我们用四台服务器做测试,IP分别为
A:192.168.1.211
B:192.168.1.212
C:192.168.1.213
D:192.168.1.214
四台电脑上同时操作
ssh-keygen -t rsa
连续三次回车,系统会在/root/.ssh/下生成一个公钥和一个私钥
[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
89:1d:2d:8f:a9:a8:5a:db:d2:eb:77:d1:ba:fd:d5:02 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| o . |
| o B |
| . S.. E |
| . .. . . . |
| ... . o o .|
| ..+. . o. . . |
|..oo+o ...... |
+-----------------+
[root@localhost ~]#
将B、C、D三台电脑的公钥发送给A,并且重命名以免发生覆盖
[root@localhost ~]# scp /root/.ssh/id_rsa.pub 192.168.1.211:/root/.ssh/id_rsa.pub2
The authenticity of host '192.168.1.211 (192.168.1.211)' can't be established.
RSA key fingerprint is 23:5b:94:96:05:03:23:58:78:bd:d3:d8:fa:39:43:3c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.211' (RSA) to the list of known hosts.
root@192.168.1.211's password:
id_rsa.pub 100% 408 0.4KB/s 00:00
[root@localhost ~]#
[root@localhost ~]# scp /root/.ssh/id_rsa.pub 192.168.1.211:/root/.ssh/id_rsa.pub3
The authenticity of host '192.168.1.211 (192.168.1.211)' can't be established.
RSA key fingerprint is 23:5b:94:96:05:03:23:58:78:bd:d3:d8:fa:39:43:3c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.211' (RSA) to the list of known hosts.
root@192.168.1.211's password:
id_rsa.pub 100% 408 0.4KB/s 00:00
[root@localhost ~]#
[root@localhost ~]# scp /root/.ssh/id_rsa.pub 192.168.1.211:/root/.ssh/id_rsa.pub4
The authenticity of host '192.168.1.211 (192.168.1.211)' can't be established.
RSA key fingerprint is 23:5b:94:96:05:03:23:58:78:bd:d3:d8:fa:39:43:3c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.211' (RSA) to the list of known hosts.
root@192.168.1.211's password:
id_rsa.pub 100% 408 0.4KB/s 00:00
[root@localhost ~]#
发送完成之后我们查看A的/root/.ssh/目录
[root@localhost ~]# ll /root/.ssh/
total 20
-rw------- 1 root root 1675 Oct 9 15:18 id_rsa
-rw-r--r-- 1 root root 408 Oct 9 15:18 id_rsa.pub
-rw-r--r-- 1 root root 408 Oct 9 15:21 id_rsa.pub2
-rw-r--r-- 1 root root 408 Oct 9 15:22 id_rsa.pub3
-rw-r--r-- 1 root root 408 Oct 9 15:22 id_rsa.pub4
[root@localhost ~]#
可以看到 除了自己本身的公钥和私钥还多了三个又B、C、D发送过来的公钥。接下来我们在A电脑上将四个公钥写入到authorized_keys文件
[root@localhost ~]# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
[root@localhost ~]# cat /root/.ssh/id_rsa.pub2 >> /root/.ssh/authorized_keys
[root@localhost ~]# cat /root/.ssh/id_rsa.pub3 >> /root/.ssh/authorized_keys
[root@localhost ~]# cat /root/.ssh/id_rsa.pub4 >> /root/.ssh/authorized_keys
[root@localhost ~]#
写入完成查看一下authorized_keys文件里面是否有内容
[root@localhost ~]# cat /root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6Y6cL086xfqj1VFnVeNeGxDtakT6yXbPphMUSgVdICKRfQEsZdbuqx3CpZ7AsxzGqtjqusfcE0wkZHTpB9+w2ewwyqzLEesGQke3MU+ppeKeRTVmuVaeZ/+p0ivKECX3C0eFPZmxXg/Tp35UzM09fGuHTVT6PQ+NNml3A7BIXLu9aZ6V0H9VGgbtjdvBGdmpx8COwhSaatZOMRY+zHXJtynpudFYclnqefwTTYB7EsIhkf8lEQZPqLfjyX2XPp3V5gGrvPda/VlkBQRCKaF5zqlg024e1Wf9bYPgSLh+R+XxWQzTlBrG9ayvMkdMHb2DOUNYnnspt9I4jxPazra3aQ== root@localhost.localdomain
