CentOS 7 - SSH 配置免密码登录
环境信息
客户端操作系统信息:
[root@client ~]# cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
[root@client ~]# uname --kernel-release
3.10.0-1062.el7.x86_64
服务端操作系统信息:
[root@server ~]# cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
[root@server ~]# uname --kernel-release
3.10.0-1062.el7.x86_64
SSH 配置免密码登录
在客户端生成密钥对
使用 ssh-keygen
命令生成密钥对:
[root@client ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): // 密钥对的存储位置,使用默认路径,直接按回车键
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): // 密码,不设置,直接按回车键
Enter same passphrase again: // 确认密码
Your identification has been saved in /root/.ssh/id_rsa. // 私钥的存储位置
Your public key has been saved in /root/.ssh/id_rsa.pub. // 公钥的存储位置
The key fingerprint is:
SHA256:SwElxkbKx3tlk/AaIAonLcire3fV1hLPwBuRfBLfaZE root@client
The key's randomart image is:
+---[RSA 2048]----+
|=.. .o*.o..o .. |
|o=.o =o+ o=o..Eo |
| .o o.o o.*+. + |
| . . . *=. . |
|. . S. O |
|. o..= + |
| . ... . |
|. . . . |
| . . . |
+----[SHA256]-----+
注意:密钥对的默认存储位置和当前登录用户相关。因为当前使用 root 用户登录,所以生成的密钥对存储在 root 用户的 home 目录下,既 /root。
查看密钥对:
[root@client ~]# ll /root/.ssh/
total 8
-rw-------. 1 root root 1675 May 16 06:58 id_rsa
-rw-r--r--. 1 root root 393 May 16 06:58 id_rsa.pub
将客户端的公钥发送到服务端
将客户端的公钥(/root/.ssh/id_rsa.pub)发送到服务端(192.168.88.174)的 root 用户目录下:
[root@client ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.88.174
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.88.174 (192.168.88.174)' can't be established.
ECDSA key fingerprint is SHA256:4MtI2DKLAUzJR7xObbtMQMjqFwnL5gIXsvqMQ8nQgII.
ECDSA key fingerprint is MD5:66:4b:31:ea:63:3d:0a:85:09:09:7b:ac:3a:d8:ea:8c.
Are you sure you want to continue connecting (yes/no)? yes // 是否继续
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.88.174's password: // 输入远程主机密码(服务端)
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.88.174'"
and check to make sure that only the key(s) you wanted were added.
注意:将公钥发送给 root@192.168.88.174
,意味使用 root 用户登录服务端,一般不建议这么做。
除了 ssh-copy-id
命令之外,还可以使用 scp
命令,不过这种方式比前者较为麻烦:
[root@client ~]# scp /root/.ssh/id_rsa.pub root@192.168.88.174:/root/.ssh/authorized_keys
The authenticity of host '192.168.88.174 (192.168.88.174)' can't be established.
ECDSA key fingerprint is SHA256:4MtI2DKLAUzJR7xObbtMQMjqFwnL5gIXsvqMQ8nQgII.
ECDSA key fingerprint is MD5:66:4b:31:ea:63:3d:0a:85:09:09:7b:ac:3a:d8:ea:8c.
Are you sure you want to continue connecting (yes/no)? yes // 确认
Warning: Permanently added '192.168.88.174' (ECDSA) to the list of known hosts.
root@192.168.88.174's password: // 输入远程主机密码
id_rsa.pub 100% 393 461.5KB/s 00:00
命令 scp /root/.ssh/id_rsa.pub root@192.168.88.174:/root/.ssh/authorized_keys
表示将当前主机中的 /root/.ssh/id_rsa.pub
文件复制到主机 root@192.168.88.174
的 /root/.ssh/
目录,并命名为 authorized_keys
。
注意:使用 scp
命令从客户端将公钥复制服务端,需要提前在服务端准备好 .ssh 文件夹,否则会提示没有相关目录。
在服务端查看公钥
在服务端查看公钥:
[root@server ~]# pwd
/root
[root@server ~]# ls -a
. anaconda-ks.cfg .bash_logout .bashrc .ssh
.. .bash_history .bash_profile .cshrc .tcshrc
[root@server ~]# ls -a .ssh/
. .. authorized_keys
[root@server ~]# cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0c6khDja/0phSMsZfw+vYqDD2uOijdmW8+esqRfKcJbn01bepO11elqg9vzWl0UbzqA7+MVFJJJt3sZGfIGArMqiJ5pe2AS9paxG9kSeUcgByhr31R884W7euDW6JBioqyM2XCtKbbXonU7uvZ/xAyTWEpIifTJxFY7fVAXeLdp9LS/dre4LIPPN/RQEgnjmVhAdy2idOV0bd83e1FfoF3GIIp66TlUzlVmzu95iGYO6YziU0YEsdPbtIT3ZwCCUEqeMQOSwiRdmjMOpmH6jg9HLYEacHsssubFm2lgfDkLhW+aBziBArVpjPEsYMk03HE+K22l2qEyczLDPgYk6R root@client
登录验证
完成以上配置之后,就可以在客户端使用 ssh 用户名@主机地址
命令登录服务端:
[root@client ~]# ssh root@192.168.88.174
Last login: Sat May 16 06:57:41 2020 from 192.168.88.1