ssh免密登录
1.场景
控制端远程ssh免密登录被控制段
2.具体操作
2.1 控制端生成密钥
控制端生成密钥,其中id_rsa.pub为公钥。
ssh-keygen -t rsa
产生如下信息:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/xxxxx/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxxx/.ssh/id_rsa.
Your public key has been saved in /home/xxxxx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:l93pZI/2zfpWE/9uh4nElz2wwz4X9yhvBFlUZL6sg/I xxxxx@xxxxxxxxxx
The key's randomart image is:
+---[RSA 2048]----+
| ..o+|
| .o |
| o .|
| ooo.o.|
| S o.o.B=o|
| . +B=*=|
| . o.*=+X|
| o o+*+B|
| E +=*B|
+----[SHA256]-----+
将产生的公钥id_rsa.pub传输到被控制端,可以使用scp命令,也可以ftp软件file_zilla传输,这里提供scp命令:
$ scp /home/xxxxx/.ssh/id_rsa.pub xxxxx@192.168.222.140:/home/xxxxx/.ssh
2.2 被控制端授权
被控制端的user用户需要被控制,那么就将控制端生成的公钥拷入器.ssh文件夹下,然后将公钥放入authorized_keys文件(不存在则新建一个)
这里假设被控制端允许xxxxx用户被登录时免密:
进入/home/xxxxx/.ssh目录
cd /home/xxxxx/.ssh
授权公钥
cat id_rsa.pub >> authorized_keys
如果想要直接root账户授权,那么就将公钥拷入/root/.ssh,执行同样的操作即可。