我的两台虚拟机ip如下:
192.168.8.124
192.168.8.174
现在要实现两台机器scp拷贝无密码,这个通常用在crontab定时脚本中拷贝文件,因为拷贝文件如果需要密码,定时脚本会等待正确密码才能执行完成。
实现192.168.8.174使用scp命令到192.168.8.124免密码
在192.168.8.174上执行如下命令,生成配对密钥
[root@localhost ~]# ssh-keygen -t rsa
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:RyiNlxNy/RqlKX5cdQs6QgOw1ttJx54bHhpm90OOSQE root@localhost
The key's randomart image is:
+---[RSA 2048]----+
| .o.+E |
| o= *+ ... .|
| oo.B.oO.....|
| . o=+Bo= . |
| oSOo@.. |
| +.X X |
| o = + |
| . |
| |
+----[SHA256]-----+
将/root/.ssh/目录中的id_rsa.pub文件复制到192.168.8.124的/root/.ssh/目录中,并改名为authorized_keys
[root@localhost .ssh]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.8.174 netmask 255.255.255.0 broadcast 192.168.8.255
inet6 fe80::c813:ac4c:c09e:e9ad prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:19:88:40 txqueuelen 1000 (Ethernet)
RX packets 751441 bytes 71039826 (67.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11841 bytes 1260480 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 28337 bytes 7912008 (7.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28337 bytes 7912008 (7.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost .ssh]# pwd
/root/.ssh
[root@localhost .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@localhost .ssh]# scp id_rsa.pub root@192.168.8.124:/root/.ssh/authorized_keys
The authenticity of host '192.168.8.124 (192.168.8.124)' can't be established.
ECDSA key fingerprint is SHA256:FIm9DMdTYaMXz7xxh3bYo4+PNBdUxuMeDej15LpwRhA.
ECDSA key fingerprint is MD5:a8:b2:16:63:81:fb:7e:2f:58:60:a8:21:1b:94:8a:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.124' (ECDSA) to the list of known hosts.
root@192.168.8.124's password:
scp: /root/.ssh/authorized_keys: No such file or directory
出现上面的问题是在192.168.8.124机器上没有/root/.ssh目录
手工创建该目录
mkdir .ssh
再次执行上面的scp命令,输入正确的密码之后,以后scp拷贝就可以免密码了,都不会出现输入密码提示
[root@localhost ~]# scp aa.txt 192.168.8.124:/root
aa.txt 100% 4 0.4KB/s 00:00
注意点:
如果机器已经存在authorized_keys文件,则可以借助中间文件追加到authorized_keys
在192.168.8.174上执行
scp ~/.ssh/id_rsa.pub root@192.168.8.124:/root/.ssh/hbk.pub
在192.168.8.124上执行
cat ~/.ssh/hbk.pub >> ~/.ssh/authorized_keys
此时192.168.8.124往192.168.8.174使用scp命令还是要输入密码的
[root@test11g ~]# scp aa.txt 192.168.8.174:/
The authenticity of host '192.168.8.174 (192.168.8.174)' can't be established.
ECDSA key fingerprint is SHA256:bXYIVwF2IEdO/svo8tsHWyuSj+30zpSb+MZ5T67UEGA.
ECDSA key fingerprint is MD5:43:87:83:bd:9c:d4:ae:75:1b:a7:e1:eb:ca:a0:d4:4e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.174' (ECDSA) to the list of known hosts.
root@192.168.8.174's password:
要实现两者相互信任,可以重新做一遍,实现192.168.8.124使用scp免密码拷贝到192.168.8.174即可。