Xshell原理
每次通过Xshell连接Linux服务器的时候都需要输入用户名和密码和主机名,后续每次进行连接的时候都不需要输入密码的,只有第一次连接需要输入密码.
其实在第一次连接的时候实际上是建立了一次信任的过程,实际上是服务端生成了一个密钥给你进行保存.
默认情况下需要输入密码才能登录,
# 登录操作
[root@zjj101 ~]# ssh root@zjj102
# 输入密码
root@zjj102's password:
# 进入了zjj102机器
Last failed login: Sat Oct 16 16:34:56 CST 2021 from 172.16.10.101 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Sat Oct 16 16:30:08 2021 from 172.16.10.1
# 退出zjj102机器
[root@zjj102 ~]# exit
登出
Connection to zjj102 closed.
生成公钥和私钥
生成公钥和私钥 , 默认保存括号里面的内容,
命令: ssh-keygen -t rsa
直接回车三下就可以了,啥也不用管
[root@zjj101 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:HLoOUb25W6avx5qhdKUmvR0Zh8lyKGbTir8x7z2lPTU root@zjj101.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| |
| . |
| . o |
| . + * o |
| . * S B . |
| = * * +. E |
| o B B.=+ . . |
| = O @=.o |
| =oX=+. . |
+----[SHA256]-----+
[root@zjj101 ~]#
查看生成的 id_rsa.pub文件
目录是隐藏目录,需要这样进来观看
查看的话需要 用 ls -al 查看,
或者直接cd到 /root/.ssh/
# 进入目录
[root@zjj101 ~]# cd /root/.ssh/
# 查看文件 列表
[root@zjj101 .ssh]# ls
id_rsa id_rsa.pub known_hosts
# 查看 id_rsa.pub文件
[root@zjj101 .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh72yOJ9NviP85Y8jnDRQSZ+2UA8gbGqujJLZAFAGq7dq+kFPvBK3X00buigJjHGscKrb8RcObd62YfBejX1VvqxWXwI43nbSb+lJDRshJXsXlPtmKAXUyaWL1DqM3Zd53b4kDgJGuBCWnuWCgUjP0/+7X3y1qtmtzy975A+NDmOusBjF2UdJJ5YGEvokYWQoCI1aPc8ou5Q/Ui0yC92Te+wdTbozFJvFufRjTjvQrvJjMqw38oiRSx3YYmUfUoaUENVb83QaQgw7MGb7PgIaJ3BW+v89aRUIrKAcE52jlw57hSB+kdLLRdwKHEzu19gFVZqn+GD/io47NEeiJ5uW1 root@zjj101.localdomain
[root@zjj101 .ssh]#
将公钥复制到远程机器中
命令: ssh-copy-id root@zjj102
解释: root@zjj102是要复制的目标机器
# 执行命令
[root@zjj101 .ssh]# ssh-copy-id root@zjj102
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
# 这里输入 zjj102机器的登录密码
root@zjj102's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@zjj102'"
and check to make sure that only the key(s) you wanted were added.
[root@zjj101 .ssh]#
测试登录别的服务器是否还需要输入密码
命令: ssh root@zjj102
发现现在已经不用输入密码了.
# 登录zjj102机器
[root@zjj101 .ssh]# ssh root@zjj102
Last login: Sat Oct 16 16:37:48 2021 from 172.16.10.101
# 退出zjj102
[root@zjj102 ~]# exit
登出
Connection to zjj102 closed.
[root@zjj101 .ssh]#
查看目标机器是否写入成功
就能看到 authorized_keys 已经有内容了, 正常情况下 既然上面步骤zjj101登录zjj102的时候都没输入密码就登录了,肯定说明已经成功了,
# 进入到目录中
[root@zjj102 ~]# cd /root/.ssh/
# 查看文件
[root@zjj102 .ssh]# ls
authorized_keys
# 查看文件内容
[root@zjj102 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh72yOJ9NviP85Y8jnDRQSZ+2UA8gbGqujJLZAFAGq7dq+kFPvBK3X00buigJjHGscKrb8RcObd62YfBejX1VvqxWXwI43nbSb+lJDRshJXsXlPtmKAXUyaWL1DqM3Zd53b4kDgJGuBCWnuWCgUjP0/+7X3y1qtmtzy975A+NDmOusBjF2UdJJ5YGEvokYWQoCI1aPc8ou5Q/Ui0yC92Te+wdTbozFJvFufRjTjvQrvJjMqw38oiRSx3YYmUfUoaUENVb83QaQgw7MGb7PgIaJ3BW+v89aRUIrKAcE52jlw57hSB+kdLLRdwKHEzu19gFVZqn+GD/io47NEeiJ5uW1 root@zjj101.localdomain
[root@zjj102 .ssh]#
取消免输入密码登录
直接清空目标服务器的/root/.ssh/的authorized_keys 文件里面的相关公钥信息即可.
[root@zjj102 ~]# cd /root/.ssh/
[root@zjj102 .ssh]# ls
authorized_keys
[root@zjj102 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDq6Z1CKsbHw2nqycGXjnoxbi2l+DQt5Hnv5OmMjx8DdB1AxUBxwGZwWSMAWbqiOpbHOlOkHUgNPEXhv1AKP+Bg+W/v3w2xBgBI/YQpSTgMQCoKBzT1GNtrn3VgZ2X/k3PDzS17WCBvhO2InWAMIBhqT+ik2i+viTBYOD9AogyWoCe42zL8aTE7eQfCyzf/xMbaMd4Yll1JeRNPgYN6VzLW5LqXb3O5DHwcUsed0M659gboCRqcpARrvtXkeiZt7kyuJb2DOv6ADPINWA9iDwPYMXK44KUm3HnsnFo1yGpyVbtuDW/zZSPf5eaM0QmRGTZ2OpxWvExlzzGthUu0jRl7 root@zjj101
1012
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
