使用ssh实现rsync免密交互。
1、测试环境介绍
服务端:192.168.1.169
客户端:192.168.1.163
2,创建ssh免秘钥环境,测试无交互备份
在192.168.1.169上执行:
- 生成秘钥文件
[root@localhost home]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /home/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/.ssh/id_rsa.
Your public key has been saved in /home/.ssh/id_rsa.pub.
The key fingerprint is:
85:4e:a1:0d:e0:a4:ab:8b:28:3b:e8:b4:6d:7c:ee:8d root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| o.. . |
| + + o |
| . . . + . |
| . o . |
| . S |
| . |
|o.. |
|B.oo .o |
|B=..+E . |
+-----------------+
这里,为了不覆盖root的id_rsa,请另创建一个目录去保存,比如 /home/.ssh/id_rsa
- 将公钥文件下发给客户端
使用“-i” 指定公钥文件
[root@localhost home]# ssh-copy-id -i /home/.ssh/id_rsa.pub root@192.168.1.163
The authenticity of host '192.168.1.163 (192.168.1.163)' can't be established.
ECDSA key fingerprint is 03:9e:69:4a:1f:16:79:c4:ad:fe:a8:6f:cc:30:41:bc.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.163's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.1.163'"
and check to make sure that only the key(s) you wanted were added.
自己实际命令:ssh-copy-id -i /home/.ssh/id_rsa.pub root@192.168.1.163
PS:这里有时会报错:
[root@localhost home]# ssh-copy-id -i /home/.ssh/id_rsa.pub root@192.168.1.163
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!
ERROR: It is also possible that a host key has just been changed.
ERROR: The fingerprint for the ECDSA key sent by the remote host is
ERROR: 03:9e:69:4a:1f:16:79:c4:ad:fe:a8:6f:cc:30:41:bc.
ERROR: Please contact your system administrator.
ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message.
ERROR: Offending ECDSA key in /root/.ssh/known_hosts:10
ERROR: ECDSA host key for 192.168.1.163 has changed and you have requested strict checking.
ERROR: Host key verification failed.
这种情况的产生原因是公钥变化而引起的无法登陆,在 known_hosts里删除对应的公钥信息就可以啦。
$ vim ~/.ssh/known_hosts
把2端里的信息都删除。最后应该是在服务端的hosts里有一条163的信息。
这时查看服务端192.168.1.169的known_hosts端,应该在最下面添加了一条163的免密信息。
[root@localhost home]# vi ~/.ssh/known_hosts
192.168.1.188 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEDRFjULfVzsw2SOnKUKVhZQqDxYb3e8F5uH/IgYirvKiWVZnn9ta3WcxfL5m65ymas6it7fhwFov4qDBWkWcMw=
192.168.1.132 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEUk5EuyAbBxk6nrVcj4MP8PTR5bytT5jaCOZpQo/fJVhboRNDmJFqcRv0Xu/Vmjn7jpEhJAa2LfhP4iBucN9qI=
192.168.1.74 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPPU8lcL6FKfdHXLniIdOh/CA9Qg7igF5Qyi+jCRpJ9uMw3xNaIFHdEet89XaBHJbDtKkYNEVgfL+Ldgh8aP9Xc=
192.168.1.71 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBSgLHoEypOYrSom1vPG/v8hHV5LB9lfxEaLeZjFBPthbReHC/q451B5h/+aglraxpC8h/5EapJ6qYcguZV5Mxk=
192.168.1.207 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK01b6DFh7zdUNyVqX3FOaJseK1hLqKkI7ai21oiawV28XqOwYFhtnP0bLt3m3eoDba6A782BKkzro/EBP7BqYM=
192.168.1.115 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIPt7BYALhvT9Bvs99yrOD2YlaXSsE9gTFE4Hr47BqSwVAGTvO12Ub8EHl9+Tg0RWgF34CF0tJQ0NGAqeatValI=
192.168.1.201 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCY98PBDx5g1tjtG83qXqAtDLoMa7c806xPLq3OoVFTzPn1chvNEaMXNQeREPrqQiQjlMntWxaLHsLJqoVU4yoE=
192.168.1.186 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFXCheppqaRG/isJEHac4sctVNRZfl957WMGwhh4gI55BVbe1hmRICf6hGQy5s8lI8fw6Mjdms/m223p8K4ZPfs=
192.168.1.208 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMx5lB/a3YwobCKJ2Bkm0kV2bcOKFBiejaBPCP9FEI43EjA+xOQw6tCXXCmOEa1CaszP5Hr1pvgQ1cA6gHDtpRo=
192.168.1.147 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNFJSeP/xG6gnjUHizUR9xiwx5vL41G5Nv9cNIdC23fqDV+Y5AGx6JdRsbg4GZ4aGfO1pF2g5dz7uDrss85EnPk=
192.168.1.163 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK9PMtBCRqsqf7Q4K1sQ4iIgo4+fYEm0JOwoPhjzqJNatuPnXBEdMvttL1C/VZAYpjr6+URqIAJAzXO08GnIM6A=
~
PS
1.注意授权方向,如果是从服务端拉取,则服务端给终端授权。如果是往服务端推,则终端授权给服务端。
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
