环境:
| 服务器: | 用户: | IP: |
|---|---|---|
| servserA | userA | 10.120.120.11 |
| servserB | userB | 10.120.120.100 |
目标: 需要在serverA服务器通过userA用户免密登录serverB服务器的userB用户
1、检查端口:
-
首先检查一下两台服务器ip能否ping通
ping serverB_IP -
检查ssh端口是否互通,(SSH默认端口:22)
#-v显示输出,-z测试端口,-w超时时间(默认秒) nc -vz -w10 serverB_IP 22或
#telnet serverB_IP 22就可以,但是不能自动退出,需要先执行(CTRL+])再执行quit退出telnet。 #命令前面加echo "" | 连接成功并退出: echo "" | telnet serverB_IP 22
- nc连接成功输出如下:
# nc -vz -w10 10.120.120.100 22
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.120.120.100:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
- telnet连接成功输入如下:
# echo "" | telnet 10.120.120.100 22
Trying 10.120.120.100...
Connected to 10.120.120.100.
Escape character is '^]'.
Connection closed by foreign host.
若没有nc或者工具,可以使用yum安装:
yum install nc.x86_64yum install telnet.x86_64
2、生成密钥:
在serverA上生成userA密钥,这里演示的是rsa加密算法,也可以使用dsa加密算法。
ssh-keygen -t rsa
[userA@serverA ~]$ ssh-keygen -t rsa #指定加密算法为rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/userA/.ssh/id_rsa): #保存私钥文件的安全路径
Created directory '/home/userA/.ssh'.
Enter passphrase (empty for no passphrase): #密码可以为空
Enter same passphrase again:
Your identification has been saved in /home/userA/.ssh/id_rsa.
Your public key has been saved in /home/userA/.ssh/id_rsa.pub. #生成的公钥文件
The key fingerprint is:
b7:b7:2e:6c:28:c2:0c:b3:d9:03:a2:44:56:8f:a7:26 userA@serverA
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . |
| . o |
| o . o |
|o o S . |
|.E+o . . |
|o.oX o. . |
|. o * . . +. . |
| o . . oo |
+-----------------+
[userA@serverA ~]$
在userA的home目录下生成.ssh目录其中包括公钥文件(id_rsa.pub),所有内容如下:
[userA@serverA ~]$ ls -la .ssh
total 12
drwx------ 2 userA userA 57 Mar 2 12:04 .
drwx------ 3 userA userA 116 Mar 3 04:36 ..
-rw------- 1 userA userA 1679 Mar 2 12:03 id_rsa
-rw-r----- 1 userA userA 396 Mar 2 12:03 id_rsa.pub
3、传输密钥
方法一:(ssh-copy-id )
使用ssh-copy-id命令,会根据userA@serverA的公钥文件“/home/userA/.ssh/id_rsa.pub”在userB@serverB的home目录下生成“/home/userB/.ssh/authorized_keys”文件,或在原有的authorized_keys文件中追加新的密钥
ssh-copy-id userB@serverB_IP
[userA@serverA ~]$ ssh-copy-id userB@10.120.120.100
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/userA/.ssh/id_rsa.pub"
The authenticity of host '10.120.120.100 (10.120.120.100)' can't be established.
RSA key fingerprint is SHA256:afq3Tt/sx7TKZksS2vRRGa/MY267gqZleZEvNfqrPA4.
RSA key fingerprint is MD5:d6:14:43:b8:0d:b6:ed:b0:71:7d:9b:00:e0:26:2a:7b.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
userB@10.120.120.100's password: #输入userB密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'userB@10.120.120.100'"
and check to make sure that only the key(s) you wanted were added.
[userA@serverA ~]$
方法二:(ssh)
在userB@serverB用户的authorized_keys文件中追加userA@serverA用户的公钥文件内容
#可以在ssh后接-p参数指定端口号
cat ~/.ssh/id_rsa.pub|ssh -p 22 userB@serverB_IP 'cat>>~/.ssh/authorized_keys'
示例:
[userA@serverA ~]$ cat ~/.ssh/id_rsa.pub|ssh -p 22 userB@10.120.120.100 'cat>>~/.ssh/authorized_keys'
cat: /home/userB/.ssh/id_rsa.pub: No such file or directory
The authenticity of host '10.120.120.100 (10.120.120.100)' can't be established.
RSA key fingerprint is d6:14:43:b8:0d:b6:ed:b0:71:7d:9b:00:e0:26:2a:7b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.120.120.100' (RSA) to the list of known hosts.
userB@10.120.120.100's password:
[userA@serverA ~]$
方法三:(scp)
笨方法,使用scp将密钥文件传输到userB@serverB的(home)目录下,在手动写入~/.ssh/authorized_keys文件中
[userA@serverA ~]$ scp -P 22 ~/.ssh/id_rsa.pub userB@serverB:~/
登录userB@serverB
[userB@serverB ~]$ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
注意:使用该命令传输公钥文件如果userB@serverB用户的(home)目录下之前存在”.ssh/authorized_keys“文件会将其覆盖,一定要确认好userB@serverB用户home目录下是否存在该文件。
4、免密登录:
[userA@serverA ~]$ ssh userB@10.120.120.100
Last login: Thu Mar 3 18:45:37 2022 from 10.120.120.99
[userB@serverB ~]$
2417
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
