1.准备工作
准备2台服务器root→root(ip配置如图):
A:192.168.1.204:
B:192.168.1.132
2.生成密钥对
在192.168.1.204上使用root用户生成密钥对,密钥对会在用户的家目录下。执行ssh-keygen -t rsa
,
注意箭头提示:三次都什么都不用输按Enter键
进入下一步。
[root@firewall .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pMhduBcu75fB4XaHX76MpyDS3cEHUUfkL+UloXKkerY root@firewall
The key's randomart image is:
+---[RSA 2048]----+
| ..o++|
| . o ..o.|
| . + o o.. +|
| . o * o.o. .+o|
| o = Soo. +..o|
| +.o*.+ +..|
| ..+E* + o |
| .. + . +..|
| .. ooo.|
+----[SHA256]-----+
你可以进一步查看其权限
不建议修改密钥文件的权限,不然会导致密钥失效!
3.上传公钥到对方的服务器
上传公钥到对方的服务器,要求对方的服务器运行root用户登录。执行ssh-copy-id -i id_rsa.pub root@192.168.1.132
[root@firewall .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.1.132
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.132's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.1.132'"
and check to make sure that only the key(s) you wanted were added.
如图即成功添加!
4.验证
验证登录是否需要密码。执行上述提示的命令。ssh 'root@192.168.1.132'
[root@firewall .ssh]# ssh 'root@192.168.1.132'
Last failed login: Sat Mar 11 08:10:04 EST 2023 from 192.168.1.204 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sat Mar 11 04:00:31 2023 from 192.168.1.45
[root@docker1 ~]# exit
登出
即成功建立了一种“信任关系”,不过目前只是单向信任关系!
5.建立双向的免密通道
想要完成真正的免密通道,即“双向信任关系”。需要在第二台服务器上对第一台同样的操作。所以不再赘述,直接上代码了。
[root@docker1 .ssh]# ssh 'root@192.168.1.204'
root@192.168.1.204's password:
Last login: Sat Mar 11 18:07:58 2023 from 192.168.1.132
[root@firewall ~]# exit
logout
Connection to 192.168.1.204 closed.
[root@docker1 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RDFLfPW4UcgGCjyZhR5lYIkZ+40kcQpgZkpu1BnPzFk root@docker1
The key's randomart image is:
+---[RSA 2048]----+
|.Bo.===EO..+... |
|O +B*@=.+. ++ |
|.o +B.o+. .o . |
|. +.+ o |
| o S . |
| |
| |
| |
| |
+----[SHA256]-----+
[root@docker1 .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.1.204
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.204's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.1.204'"
and check to make sure that only the key(s) you wanted were added.
[root@docker1 .ssh]# ssh 'root@192.168.1.204'
Last login: Sat Mar 11 21:22:22 2023 from 192.168.1.132
[root@firewall ~]# exit
logout
Connection to 192.168.1.204 closed.
6.总结
完成以上步骤后,不管是互相登录或者是传输文件,都不用每次输入密码了,大大提高了工作效率!
比如传输文件就可以执行scp相关语句:
[root@firewall .ssh]# scp 'root@192.168.1.132':/etc/passwd .
passwd 100% 1217 561.0KB/s 00:00