通过两台linux主机配置ssh实现互相免密登陆

目录

1、确认ssh服务开启

2、生成非对称密钥

3、将生成的公钥发给需要免密登录的设备

4、直接进行ssh连接

5、在第二台设备进行相同配置

---

1、确认ssh服务开启

使用命令查看该服务状态：

[root@client ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
     Active: active (running) since Wed 2024-01-10 16:50:53 CST; 26min ago

状态为active表示该服务正常运行，可以进行连接。

2、生成非对称密钥

这里的加密算法使用rsa：

[root@client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:hMFfH5xcXWslOjqXaZG2Qb+xaRIDvhZEwX9te6OVzGM root@client
The key's randomart image is:
+---[RSA 3072]----+
|     ..  o=+.oo.+|
|      .o ooo=+ .+|
|      ....ooX.o+ |
|       ..  =oXo=o|
|        S = B.B.o|
|         . + o E.|
|              + +|
|             .   |
|                 |
+----[SHA256]-----+

这样就生成了一个密钥

查看
id_rsa：储存私钥的文件
id_rsa.pub：储存公钥的文件

[root@client ~]# ll .ssh/
total 8
-rw-------. 1 root root 2590 Jan 10 17:22 id_rsa
-rw-r--r--. 1 root root  565 Jan 10 17:22 id_rsa.pub

3、将生成的公钥发给需要免密登录的设备

发送时需要输入对端的root密码：

[root@client ~]# ssh-copy-id 192.168.91.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.91.129 (192.168.91.129)' can't be established.
ED25519 key fingerprint is SHA256:p6thXMpJ9BHPcD64+9sExPdwt6E28mJo3ClIZp3ka6s.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.
root@192.168.91.129's password: 

密码验证正确后即为发送成功：

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.91.129'"
and check to make sure that only the key(s) you wanted were added.

在对端查看一下：

[root@server ~]# ll .ssh/
总计 4
-rw-------. 1 root root 565  1月10日 17:29 authorized_keys

authorized_keys：用于储存密钥

发送成功。

4、直接进行ssh连接

[root@client ~]# ssh 192.168.91.129

Authorized users only. All activities may be monitored and reported.

Authorized users only. All activities may be monitored and reported.
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Wed Jan 10 17:16:28 2024 from 192.168.91.1


Welcome to 6.4.0-10.1.0.20.oe2309.x86_64

System information as of time: 	Wed Jan 10 05:33:41 PM CST 2024

[root@server ~]# 

登陆成功，对端将公钥文件传回己端，己端生成并将该信息记录在文件known_hosts中：

[root@client ~]# ll .ssh/
total 16
-rw-------. 1 root root 2590 Jan 10 17:22 id_rsa
-rw-r--r--. 1 root root  565 Jan 10 17:22 id_rsa.pub
-rw-------. 1 root root  664 Jan 10 17:29 known_hosts
-rw-------. 1 root root   96 Jan 10 17:28 known_hosts.old

5、在第二台设备进行相同配置

[root@server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:qSGHMwpquYXrmbSFh0wSh/hZ5jGQxdMCturl4x9YiDc root@server
The key's randomart image is:
+---[RSA 3072]----+
|  +=..           |
|.o.o+ .          |
|+ o =o           |
| =.=.+   .       |
|+ooE*.o S        |
|*.O.+= o         |
|.X.B ..          |
|o @ . .          |
|.B ...           |
+----[SHA256]-----+
[root@server ~]# ssh-copy-id 192.168.91.133
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.91.133 (192.168.91.133)' can't be established.
ED25519 key fingerprint is SHA256:C2f3PdZxY1BrwzpmxrZbpXoDir1ISc3L5hXIfxDx4QU.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Authorized users only. All activities may be monitored and reported.
root@192.168.91.133's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.91.133'"
and check to make sure that only the key(s) you wanted were added.

[root@server ~]# ssh 192.168.91.133

Authorized users only. All activities may be monitored and reported.

Authorized users only. All activities may be monitored and reported.
Last login: Wed Jan 10 17:16:58 2024 from 192.168.91.1


Welcome to 6.4.0-10.1.0.20.oe2309.x86_64

System information as of time: 	2024年 01月 10日 星期三 17:41:07 CST

[root@client ~]# 

双向连接成功。