步骤
一、密钥登录
- 在服务器创建密钥
cd .ssh/
ssh-keygen -t rsa -C "xxxxxxx@email.com" -f ./id_rsa
-f 指定路径, ./ 指当前路径
- 在服务器上安装公钥
cat id_rsa.pub >> authorized_keys
- 设置文件权限
chmod 600 authorized_keys
chmod 700 ~/.ssh
二、禁用密码
- 修改配置文件,打开秘钥登录功能
#备份
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
#删除配置项
sed -i '/PasswordAuthentication.*/d' /etc/ssh/sshd_config
sed -i '/PubkeyAuthentication.*/d' /etc/ssh/sshd_config
sed -i '/RSAAuthentication.*/d' /etc/ssh/sshd_config
sed -i '/AuthorizedKeysFile.*/d' /etc/ssh/sshd_config
#追加配置项
cat >>/etc/ssh/sshd_config<<EOF
PasswordAuthentication no
PubkeyAuthentication yes
RSAAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
EOF
- 重启sshd服务
systemctl restart sshd
三、免密登录
# 安装sshpass
yum install -y sshpass
# 在当前服务器生成密钥对
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa <<< y
# 安装密钥对
cd /root/.ssh && cat id_rsa.pub >> authorized_keys
# 设置ssh_config
sed -i '/StrictHostKeyChecking/c StrictHostKeyChecking no' /etc/ssh/ssh_config
# 通过目标服务器的密码建立免密机制
sshpass -p ${target_password} ssh-copy-id root@${target_ip} -p 22