Linux下用SCP无需输入密码传输文件

我的两台虚拟机ip如下：

192.168.8.124
192.168.8.174

现在要实现两台机器scp拷贝无密码，这个通常用在crontab定时脚本中拷贝文件，因为拷贝文件如果需要密码，定时脚本会等待正确密码才能执行完成。

实现192.168.8.174使用scp命令到192.168.8.124免密码

在192.168.8.174上执行如下命令，生成配对密钥

[root@localhost ~]# ssh-keygen -t rsa
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa. 
Your public key has been saved in /root/.ssh/id_rsa.pub. 
The key fingerprint is:
SHA256:RyiNlxNy/RqlKX5cdQs6QgOw1ttJx54bHhpm90OOSQE root@localhost
The key's randomart image is:
+---[RSA 2048]----+
|     .o.+E       |
|      o= *+ ... .|
|     oo.B.oO.....|
|    .  o=+Bo=  . |
|       oSOo@..   |
|        +.X X    |
|         o = +   |
|              .  |
|                 |
+----[SHA256]-----+

将/root/.ssh/目录中的id_rsa.pub文件复制到192.168.8.124的/root/.ssh/目录中，并改名为authorized_keys

[root@localhost .ssh]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.8.174  netmask 255.255.255.0  broadcast 192.168.8.255
        inet6 fe80::c813:ac4c:c09e:e9ad  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:19:88:40  txqueuelen 1000  (Ethernet)
        RX packets 751441  bytes 71039826 (67.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11841  bytes 1260480 (1.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 28337  bytes 7912008 (7.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28337  bytes 7912008 (7.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost .ssh]# pwd
/root/.ssh
[root@localhost .ssh]# ls
id_rsa  id_rsa.pub  known_hosts
[root@localhost .ssh]# scp id_rsa.pub root@192.168.8.124:/root/.ssh/authorized_keys
The authenticity of host '192.168.8.124 (192.168.8.124)' can't be established.
ECDSA key fingerprint is SHA256:FIm9DMdTYaMXz7xxh3bYo4+PNBdUxuMeDej15LpwRhA.
ECDSA key fingerprint is MD5:a8:b2:16:63:81:fb:7e:2f:58:60:a8:21:1b:94:8a:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.124' (ECDSA) to the list of known hosts.
root@192.168.8.124's password: 
scp: /root/.ssh/authorized_keys: No such file or directory

出现上面的问题是在192.168.8.124机器上没有/root/.ssh目录
手工创建该目录

mkdir .ssh

再次执行上面的scp命令，输入正确的密码之后，以后scp拷贝就可以免密码了，都不会出现输入密码提示

[root@localhost ~]# scp aa.txt 192.168.8.124:/root
aa.txt                                 100%    4     0.4KB/s   00:00

注意点:

如果机器已经存在authorized_keys文件，则可以借助中间文件追加到authorized_keys
在192.168.8.174上执行

scp ~/.ssh/id_rsa.pub root@192.168.8.124:/root/.ssh/hbk.pub

在192.168.8.124上执行

cat ~/.ssh/hbk.pub >> ~/.ssh/authorized_keys

此时192.168.8.124往192.168.8.174使用scp命令还是要输入密码的

[root@test11g ~]# scp aa.txt 192.168.8.174:/
The authenticity of host '192.168.8.174 (192.168.8.174)' can't be established.
ECDSA key fingerprint is SHA256:bXYIVwF2IEdO/svo8tsHWyuSj+30zpSb+MZ5T67UEGA.
ECDSA key fingerprint is MD5:43:87:83:bd:9c:d4:ae:75:1b:a7:e1:eb:ca:a0:d4:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.174' (ECDSA) to the list of known hosts.
root@192.168.8.174's password:

要实现两者相互信任，可以重新做一遍，实现192.168.8.124使用scp免密码拷贝到192.168.8.174即可。