openssh免密登录

Zzss3167717

已于 2022-12-22 20:40:09 修改

阅读量742

点赞数

文章标签： linux

于 2022-12-22 18:19:51 首次发布

本文链接：https://blog.csdn.net/Zzss3167717/article/details/128410019

版权

openssh免密登录配置

文章目录

openssh免密登录配置

1.openssh简介

OpenSSH这一术语指系统中使用的Secure Shell软件的软件实施。用于在远程系统上安全运行shell。如果您在可提供ssh服务的远程Linux系统中拥有用户帐户，则ssh是通常用来远程登录到该系统的命令。ssh命令也可用于在远程系统中运行命令。

常见的远程登录工具有：

telnet //23/TCP
ssh //22/TCP 更安全需要认证，通信过程、用户认证、数据传输加密
dropbear //嵌入式系统一般运用在手机系统

1.1认证方式

ssh有两种认证方式：

口令认证 //密码认证，可以被别人获取到密码
密钥认证 //加密，获取到密钥后无法解密

2.配置

一般情况下sshd服务都是开启的；
通过systemctl status sshd 查看服务状态；

[root@zsr ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2022-12-22 15:56:49 CST; 2h 0min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 977 (sshd)
    Tasks: 1 (limit: 4766)
   Memory: 5.8M
   CGroup: /system.slice/sshd.service
           └─977 /usr/sbin/sshd -D -oCiphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes12>

Dec 22 15:56:49 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
Dec 22 15:56:49 localhost.localdomain sshd[977]: Server listening on 0.0.0.0 port 22.
Dec 22 15:56:49 localhost.localdomain sshd[977]: Server listening on :: port 22.
Dec 22 15:56:49 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
Dec 22 16:03:10 localhost.localdomain sshd[1550]: Accepted password for root from 192.168.17.1 port 53545 ssh2
Dec 22 16:03:10 localhost.localdomain sshd[1550]: pam_unix(sshd:session): session opened for user root by (uid=0)

[root@zsr ~]#

生产密钥 ssh-keygen -t rsa (-t rsa 表示选择rsa算法)

[root@zsr ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):      *//私钥在/root/.ssh/id_rsa*
Enter passphrase (empty for no passphrase):      *//私钥没输密码 代表没有加密*
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.     *//公钥在/root/.ssh/id_rsa.pub*
The key fingerprint is:
SHA256:W6LWrA6tXMBS+ErtvzhRXCOkc9pI3Ii5zCsztJwXK4o root@zsr.simple.com
The key's randomart image is:
+---[RSA 3072]----+
|     ..          |
|   = +. o        |
|  + B.oo .       |
| o B *o          |
| .*.B.. S .      |
|o.o=+o + +       |
|+=ooo.= +        |
|o+o..B .         |
|E   +o=.         |
+----[SHA256]-----+
[root@zsr ~]#

查看公钥私钥权限
公钥权限：644
私钥权限：600

[root@zsr ~]# ll .ssh
total 8
-rw-------. 1 root root 2602 Dec 22 18:00 id_rsa
-rw-r--r--. 1 root root  573 Dec 22 18:00 id_rsa.pub
[root@zsr ~]#

把公钥传给需要免密登录的主机
ssh-copy-id

[root@zsr ~]# ssh-copy-id root@192.168.17.131
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.17.131 (192.168.17.131)' can't be established.
ECDSA key fingerprint is SHA256:a573QZN4AWem0cTNPxncJQC7BvfoTWGhZAG+doMrjTI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.17.131's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.17.131'"
and check to make sure that only the key(s) you wanted were added.

[root@zsr ~]#

在需要免密登录主机上查看公钥

[root@zsr2 ~]# ls .ssh/
authorized_keys
[root@zsr2 ~]#

在主机上连接不需要输入密码

[root@zsr ~]# ssh root@192.168.17.131
Last login: Thu Dec 22 17:55:02 2022 from 192.168.17.1
[root@zsr2 ~]#