一 单向无密码访问
1. 在服务器A生成密钥对
ssh-keygen -t rsa
cat ~/.ssh/id_rsa.pub
2. 上传公钥到B服务器
scp ~/.ssh/id_rsa.pub roo@192.168.0.2:~/.ssh/authorized_keys
二 多台服务器互相免密登录
1. 所有服务器生成ssh密钥
如上述步骤将每台服务器都执行 ssh-keygen -t rsa 生成密钥对
2. 执行ssh-copy-id命令
- 如 A:192.168.0.21, B:192.168.0.22, C:192.168.0.23,在服务器A上执行:
ssh-copy-id ~/.ssh/id_rsa.pub roo@192.168.0.21
ssh-copy-id ~/.ssh/id_rsa.pub roo@192.168.0.22
ssh-copy-id ~/.ssh/id_rsa.pub roo@192.168.0.23
- 以上将A的公钥自动添加到 A, B, C两台服务器的authorized_keys文件内,这样A就可以免密登录A,B,C了
- 同理,A, B, C 三台机器要免密互连。需在服务器B, C分别上执行:
ssh-copy-id ~/.ssh/id_rsa.pub roo@192.168.0.21
ssh-copy-id ~/.ssh/id_rsa.pub roo@192.168.0.22
ssh-copy-id ~/.ssh/id_rsa.pub roo@192.168.0.23
- 查看 A, B,C 任意一台机器内的authorized_keys文件, 里面保存的是A, B, C的公钥串,因此ssh无密码访问的原理是将本机的公钥串添加到远程服务器的authorized_keys文件内。
cat ~/.ssh/authorized_keys