假设客户机名sy1,IP为ip1.用户名user;服务器名sy2.IP为ip2.用户名user
在sy1上输入:
ssh-keygen -t rsa
然后弹出一些问题,一路回车。然后输入:
scp ~/.ssh/id_rsa.pub user@ip2:/home/user/.ssh/ip2
输入sy2上user的密码,拷贝完成。
在sy2上,输入:
cat ~/.ssh/ip2 >> ~/.ssh/authorized_keys
(以上步骤也可用ssh-copy-id命令:ssh-copy-id user@ip2 ,不过少了一个授权文件的备份ip2)
在ubuntu10.04里,相关文件和目录的权限都不需要改。
但是会有另外一个问题就是sy2返回Agent admitted failure to sign using the key错误,
简单处理方法就是在sy1上执行两个命令:
ssh-agent ssh-add id_rsa
然后就可以实现无密码登录了。
下面为测试实验具体.
---------------------------------------------------------------------------------------------------------------------------
测试实验环境: Centos
测试一: 10.16.MM.AA是否能无密登录10.16.MM.BB:用户名为ew69
/etc/hosts文件配置
# Do not remove the following line, or various programs # that require network functionality will fail. #127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 10.16.MM.AA SCLABHADOOP01 10.16.MM.BB SCLABHADOOPVM01 10.16.MM.CC SCLABHADOOPVM02
1. 10.16.MM.AA操作
-bash-3.2$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ew69/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ew69/.ssh/id_rsa.
Your public key has been saved in /home/ew69/.ssh/id_rsa.pub.
The key fingerprint is:
ff:c9:3d:41:d1:1e:a9:18:dc:be:e1:ae:61:56:c2:fe ew69@SCLABHADOOP01
-bash-3.2$ scp ~/.ssh/id_rsa.pub ew69@SCLABHADOOPVM01:/home/ew69/.ssh/10.16.MM.BB
ew69@sclabhadoopvm01's password:
id_rsa.pub 100% 400 0.4KB/s 00:00
2. 登录10.16.MM.BB操作:
bash-3.2$ ssh ew69@SCLABHADOOPVM01
ew69@sclabhadoopvm01's password:
Last login: Fri May 18 13:10:04 2012 from 10.16.MM.AA
[ew69@SCLABHADOOPVM01 ~]$ cat ~/.ssh/10.16.MM.BB >> ~/.ssh/authorized_keys
[ew69@SCLABHADOOPVM01 ~]$
3. 在10.16.MM.AA验证是否能无密登录10.16.MM.BB:
-bash-3.2$ ssh SCLABHADOOPVM01
Last login: Fri May 18 17:15:07 2012 from 10.16.MM.AA
[ew69@SCLABHADOOPVM01 ~]$
测试二: 10.16.MM.AA是否能无密登录10.16.MM.CC:用户名为ew69
(同事保持测试一中能无密登录)
1. 10.16.MM.AA操作
-bash-3.2$ scp ~/.ssh/id_rsa.pub ew69@SCLABHADOOPVM02:/home/ew69/.ssh/10.16.MM.CC
ew69@sclabhadoopvm01's password:
id_rsa.pub 100% 400 0.4KB/s 00:00
2. 登录10.16.MM.BB操作:
bash-3.2$ ssh ew69@SCLABHADOOPVM0B2
ew69@sclabhadoopvm02's password:
Last login: Fri May 18 13:10:04 2012 from 10.16.MM.AA
[ew69@SCLABHADOOPVM01 ~]$ cat ~/.ssh/10.16.MM.CC >> ~/.ssh/authorized_keys
[ew69@SCLABHADOOPVM01 ~]$
3. 在10.16.MM.AA验证是否能无密登录10.16.MM.CC:
-bash-3.2$ ssh SCLABHADOOPVM02
Last login: Fri May 18 17:15:07 2012 from 10.16.MM.AA
[ew69@SCLABHADOOPVM01 ~]$
4. 在10.16.MM.AA验证是否能无密登录10.16.MM.BB(测试一已经完成)
-bash-3.2$ ssh SCLABHADOOPVM01
Last login: Fri May 18 17:15:07 2012 from 10.16.MM.AA
[ew69@SCLABHADOOPVM02 ~]$
特别注意:
每个用户下的~/.ssh/authorized_keys 的权限必须只有用户自己有w权限, 其他用户不能有w权限,一般配置authorized_keys的权限为600, 否则ssh无密登录会不成功.
这个也是为了安全的考虑!