[实验环境]
本次环境是:Centos7.6+python3.8+sshd
[步骤]
1. 进入.ssh目录
1.1 cd ~/.ssh进入到.ssh目录下并查看该目录路径
说明:cd ~/.ssh命令在linux系统终端的任何目录下通过切换命令都能进入到.ssh目录下
[root@gxl-1 OP]# cd ~/.ssh
[root@gxl-1 .ssh]# pwd
/root/.ssh
1.2 查看.ssh目录下的内容,执行命令ls -al。此时该目录下没有任何的文件和文件夹
[root@gxl-1 .ssh]# ls
[root@gxl-1 .ssh]#
2. 生成SSH免登录密钥
2.1 在.ssh下执行命令如下命令,连续四个回车,执行完该命令后,会生成两个文件:id_rsa(私钥)、id_rsa.pub(公钥)
[root@gxl-1 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:tgRapF+u4QQVum0btotwIaUpuecgSGribAH/VbHSyLg root@gxl-1.novalocal
The key's randomart image is:
+---[RSA 2048]----+
| +. |
| = . |
| =ooo.o |
|.. +.B+++ |
|+o+ +.OoS |
|++..E*.O . |
|B.+...= . |
|*= o.. . |
|.o. . . |
+----[SHA256]-----+
[root@gxl-1 .ssh]# ls
authorized_keys id_rsa id_rsa.pub
2.2 查看公钥和私钥内容
[root@gxl-1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqci/VIEujtBtv1hUZA61yni2zbwFAaxBqlXo2FLaRVdqAey+ZaQLatORDzRTy847NIe2f4miCs3Ji2LXaT9zsUYHSImIAFAr44CuMkPAFEvaB9aVGDBO/zZvSnBFbo22wC0WO10MR+Jpl43knhP3Eil7dodp3vwBceyT5MgoycHBQ01ap8+kH4OiZyTVnu5J9rWpgUaOSao/TrhbeF9tc74QlKvYLEjaSyzchOlgvf6APPljLkxsMXcbm47Cp1eKzto+gyo3TKZ2EFs8EEGB5pgp3M3/CMbesngPQpkqmJqsak5nyr1qH27ogPusSE9OxUiwVLDJYOIxX6rS5sU5z root@gxl-1.novalocal
[root@gxl-1 .ssh]# cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA6nIv1SBLo7Qbb9YVGQOtcp4ts28BQGsQapV6NhS2kVXagHsv
mWkC2rTkQ80U8vOOzSHtn+JogrNyYti12k/c7FGB0iJiABQK+OArjJDwBRL2gfWl
RgwTv82b0pwRW6NtsAtFjtdDEfiaZeN5J4T9xIpe3aHad78AXHsk+TIKMnBwUNNW
qfPpB+Domck1Z7uSfa1qYFGjkmqP064W3hfbXO+EJSr2CxI2kss3ITpYL3+gDz5Y
y5MbDF3G5uOwqdXis7aPoMqN0ymdhBbPBBBgeaYKdzN/wjG3rJ4D0KZKpiarGpOZ
8q9ah9u6ID7rEhPTsVIsFSwyWDiMV+q0ubFOcwIDAQABAoIBAQCIaAWimFbKGbm4
+TNvSW96d8QZWWW+CE0V5oCjxKtwpiYqiQHp3Wp2u7bwJ/ufW8xjV/E9DGtIWIYe
Mv6j1cGxkb7Z931TlFXJ9gwAjjfIi/73IGiX9+DpwQR/pqSGz/C68+P1txNj+mRD
EfXk44EPAH8vrsNA1tWr+U5K2y2JqDrmm46bxfIVoakpUP2DZOmKp3GekWpyjn+E
GWJOZ3GOU16C9ERrP0p6DHeMlv6Vps2DNka0zqQseAbsJPdK+mOQg1sY/WfhkE+j
3C5Rq8RJS+GBB/LRkVhentS8QxUywTitKEMsT68nWynwWsWYDVx24bk3uHr2tmQ/
yvldI3VZAoGBAPgFCy55wI2Q/MnEjFawq/GQpyRlhdyXT0Z5pvwL3m/zy+TjCNuB
8HL1hU5zgiVUAX9isv/DxDZfT4hrEbKgAh8udRADOnMrNKgXmbd+C/7T25BLIpIa
urVJDpfE8zaYbD+Rg1b2Y8lMoW6lpWvEzo4gT8Aix2EwOS8Z2LC1+tv9AoGBAPH9
VgCmK4RCep23HMXfL5s8ToES1K+thgHJTtaBB8/04qC9aV+u7NyuVvUqaoUfaZ2+
TbCR4TcPHVO+q1hpbrEt6vtQIx1lPddaG5S4ti/yGQI5zlfH5BSaeGDVTLYkvWzG
X5hfibunqkwnTEiLzWG8SOGZ9oiBityX5ez/ywcvAoGAVNL0xgph7ojdy+vqy2NV
CyMb5vjJ1W3ycPn+QEmW49cPrtJvHxPLtqV92BztL/MRKA4LhingG3BxdQiZXuwW
ja+H3dgcz3LBaZPYwMbdN2QhvbHUuv9lR8catJFpVQzASOVtc/qEmj4ZIAyLDNac
hkNKwz2hzv19MTy3vYgfqckCgYAjF7oBHhfxdjKR7Jwfld4xhO1din2NfHyShb8J
HG0lmz3CUbWWSqfO2PmDVENeSs/mMFLT6FPgyDBYlK4EhEWpLB+HkneFK8lsEYUu
bBr/mPxHdlqWIEbTNhN+92/Iekt+GsaCMlim/gmUQZ6uZpfCNKvdC5bU9PROSTju
xamLwQKBgDb33aBqwIQ58hUaiG0J6hGPITxlz1+WXQqasnjvtJEr9z6QrghpJiHQ
NlEx2gm5IuFvQuIpM0+oWsnx3GbhmwLtURLwPJztZFw5kBOXs3vYYb/h0kTYdo6E
tUT97OCo4fHufRicWqPaEhjP+sCfJuHk3uCNKI+58u7ejP/utsKe
-----END RSA PRIVATE KEY-----
[root@gxl-1 .ssh]#
3. 将公钥拷贝到要免密登录的机器上
[root@gxl-1 .ssh]# ssh-copy-id 192.168.0.80
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.0.80 (192.168.0.80)' can't be established.
ECDSA key fingerprint is SHA256:w+VGd9gPS/GWd2mVtXaZJmrVO5KN9sW9QHvYO5+122A.
ECDSA key fingerprint is MD5:f0:32:15:89:21:f7:9d:8d:a8:9e:ac:10:90:6c:67:8e.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.80's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.0.80'"
and check to make sure that only the key(s) you wanted were added.
[root@gxl-1 .ssh]#
3.2 在远程机器上切换到.ssh目录:cd ~./ssh
发现在.ssh目录下多了个文件authorized_key,其内容就是密码值,这个时候就可以直接访问该远程主机了