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3h2kkCOzvYcHnSy03DiW7phqQ4SxNnuV7qiKcXgMDi56pL23vrAiPDraeyn6zRgtwwSPS47ZbtQ7hgUEVZ8MNzcu4JIBW/QEPuGFA2rX9n19h9e1TCvVxlC2zRAgQs/8lUBTXO+63Ua/W1GeKOxOLUiLBPLmHOkhFkngVpzaFWrqj/YhgqQ+hemDUmrNkDCs3EBIBoF8QAH0z3mCr0pMVv8HEFFvwS4tSnwJDvh+86/tFUwzO/6uUa4hY/XvF/IhVUiB39zKFLdKxU5K03ZzTHMLxbzeUKLwY0uOLoP+9lzwj08EUjmYkyQgXaT3ZKM9m8RoBMGvcRnos0jl/By2OQ== root@localhost.localdomain
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvUnnRJ0W9HNY655XMk1nUnSqQHmNNurTUfOGehEJG/lWaqYgbtxzxw2WA4+76rvMJ/Reqi6c5kc/K3sE0Qz8MoCFbItG5ROFjSieS7TyBi/351bVcsIhcC4JmltJx73dt9eQSdVJlN4eVVqSqPs9TK6YpnydA3AGmcZCCpVLESuzj7geXzMO16m+un/4OfQFFlcIcT5m/6zP1C/XiljFwlTD6v/8UFDlm4a7yXOrm+1mF6GjEifOiPGPVILOv6PlCrM21Z0yeh/sTJ36308LjGwuk+4qFzY+X0o+hP7Q1jEJjnETOnCSIttUdMzBwclVonKBAPOxqY1g+UCy6Plfdw== root@localhost.localdomain
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvO4L3lAycE6sXb+60s5KDtzLAoY6XwxpBKM6rIz2aX/qYOZBVDfqZYIRI7V03xVudfcuaPab8tUEnReXYsn6o9OX5WmBxu94Uu6SaiQmD7PvVNdV8wScsyd4lB6rkxne436A53d7TYH3IugDmdnaI8fXEv60BUQMPcbpwyxaCwzRqISglj2iog8LfV3yGfJed/cGp8RvgcToDNYbK2Q+ZVgZHiiHQcGpxbHmTRtavGtA6nFBs6K+l7XzfwvN7f/yL++6z/DjDMwuoHHIGY2Uhn5YCbDTppU1aRjXTvp/eOWg3x1BYiI2gHqqpOaDVSYZsNgp79Pu1CnyGFQeu2luhQ== root@localhost.localdomain
[root@localhost ~]#
接下来我们将生成好的authorized_keys文件放入B、C、D每台电脑
[root@localhost ~]# scp /root/.ssh/authorized_keys 192.168.1.212:/root/.ssh/
The authenticity of host '192.168.1.212 (192.168.1.212)' can't be established.
RSA key fingerprint is 23:5b:94:96:05:03:23:58:78:bd:d3:d8:fa:39:43:3c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.212' (RSA) to the list of known hosts.
root@192.168.1.212's password:
authorized_keys 100% 1632 1.6KB/s 00:00
[root@localhost ~]# scp /root/.ssh/authorized_keys 192.168.1.213:/root/.ssh/
The authenticity of host '192.168.1.213 (192.168.1.213)' can't be established.
RSA key fingerprint is 23:5b:94:96:05:03:23:58:78:bd:d3:d8:fa:39:43:3c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.213' (RSA) to the list of known hosts.
root@192.168.1.213's password:
authorized_keys 100% 1632 1.6KB/s 00:00
[root@localhost ~]# scp /root/.ssh/authorized_keys 192.168.1.214:/root/.ssh/
The authenticity of host '192.168.1.214 (192.168.1.214)' can't be established.
RSA key fingerprint is 23:5b:94:96:05:03:23:58:78:bd:d3:d8:fa:39:43:3c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.214' (RSA) to the list of known hosts.
root@192.168.1.214's password:
authorized_keys 100% 1632 1.6KB/s 00:00
[root@localhost ~]#
CentOS6到这里就操作完了,CentOS7的话还需要配置sshd_config文件和为文件和目录赋权限
sudo vim /etc/ssh/sshd_config
放开如下两行,去掉#即可
RSAAuthentication yes
PubkeyAuthentication yes
保存退出后,为.ssh目录authorized_keys赋权
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
好了,到这里我们就完成了四台电脑之间的SSH免密码访问。
[root@localhost ~]# ssh 192.168.1.211
Last login: Mon Oct 9 15:08:18 2017 from 192.168.1.40
[root@localhost ~]#
通过ssh登陆进去以后可以通过logout命令登陆
[root@localhost ~]# logout
Connection to 192.168.1.211 closed.
[root@localhost ~]#
好了,这个就到这里,有什么疑问欢迎大家留言。