环境
操作系统:win7
虚拟机: centos7
1、在本机中创建秘钥
1、执行命令:ssh-keygen -t rsa -C "xx@qq.com"(随便编个字符串,一般用邮箱)
2、之后一路回车就行啦;会在~(home)目录下中产生.ssh(隐藏)文件夹;
3、里面有两个文件id_rsa(私钥)、id_rsa.pub(公钥)文件
注意事项:
①在liunx环境下,要想复制公钥或是私钥,不要使用vim等编辑器打开文件来复制粘贴;
因为它会产生不必要的回车。
②应该使用cat把内容打印到终端上再来复制粘贴;
2、用 ssh-copy-id 把公钥复制到远程主机上
[yutao@localhost ~]$ ssh-copy-id yutao@192.168.161.132 #把秘钥拷贝到远程服务器
用这种方式拷贝使用的端口是Linux默认的22,如果你想指定端口,可以使用:
ssh-copy-id -i /用户名/.ssh/id_rsa.pub '-p 端口号 远程服务器用户名@106.75.52.44'
ssh-copy-id -i /root/.ssh/id_rsa.pub '-p 22222 root@106.75.52.44'
# 或者 把单引号去掉
ssh-copy-id -i /root/.ssh/id_rsa.pub -p 22222 root@106.75.52.44
这里一定要注意root@106.75.52.44这个root是指远程服务器的用户名,也就是远程那台机子上存在的用户名。
这里可能需要等一段时间,反正我是等了挺久的时间,然后显示要你输入密码:
root@106.75.52.44's password:
输入完密码后,显示:
Now try logging into the machine, with "ssh '-p 22222 root@106.75.52.44'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
表示成功了!
注意:ssh-copy-id 可把公钥密钥追加到远程主机的 .ssh/authorized_key文件中
①出现bash: ssh-copy-idyutao@192.168.161.132: command not found。
说明没有没有安装ssh-copy-id命令;执行命令:
sudo yum -y install openssh-clients
②当看到这句话时说明拷贝到远程服务器成功:
Now try logging into the machine, with "ssh 'yutao@192.168.161.132'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
远程登入
[yutao@localhost ~]$ ssh yutao@192.168.161.134
Last login: Mon Oct 10 14:18:54 2016 from 192.168.161.135
实际上我们一般在公司里都会带上端口号;
ssh developer@123.59.44.56 -p 22222
注: SSH 不会询问密码了即可远程登录主机
退出远程服务器:
[yutao@localhost ~]$ exit
logout
Connection to 192.168.161.134 closed.
参考地址
以上是两台服务器间的免密登陆,要是是想本机(win10)和虚拟机间的免密登陆
本机和虚拟机免密
①首先在本机的.ssh文件夹中打开git的窗口,也就是右键git bash here。
②执行远程拷贝命令,上面已经写过了
yutao@yutao MINGW64 ~/.ssh
$ ssh-copy-id -i id_rsa.pub '-p 22 yutao@192.168.116.131'
但是呢,出问题啦,提示如下:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname
-f: force mode -- copy keys without trying to check if they are already installed
-n: dry run -- no keys are actually copied
-h|-?: print this help
后来我换了一种写法:
$ ssh-copy-id yutao@192.168.116.131
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/c/Users/yutao/.ssh/id_rsa.pub"
The authenticity of host '192.168.116.131 (192.168.116.131)' can't be established.
ECDSA key fingerprint is SHA256:PGCzMVtO2SzEeNe8Qml/SAARcmOR4gG/Q0aeykMw7pg.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
yutao@192.168.116.131's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'yutao@192.168.116.131'"
and check to make sure that only the key(s) you wanted were added.
也就是不指定端口和公钥文件。就成功了,具体原因我也说不上来。
中途会要你输入远程服务器的密码,比如我
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
yutao@192.168.116.131's password: #这里输入远程服务器密码
验证
再去远程服务器中查看,我的路径是:
/home/yutao/.ssh/
输入命令ll
-rw-------. 1 yutao yutao 393 4月 15 21:38 authorized_keys
-rw-------. 1 yutao yutao 1675 4月 15 21:30 id_rsa
-rw-r--r--. 1 yutao yutao 387 4月 15 21:30 id_rsa.pub
可以看到已经生成authorized_keys文件,再执行cat authorized_keys。
就可以看到具体的公钥了。
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-2018年12月12日-=-=-=-=-=-=-=修改-=-=-=-=-=-=-=-=
今天在重新安装jenkins时,发现一个写法问题:
ssh-copy-id -i /root/.ssh/id_rsa.pub '-p 22222 root@106.75.52.44'
这种写法会把我上面提到的一个问题(当时我不知道为什么,而是改成去掉指定端口)。
今天发现把单引号去掉就可以啦
ssh-copy-id -i /root/.ssh/id_rsa.pub -p 22222 root@106.75.52.44
这样就不会报下面的信息:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/jenkins/.ssh/id_rsa.pub"
Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname
-f: force mode -- copy keys without trying to check if they are already installed
-n: dry run -- no keys are actually copied
-h|-?: print this help
304
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
