ssh远程免密登录

百万拳去见

已于 2024-05-06 17:34:18 修改

阅读量325

点赞数 1

分类专栏： Linux 文章标签： ssh 运维 linux

于 2024-05-06 17:16:40 首次发布

本文链接：https://blog.csdn.net/SPNOS__WCY/article/details/138500111

版权

Linux 专栏收录该内容

2 篇文章 0 订阅

订阅专栏

ssh远程连接分为五个阶段

版本号协商阶段
密钥和算法协商阶段
认证阶段
会话请求阶段
交互会话阶段

而上图的SessionKey即是在阶段2：密钥和算法协商阶段，服务器端和客户端利用DH交换（Diffie-Hellman Exchange）算法、主机密钥对等参数，生成的会话密钥

远程免密登录需要在客户端生成一对密钥，将公钥上传至服务器，即可完成免密登录

准备

客户端：192.168.220.220
服务器：192.168.220.131

方法一

#客户端
[root@localhost ~]# ssh-keygen -t rsa -b 2048 -f /root/.ssh/id_rsa -P ""
#-t 生成密钥算法 -b 密钥大小 -f 生成文件路径 -P 密码
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:ZMk7stzSEooEsLPQj1HDwludO02dccu0gHQ5liCIo4g root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|.. ooo.oo++=o    |
|.o=.+.ooooB= o   |
|B.o=   +=. .+    |
|E+.+  oo..       |
|. o . o.S        |
| . . o * .       |
|  . . = o        |
|       o         |
|                 |
+----[SHA256]-----+
[root@localhost ~]# ll /root/.ssh/
total 16
-rw-------  1 root root 1831 May  6 17:07 id_rsa
-rw-r--r--  1 root root  408 May  6 17:07 id_rsa.pub
-rw-------. 1 root root 1686 Apr 18 11:48 known_hosts
-rw-------. 1 root root  940 Apr 18 11:48 known_hosts.old
[root@localhost ~]# scp /root/.ssh/id_rsa.pub 192.168.220.131:/root/.ssh/
root@192.168.220.131's password: 
id_rsa.pub                                                                                                                                                                      100%  408   854.8KB/s   00:00    
[root@localhost ~]# ssh 192.168.220.131

#服务端
[root@rhce ~]# cd /root/.ssh/
[root@rhce .ssh]# cat id_rsa.pub >> authorized_keys

#验证
[root@localhost ~]# ssh 192.168.220.131
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon May  6 16:31:16 2024 from 192.168.220.131

方法二

#方法二全在客户端上操作
[root@localhost .ssh]# ssh-keygen -t rsa -b 2048 -f /root/.ssh/id_rsa -P "" -q
#-t 生成密钥算法 -b 密钥大小 -f 生成文件路径 -P 密码 -q 没有反馈
[root@localhost .ssh]# ll
total 16
-rw-------  1 root root 1831 May  6 17:28 id_rsa
-rw-r--r--  1 root root  408 May  6 17:28 id_rsa.pub
-rw-------. 1 root root 1686 Apr 18 11:48 known_hosts
-rw-------. 1 root root  940 Apr 18 11:48 known_hosts.old
[root@localhost .ssh]# ssh-copy-id root@192.168.220.131
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.220.131's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.220.131'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost .ssh]# ssh 192.168.220.131
Activate the web console with: systemctl enable --now cockpit.socket

Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Mon May  6 17:09:54 2024 from 192.168.220.220