroup: /system.slice/sshd.service
             └─923 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

[root@server ~]# systemctl  status firewalld #查看防火墙是否关闭
○ firewalld.service - firewalld - dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendo>
     Active: inactive (dead)
       Docs: man:firewalld(1)
[root@server ~]# setenforce 0  #关闭senlinux
 

第一步

定位客户端制作公私钥对

[root@Node1 ~]# ssh-keygen -t rsa 

第二步

定位客户端，将公钥上传到服务器端

[root@Node1 ~]# ssh-copy-id root@192.168.20.133

其中要在交互中输入一次yes

# 注意：客户端将公钥上传到服务器端后，服务器端的/root/.ssh/authorized_keys文件会存储客户端的公钥数据

第三步

[root@Node1 ~]# ssh root@192.168.20.133
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon Oct 30 09:53:37 2023 from 192.168.20.1
[root@server ~]# 

可以进行免密登录

第四步

因为是互相免密登录所以我们在server端也要进行一次同样的操纵

[root@server ~]# ssh-copy-id root@192.168.20.141
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.20.141 (192.168.20.141)' can't be established.
ED25519 key fingerprint is SHA256:QFpceWlQI0u+6CqzX/HFRt1EzZB868vU3Qy+d7rPwQ4.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.20.141's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.20.141'"
and check to make sure that only the key(s) you wanted were added.

[root@server ~]# ssh root@192.168.20.141
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon Oct 30 09:53:41 2023 from 192.168.20.1

总结

其实就是两步，在自己的机子上生成公私钥对之后把公钥通过·ssh-copy-id·传给服务端，这样就建立了联系