server1 连接 server2
需要在server1机器上生成秘钥,并保存到server2机器~/.ssh/authorized_keys(登录用户家目录)
-
生成秘钥
server1 生成秘钥ssh-keygen命令用于为“ssh”生成、管理和转换认证密钥,默认使用RSA认证密钥,可以通过 -t 指定类型
ssh-keygen
之后回车默认即可
-
在需要登录的机器上保存公钥
将公钥保存在需要连接的server的登录用户家目录下.ssh/authorized_keys中ssh-copy-id命令可以把本地主机的公钥复制到远程主机的authorized_keys文件上,ssh-copy-id命令也会给远程主机的用户主目录(home)和~/.ssh, 和~/.ssh/authorized_keys设置合适的权限。
-i 指定公钥文件在hadoop100上执行如下命令
ssh-copy-id -i ~/.ssh/id_rsa.pub kevin@hadoop101
以上命名就是在hadoop101的/home/kevin/.ssh/authorized_keys中追加了~/.ssh/id_rsa.pub的内容
-
在server1上登录server2
在hadoop100上执行ssh kevin@hadoop101
note:如果在server 1 以root身份生成密钥并上传到server 2的话,你用root去SSH连接服务器的话是不需要密码的,但是别的用户连接是仍然需要密码的. 如果想要用当前用户可以免密登录server 2,就要用当前账号生成秘钥,并将公钥追加到server 2中登录server 2用的账号的~./ssh/authorized_keys文件中
[kevin@hadoop100 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kevin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kevin/.ssh/id_rsa.
Your public key has been saved in /home/kevin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:UuBIsAeRDnQe9pixAq63lNnbhJnD78yG37nSY0z9GBw kevin@hadoop100
The key's randomart image is:
+---[RSA 2048]----+
|o.+O. . |
|+ =+Bo . |
| =.=o.. . |
|. o* + . E |
|. = B o So . |
| o . * .. + |
| . ..o+ + |
| .+o.=.. . |
| o=o+o |
+----[SHA256]-----+
[kevin@hadoop100 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub kevin@hadoop101
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/kevin/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
kevin@hadoop101's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'kevin@hadoop101'"
and check to make sure that only the key(s) you wanted were added.
[kevin@hadoop100 ~]$ ssh kevin@hadoop101
Last login: Wed Oct 20 07:24:17 2021
[kevin@hadoop101 ~]$ exit
登出
Connection to hadoop101 closed.
[kevin@hadoop100 ~]$