目录
1、确认ssh服务开启
使用命令查看该服务状态:
[root@client ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
Active: active (running) since Wed 2024-01-10 16:50:53 CST; 26min ago
状态为active表示该服务正常运行,可以进行连接。
2、生成非对称密钥
这里的加密算法使用rsa:
[root@client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:hMFfH5xcXWslOjqXaZG2Qb+xaRIDvhZEwX9te6OVzGM root@client
The key's randomart image is:
+---[RSA 3072]----+
| .. o=+.oo.+|
| .o ooo=+ .+|
| ....ooX.o+ |
| .. =oXo=o|
| S = B.B.o|
| . + o E.|
| + +|
| . |
| |
+----[SHA256]-----+
这样就生成了一个密钥
查看
id_rsa:储存私钥的文件
id_rsa.pub:储存公钥的文件
[root@client ~]# ll .ssh/
total 8
-rw-------. 1 root root 2590 Jan 10 17:22 id_rsa
-rw-r--r--. 1 root root 565 Jan 10 17:22 id_rsa.pub
3、将生成的公钥发给需要免密登录的设备
发送时需要输入对端的root密码:
[root@client ~]# ssh-copy-id 192.168.91.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.91.129 (192.168.91.129)' can't be established.
ED25519 key fingerprint is SHA256:p6thXMpJ9BHPcD64+9sExPdwt6E28mJo3ClIZp3ka6s.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized users only. All activities may be monitored and reported.
root@192.168.91.129's password:
密码验证正确后即为发送成功:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.91.129'"
and check to make sure that only the key(s) you wanted were added.
在对端查看一下:
[root@server ~]# ll .ssh/
总计 4
-rw-------. 1 root root 565 1月10日 17:29 authorized_keys
authorized_keys:用于储存密钥
发送成功。
4、直接进行ssh连接
[root@client ~]# ssh 192.168.91.129
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported.
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Wed Jan 10 17:16:28 2024 from 192.168.91.1
Welcome to 6.4.0-10.1.0.20.oe2309.x86_64
System information as of time: Wed Jan 10 05:33:41 PM CST 2024
[root@server ~]#
登陆成功,对端将公钥文件传回己端,己端生成并将该信息记录在文件known_hosts中:
[root@client ~]# ll .ssh/
total 16
-rw-------. 1 root root 2590 Jan 10 17:22 id_rsa
-rw-r--r--. 1 root root 565 Jan 10 17:22 id_rsa.pub
-rw-------. 1 root root 664 Jan 10 17:29 known_hosts
-rw-------. 1 root root 96 Jan 10 17:28 known_hosts.old
5、在第二台设备进行相同配置
[root@server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:qSGHMwpquYXrmbSFh0wSh/hZ5jGQxdMCturl4x9YiDc root@server
The key's randomart image is:
+---[RSA 3072]----+
| +=.. |
|.o.o+ . |
|+ o =o |
| =.=.+ . |
|+ooE*.o S |
|*.O.+= o |
|.X.B .. |
|o @ . . |
|.B ... |
+----[SHA256]-----+
[root@server ~]# ssh-copy-id 192.168.91.133
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.91.133 (192.168.91.133)' can't be established.
ED25519 key fingerprint is SHA256:C2f3PdZxY1BrwzpmxrZbpXoDir1ISc3L5hXIfxDx4QU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Authorized users only. All activities may be monitored and reported.
root@192.168.91.133's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.91.133'"
and check to make sure that only the key(s) you wanted were added.
[root@server ~]# ssh 192.168.91.133
Authorized users only. All activities may be monitored and reported.
Authorized users only. All activities may be monitored and reported.
Last login: Wed Jan 10 17:16:58 2024 from 192.168.91.1
Welcome to 6.4.0-10.1.0.20.oe2309.x86_64
System information as of time: 2024年 01月 10日 星期三 17:41:07 CST
[root@client ~]#
双向连接成功。