访问机(bainuo)
[jim@bainuo ~]$ ssh-keygen //ssh-kengen等同于ssh-keygen -t rsa,默认就是rsa算法,还有一种就是dsa算法
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jim/.ssh/id_rsa):
Created directory '/home/jim/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jim/.ssh/id_rsa.
Your public key has been saved in /home/jim/.ssh/id_rsa.pub.
The key fingerprint is:
一路回车,在如下目录会生成文件
[jim@bainuo .ssh]$ pwd
/home/jim/.ssh
[jim@bainuo .ssh]$ ls
id_rsa id_rsa.pub
id_rsa :私钥
id_rsa.pub :公钥
然后就是将公钥复制到被访问机上(centos7),有两种方法,一种是使用scp,一种是使用ssh-copy-id
使用ssh-copy-id,如果提示command not found,需要安装openssh-clients
[root@bainuo ~]# yum install openssh-clients -y
[jim@bainuo .ssh]$ ssh-copy-id terry@192.168.1.30
The authenticity of host '192.168.1.30 (192.168.1.30)' can't be established.
RSA key fingerprint is f2:57:ea:91:f2:b8:2f:9c:aa:99:7c:ee:a8:97:f6:91.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added '192.168.1.30' (RSA) to the list of known hosts.
Nasty PTR record "192.168.1.30" is set up for 192.168.1.30, ignoring
terry@192.168.1.30's password:
Now try logging into the machine, with "ssh 'terry@192.168.1.30'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
测试一下
[jim@bainuo .ssh]$ ssh terry@192.168.1.30 //因为两边的用户名不一致,所以需要加上centos7上的用户名
Nasty PTR record "192.168.1.30" is set up for 192.168.1.30, ignoring
Last login: Sun Aug 20 15:25:22 2017
[terry@centos7 ~]$
可以了,如果需要不加上用户名,两个办法
1.两处使用相同的用户名
2.在~/.ssh/目录下创建config文件,并修改文件权限为600
[jim@bainuo .ssh]$ chmod 600 config
[jim@bainuo .ssh]$ cat config
host 192.168.1.30
user terry
然后就可以不加用户名直接连接了
[jim@bainuo .ssh]$ ssh 192.168.1.30
Nasty PTR record "192.168.1.30" is set up for 192.168.1.30, ignoring
Last login: Sun Aug 20 15:34:38 2017 from 192.168.1.20
[terry@centos7 ~]$
接前面的话题,如果使用scp传送密匙的话,如下:
scp id_rsa.pub terry@192.168.1.30:/home/terry
然后在被访问机上导入密匙
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
注意authorized_keys文件的权限也是设置为600