1、在服务器A上生成一对密钥
[root@server-1 ~]# ssh-keygen
Generating public/private rsa key pair.
# 生成的密钥对默认保存的位置
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:y8NF/DbgK9m1S+JahBVlGSIP7qXGlFo0Cgk79i18SUA root@server-1
The key's randomart image is:
+---[RSA 2048]----+
| .oE. = o.+o |
| ..o + B +. |
| + o = B |
| . + o B B o |
| + = S + = |
| o + * + o |
| B = o |
| = o . |
| ... . |
+----[SHA256]-----+
[root@server-1 ~]# ls /root/.ssh/
id_rsa id_rsa.pub known_hosts
id_rsa.pub 生成的公钥文件
id_rsa 生成的私钥文件
known_hosts 首次远程登录其他服务器保存的远程服务器的公钥
2、将公钥拷贝给另一个服务器
[root@server-1 ~]# ssh-copy-id 192.168.1.102
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.102 (192.168.1.102)' can't be established.
ECDSA key fingerprint is SHA256:FOjAVNiEZDE1Fsyc2IlnrjfC1G4Z3UpWthHVqBki5uo.
ECDSA key fingerprint is MD5:bb:7a:73:a8:f7:ab:52:eb:ab:cc:b6:93:39:f4:11:56.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.102's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.1.102'"
and check to make sure that only the key(s) you wanted were added.
[root@server-1 ~]# ssh 192.168.1.102
Last login: Thu Mar 21 20:59:38 2024 from bogon
# 查看第二台服务器中保存的公钥信息
[root@bogon ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBMsxREekrxcAtfJzbJmRi373Qsm/Y6MIsaVg9iiUudmV7Z5WKiqyHiamu/e1/2aBRNcVy0LYeJxPhpkCPBgke34Cah7z7JqLeMLOByatCl6EvIibnIQhWytkGqE5zsPE6kcuxY+J+HysLwDrOfv1CMw/I/gJLJ3QiViF1Lmt2fQEQ7CnWtEBv038aJ8ieiuzxcpIUHEsJu6GYjF+BAOwiZ7WvnQxHUKrkv7aPhLBf/kNc72qGGkviFYAw3FBBHvOyaO69SoBmjM4fejhnwypTCyn7nbWirlDz8OWWiUvEFGdxLtCs0AiZ/2m0twYzZFQRJJymAbOmEJpn4iQF7/Gd root@server-1