[root@alice ~]# ssh-keygen -t rsa
在跳板机上做公钥
alice@alice:~/.ssh$ pwd
ubuntu当前路径
/home/alice/.ssh
[root@alice .ssh]# vim config
Host alice1 别名
HostName clone.alice.com ip或主机名
User alice 目标服务器的用户
IdentityFile ~/.ssh/id_rsa
[root@alice .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub alice @ clone.alice.com
把公钥拷到服务器
报错:
alice@alice:~/.ssh$ ssh c1
sign_and_send_pubkey: signing failed: agent refused operation
alice @192.168.0.11’s password:
输密码才能连
alice@alice:~/.ssh$ ssh-add
输入这条命令解决
Identity added: /home/alice/.ssh/id_rsa (/home/alice/.ssh/id_rsa)
alice@alice:~/.ssh$ ssh-add -l
2048 SHA256:rVmVW2JRv8r71qAjLXr79FT6CFjAB+IIgsSReZK7Ds4 /home/alice/.ssh/id_rsa (RSA)
2048 SHA256:rVmVW2JRv8r71qAjLXr79FT6CFjAB+IIgsSReZK7Ds4 alice@alice (RSA)
alice@alice:~/.ssh$ ssh c1
Last login: Fri Oct 19 18:03:12 2018 from 192.168.0.108
[alice@c1 ~]$ exit
登出
报错:
alice@alice:~$ ssh 192.168.0.12
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:1ALtbFLqHDINz6I9E5vHm/IACjV4KYdlIMInpouCH38.
Please contact your system administrator.
Add correct host key in /home/alice/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/alice/.ssh/known_hosts:5
remove with:
ssh-keygen -f "/home/alice/.ssh/known_hosts" -R 192.168.0.12
ECDSA host key for 192.168.0.12 has changed and you have requested strict checking.
Host key verification failed.
根据提示解决:
alice@alice:~$ ssh-keygen -f "/home/alice/.ssh/known_hosts" -R 192.168.0.12
# Host 192.168.0.12 found: line 5
/home/alice/.ssh/known_hosts updated.
Original contents retained as /home/alice/.ssh/known_hosts.old
alice@alice:~$ ssh 192.168.0.12
ECDSA key fingerprint is SHA256:1ALtbFLqHDINz6I9E5vHm/IACjV4KYdlIMInpouCH38.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.12' (ECDSA) to the list of known hosts.
alice@192.168.0.12's password:
Last login: Fri Oct 19 18:10:39 2018``