认证的时候会在~/.ssh目录下寻找 id_rsa的公钥信息。
[root@hadoop1 .ssh]# ssh -v localhost
...
debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Trying private key: /root/.ssh/id_dsa
debug1: Trying private key: /root/.ssh/id_ecdsa
debug1: Next authentication method: password
root@localhost's password:
生成公私钥对信息。注意不用输入任何信息,直接回车。
[root@hadoop1 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1a:3a:24:d0:c1:6d:93:a1:9c:23:54:31:49:a2:c9:25 root@hadoop1
将公钥 id_rsa.pub内容写入到 authorized_keys 就是/etc/ssh/sshd_config 配置的默具指定的文件名
#authorized_keys 在~/.ssh目录下,没有就新建
cat id_rsa.pub >> authorized_keys
# 修改文件权限 (注:权限太高可能会秘密认证失败)
chmod 600 authorized_keys
多台机器免密配制时,每台机器的authorized_keys 里包括所有机器的公钥。
(1)三台机器的公钥都拷贝公钥到第一台机器,在每台机器上执行指令
ssh-copy-id node01
ssh-copy-id命令可以把本地主机的公钥复制到远程主机的authorized_keys文件上,ssh-copy-id命令也会给远程主机的用户主目录(home)和~/.ssh, 和~/.ssh/authorized_keys设置合适的权限。
语法
ssh-copy-id [-i [identity_file]] [user@]machine
选项
-i:指定公钥文件
实例
1、把本地的ssh公钥文件安装到远程主机对应的账户下:
ssh-copy-id user@server
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
e.g.
ssh-copy-id -i ~/.ssh/id_rsa.pub root@127.0.0.1
(2) 将第一台机器的authorized_key 拷贝到其他机器上,在第一台机器上执行指令
scp /root/.ssh/authorized_keys node02:/root/.ssh
scp /root/.ssh/authorized_keys node03:/root/.ssh
进入/etc/ssh 文件夹 编辑sshd_config 文件(sshd_config是ssh 服务端文件,ssh_config是客户端文件)
将一下注释放开
RSAAuthentication yes #私钥认证
PubkeyAuthentication yes #公钥认证
AuthorizedKeysFile .ssh/authorized_keys #认证的key存放的文件夹路径以及文件名称
重启ssh服务
sudo service sshd restart
验证成功
[root@hadoop1 .ssh]# ssh localhost
Last login: Sat Sep 7 07:04:24 2019 from localhost
Connection to localhost closed.
#root为205机器的用户名
ssh root@192.168.30.205
#ssh 到指定端口
ssh -p port user@ip