(1)在客户机A中生成公/私密钥对。
1)root用户创建密钥对
[root@controller1 .ssh]# ssh-keygen -t rsa -P '123456'
-P表示密码,-P '' 就表示空密码,也可以不用-P参数,这样就要回车并输入密码。
该命令将在/root/.ssh目录下面产生一对密钥id_rsa和id_rsa.pub。
ssh-keygen生成的rsa密钥对:
id_rsa 私钥=>相当于钥
id_rsa.pub 公钥=>相当于锁
相当于将锁放到其它机器上,加上这把锁。登录的时候,就用自已私钥去打开它
下述命令产生不同类型的密钥
ssh-keygen -t dsa
ssh-keygen -t rsa
ssh-keygen -t rsa1
2)其它用户创建
[root@controller1 ~]# adduser sds
[root@controller1 ~]# su - sds
[sds@controller1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sds/.ssh/id_rsa):
Created directory '/home/sds/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sds/.ssh/id_rsa.
Your public key has been saved in /home/sds/.ssh/id_rsa.pub.
密钥对存放在用户的家目录中:/home/sds/.ssh/id_rsa.pub
(2)将客户机中的公钥复制到目标机B中
1)用ssh-copy-id工具分发公钥
[root@controller1 .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.100.73
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '172.16.100.73 (172.16.100.73)' can't be established.
...
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.100.73's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '172.16.100.73'"
and check to make sure that only the key(s) you wanted were added.
2)用scp复制分发公钥
把A机下的/root/.ssh/id_rsa.pub复制到B机的/root/.ssh/authorized_keys文件里,先要在B机上创建好 /root/.ssh 这个目录,。
[root@controller1 .ssh]# scp /root/.ssh/id_rsa.pub root@172.16.100.72:~/.ssh/authorized_keys
root@172.16.100.72 password:
由于还没有免密码登录的,所以要输入一次B机的root密码。
3)直接将公钥内容复制到authorized_keys文件中
查看公钥内容:
[root@controller1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHhsDaUIxYhY9P/8Y6zs9oKnGpKKl3k9QeZOGD7p63a74+jPc0iqmsq+OzxgcTkYsj/ULt5hP2FKfK0+gZ4tCx7x0S+bUGAuFUTuOZQFvOadrPOQ9MSYVgwToHm8hRywUjRTVSuA1mhNQnoUGXeqazOfDF8cYczgsEbmCJmpLeBea1jWhXbeYTqNhVHZt2TihDPGCB8+sZGYTZq2Q+Sz8bYOn+aSaeatVYzLDlEug1DU9pGTyEcU5d6sfJARz91wjP8156Ro/n0dI9RQJNEZ1bH54Hs+iQeYdvRT61GIdYVRSJsD1Zva82rctNYOFI4s7mQwI1vtzd8eMo7DRXJnt3 root@controller1
[root@controller1 .ssh]#
直接复制公钥内容到authorized_keys文件
[root@network1 .ssh]# cat >authorized_keys <<eof
> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHhsDaUIxYhY9P/8Y6zs9oKnGpKKl3k9QeZOGD7p63a74+jPc0iqmsq+OzxgcTkYsj/ULt5hP2FKfK0+gZ4tCx7x0S+bUGAuFUTuOZQFvOadrPOQ9MSYVgwToHm8hRywUjRTVSuA1mhNQnoUGXeqazOfDF8cYczgsEbmCJmpLeBea1jWhXbeYTqNhVHZt2TihDPGCB8+sZGYTZq2Q+Sz8bYOn+aSaeatVYzLDlEug1DU9pGTyEcU5d6sfJARz91wjP8156Ro/n0dI9RQJNEZ1bH54Hs+iQeYdvRT61GIdYVRSJsD1Zva82rctNYOFI4s7mQwI1vtzd8eMo7DRXJnt3 root@controller1
> eof
记得修改[root@network1 ~]# chmod 600 .ssh/authorized_keys 权限
(3)为了安全性将authorized_keys的权限改为600
[root@compute1 .ssh]# ll
total 8
-rw-r--r-- 1 root root 398 Jul 4 15:33 authorized_keys
-rw-r--r--. 1 root root 350 Jun 8 20:05 known_hosts
[root@compute1 .ssh]# chmod 600 authorized_keys
[root@compute1 .ssh]# ll
total 8
-rw------- 1 root root 398 Jul 4 15:33 authorized_keys
-rw-r--r--. 1 root root 350 Jun 8 20:05 known_hosts
(4)客户A机登录到目标B机
1)默认私钥登录
[root@controller1 .ssh]# ssh 172.16.100.72
Last login: Wed Jul 4 15:28:14 2018 from controller1
[root@compute1 ~]#
2)指定私钥登录
[root@controller1 .ssh]# ssh -i ~/.ssh/id_rsa 172.16.100.73
Last login: Tue Jun 12 15:32:53 2018 from 172.16.100.111
1)root用户创建密钥对
[root@controller1 .ssh]# ssh-keygen -t rsa -P '123456'
-P表示密码,-P '' 就表示空密码,也可以不用-P参数,这样就要回车并输入密码。
该命令将在/root/.ssh目录下面产生一对密钥id_rsa和id_rsa.pub。
ssh-keygen生成的rsa密钥对:
id_rsa 私钥=>相当于钥
id_rsa.pub 公钥=>相当于锁
相当于将锁放到其它机器上,加上这把锁。登录的时候,就用自已私钥去打开它
下述命令产生不同类型的密钥
ssh-keygen -t dsa
ssh-keygen -t rsa
ssh-keygen -t rsa1
2)其它用户创建
[root@controller1 ~]# adduser sds
[root@controller1 ~]# su - sds
[sds@controller1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sds/.ssh/id_rsa):
Created directory '/home/sds/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sds/.ssh/id_rsa.
