RHCE作业 - 通过两台linux主机配置ssh实现互相免密登陆

1.设置服务器（192.168.247.128）与客户端（192.168.247.129）

（1）服务器要取消防火墙

[root@server ~]# systemctl stop firewalld
[root@server ~]# systemctl is-active firewalld
inactive

（2）查看是否安装sshd程序，sshd程序是否运行

[root@server ~]# rpm -qa | grep sshd
[root@server ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-01-18 09:33:48 CST; 22min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 4477 (sshd)
      Tasks: 1 (limit: 10685)
     Memory: 1.4M
        CPU: 16ms
     CGroup: /system.slice/sshd.service
             └─4477 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
 
1月 18 09:33:48 server systemd[1]: Starting OpenSSH server daemon...
1月 18 09:33:48 server sshd[4477]: Server listening on 0.0.0.0 port 22.
1月 18 09:33:48 server sshd[4477]: Server listening on :: port 22.
1月 18 09:33:48 server systemd[1]: Started OpenSSH server daemon.

（3）该文件查找 rpm -ql openssh-server， 

[root@server ~]# rpm -ql openssh-server
/etc/pam.d/sshd
/etc/ssh/sshd_config
/etc/ssh/sshd_config.d
/etc/ssh/sshd_config.d/50-redhat.conf
/etc/sysconfig/sshd
/usr/lib/.build-id
/usr/lib/.build-id/0a
/usr/lib/.build-id/0a/097ce559b361b0bdf826e0e4db2173c4f276e1
/usr/lib/.build-id/b5
/usr/lib/.build-id/b5/76ad4fdde56e0de23752e5d69f7175588c04ae
/usr/lib/systemd/system/sshd-keygen.target
/usr/lib/systemd/system/sshd-keygen@.service
/usr/lib/systemd/system/sshd.service
/usr/lib/systemd/system/sshd.socket
/usr/lib/systemd/system/sshd@.service
/usr/libexec/openssh/sftp-server
/usr/libexec/openssh/sshd-keygen
/usr/sbin/sshd
/usr/share/empty.sshd
/usr/share/man/man5/moduli.5.gz
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz

(4）然后对文件/etc/ssh/sshd_config进行编写

[root@server ~]# vim /etc/ssh/sshd_config

 
# Authentication:
 
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
 
#PubkeyAuthentication yes

 2.对客户端进行生成非对称秘匙

[root@client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:988TGpTGreZnFGxwLH7DIDeYEF5jqNetZIa0T8hJWks root@client
The key's randomart image is:
+---[RSA 3072]----+
|        o++o .   |
|       .Eo+.* o  |
|       O.B * @   |
|      o O * B O  |
|       .S*.+ + o |
|         .o.+ o  |
|           o.+ . |
|            oo+  |
|             oo. |
+----[SHA256]-----+
[root@client ~]# ll .ssh/
总用量 12
-rw-------. 1 root root 2590  1月 18 00:53 id_rsa
-rw-r--r--. 1 root root  565  1月 18 00:53 id_rsa.pub

3.把当前客户端.ssh/id_rsa.pub 文件发送到129主机的~/.ssh/authorized_keys

[root@client ~]# ssh-copy-id 192.168.247.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out an
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now
it is to install the new keys
root@192.168.247.128's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '192.168.247.128'"
and check to make sure that only the key(s) you wanted were added.
 

4.最后实现客户端免密登录.128

[root@server ~]# ssh 192.168.247.128
Activate the web console with: systemctl enable --now cockpit.socket
 
Register this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Thu Jan 18 09:01:40 2024
[root@client ~]#