Your public key has been saved in /home/sds/.ssh/id_rsa.pub.
密钥对存放在用户的家目录中:/home/sds/.ssh/id_rsa.pub
(2)将客户机中的公钥复制到目标机B中
1)用ssh-copy-id工具分发公钥
[root@controller1 .ssh]# ssh-copy-id -i ~/.ssh/id_rsa.pub 172.16.100.73
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '172.16.100.73 (172.16.100.73)' can't be established.
...
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.100.73's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '172.16.100.73'"
and check to make sure that only the key(s) you wanted were added.
2)用scp复制分发公钥
把A机下的/root/.ssh/id_rsa.pub复制到B机的/root/.ssh/authorized_keys文件里,先要在B机上创建好 /root/.ssh 这个目录,。
[root@controller1 .ssh]# scp /root/.ssh/id_rsa.pub root@172.16.100.72:~/.ssh/authorized_keys
root@172.16.100.72 password:
由于还没有免密码登录的,所以要输入一次B机的root密码。
3)直接将公钥内容复制到authorized_keys文件中
查看公钥内容:
[root@controller1 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHhsDaUIxYhY9P/8Y6zs9oKnGpKKl3k9QeZOGD7p63a74+jPc0iqmsq+OzxgcTkYsj/ULt5hP2FKfK0+gZ4tCx7x0S+bUGAuFUTuOZQFvOadrPOQ9MSYVgwToHm8hRywUjRTVSuA1mhNQnoUGXeqazOfDF8cYczgsEbmCJmpLeBea1jWhXbeYTqNhVHZt2TihDPGCB8+sZGYTZq2Q+Sz8bYOn+aSaeatVYzLDlEug1DU9pGTyEcU5d6sfJARz91wjP8156Ro/n0dI9RQJNEZ1bH54Hs+iQeYdvRT61GIdYVRSJsD1Zva82rctNYOFI4s7mQwI1vtzd8eMo7DRXJnt3 root@controller1
[root@controller1 .ssh]#
直接复制公钥内容到authorized_keys文件
[root@network1 .ssh]# cat >authorized_keys <<eof
> ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHhsDaUIxYhY9P/8Y6zs9oKnGpKKl3k9QeZOGD7p63a74+jPc0iqmsq+OzxgcTkYsj/ULt5hP2FKfK0+gZ4tCx7x0S+bUGAuFUTuOZQFvOadrPOQ9MSYVgwToHm8hRywUjRTVSuA1mhNQnoUGXeqazOfDF8cYczgsEbmCJmpLeBea1jWhXbeYTqNhVHZt2TihDPGCB8+sZGYTZq2Q+Sz8bYOn+aSaeatVYzLDlEug1DU9pGTyEcU5d6sfJARz91wjP8156Ro/n0dI9RQJNEZ1bH54Hs+iQeYdvRT61GIdYVRSJsD1Zva82rctNYOFI4s7mQwI1vtzd8eMo7DRXJnt3 root@controller1
> eof
记得修改[root@network1 ~]# chmod 600 .ssh/authorized_keys 权限
(3)为了安全性将authorized_keys的权限改为600
[root@compute1 .ssh]# ll
total 8
-rw-r--r-- 1 root root 398 Jul 4 15:33 authorized_keys
-rw-r--r--. 1 root root 350 Jun 8 20:05 known_hosts
[root@compute1 .ssh]# chmod 600 authorized_keys
[root@compute1 .ssh]# ll
total 8
-rw------- 1 root root 398 Jul 4 15:33 authorized_keys
-rw-r--r--. 1 root root 350 Jun 8 20:05 known_hosts
(4)客户A机登录到目标B机
1)默认私钥登录
[root@controller1 .ssh]# ssh 172.16.100.72
Last login: Wed Jul 4 15:28:14 2018 from controller1
[root@compute1 ~]#
2)指定私钥登录
[root@controller1 .ssh]# ssh -i ~/.ssh/id_rsa 172.16.100.73
Last login: Tue Jun 12 15:32:53 2018 from 172.16.100.111
指定了私钥路径和私钥名
扫一扫
3971
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
