维护中,常常遇到需要ssh,scp,或者rsync,每次都需要输入密码,非常麻烦。特别是在自动化shell脚本中,涉及到scp或者rsync的操作时,就需要无密码执行命令。以下来看一下,如何无密码ssh,scp。
现在有两台主机,主机A和主机B,在同一个网络中,且两台主机都有同一个用户root(也可以是同一个其他用户),下面为同一个用户root添加无密码ssh,scp。
1,在主机A生成密钥和公钥
[root@ecs-7bc6-0001 ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /home/work/docker/centos/ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/work/docker/centos/ssh/id_rsa.
Your public key has been saved in /home/work/docker/centos/ssh/id_rsa.pub.
The key fingerprint is:
SHA256:S3zH48HfguyFctJutqXtP/+lIUUWLTmnCU0myllzCLE root@ecs-7bc6-0001.novalocal
The key's randomart image is:
+---[RSA 2048]----+
| oo++=o |
| . =o==.o|
| E .o* |
| . o oo |
| S . * . |
| . o = B . |
| . o O * o|
| *o* =.|
| o=o+.B|
+----[SHA256]----生成过程中需要输入存储目录,如果不输入默认在执行命令用户根目录中的.ssh目录下,在生成目录下查看生成的密钥id_rsa和公钥id_rsa.pub
[root@ecs-7bc6-0001 ssh]# ls
id_rsa id_rsa.pub内容分别是:
[root@ecs-7bc6-0001 ssh]# cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtMy5N9159+9cnaz8rbR1kx0xtKdAU702b/Lfz6pgUtzKF1le
nD/2gQykUxpIIvcgGYZzVBPGxXzDDJCu1vmMtKbYvEz8iLY+x4BaQ1K+4Mpat1cG
IIAMjmYx8IFvtfR+IqLrH7uWHCq283TlVDe2NvTrppyHzoNOsBlbMl7RTrJpdnMl
i7H0zuYK+qdj6zFqNq056K1x0WwOWVTz5w4Hyp28g9tFq6Ce2H+9GJNRtkuGRGXF
gI7XrkAirQ1QWLItymht1h8WdIw0K8qoZT09SrLWJQPLa5Miu7CVhwRsDTDgXbIY
j7nfNZn2F7lPkb/AWK9woXQb5qtvf4Dg9eChBwIDAQABAoIBAQCqGIUU2ug561bN
/QaIAeQvsOKnnEZ3weaqMeyAekE/E/uJNgo9pCusw5EBohNF2gu4F/b+ndB+0d7L
Pn9PPt4yw1na5e8cS6EKnmXNOtbbs2TfYh8ginfFrL3FEHFh1RCqU24zn48dFs6i
g1KSBgwG7iuZx2A5WO253VEgNXZjuv8FjoVCWR+VmU2cfouB5RM6DxHkGqyZ0nvb
bSuYNb8KLyylVibY0IXBBhiIXsYXDNJji1A1XeqNQUHewDINTYJuUAr68nr0yr8W
YbOQJte07dgdGi44A9e0QnzlE5txuV5RrEJlTbEMVO5XAFhgk+mG3YrSKGiKucvr
dVtTiGERAoGBAOKNs/jf7iDEgUBW2j0tuTT+3HM8KqfJjGFjw5uc0BpCeIy7VpAK
ikWOjZrPyHsjWKwCnXycxAOms9v2hJe3j1BilHdQA6XpaBbvwQHLgj9zda0Wn6hV
3aIZegeENKHnEP8tEuEZe+rAWgIHR+JZkv7YcI58t2kI0ZO2et2SbD85AoGBAMxM
neWfWEAMO8gHcdLp3D/3jcNRfhUAW7bAAs56tPGnsPf6bjJSg2YVQv76Wffeobdq
fnWBILRWJ4oyCxyLmPDL0ZUp4YlEfvkUDxcTH/93FJUqkL+9MTRJRKM/AmzggSkv
e10jk0Xf4KIRDgJwRXW4M669IqkhLbBd4DKcE6I/AoGAKBNa97ZdAEzidEgo2NOi
xH4k7vmArieX/o5QRtGpekux2Ws2N8q1hPJfmDgTRb0N7XeU9jsg7WhqvolQESp2
XojhrG1qB8pPEGee47tlMeYxtcmfun5d81PAY13+lXkzZ4BIq6r/YZpfEabKD386
4nvVBU+IfjsCH7gS6ekB3vkCgYA9Suc8UtgZLxJoasNdccggcNbZOIPJLThW1biB
1hKfRZ40Z6/T7Sl64PoeoWGImgSOkKar/jefoxFtxqHKyJ7z71JLnCsMEb6+X6Q/
Wf+Jl2JXdlPDErHGbAzppSfHHnvhrVsnkFrI5efw94jqdmCAdukajafucgPRG/j9
dhH15QKBgAiN8f4AN1iUUisB9sCljR3Lebblc1300stkQH3vkIrxIfQ+vgRa9HaN
Y90BKZ5REqF51ZWUxU7/tR8ZQEigamo4wQe/6Rji/dfBPlVY9JU3f8vLbJ+R0GQR
fl1qk9hMvhw1syD1HX0bAbOA1nXjYHCswP5KYReMukVXRdR9B+wl
-----END RSA PRIVATE KEY-----
[root@ecs-7bc6-0001 ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0zLk33Xn371ydrPyttHWTHTG0p0BTvTZv8t/PqmBS3MoXWV6cP/aBDKRTGkgi9yAZhnNUE8bFfMMMkK7W+Yy0pti8TPyItj7HgFpDUr7gylq3VwYggAyOZjHwgW+19H4iousfu5YcKrbzdOVUN7Y29OumnIfOg06wGVsyXtFOsml2cyWLsfTO5gr6p2PrMWo2rTnorXHRbA5ZVPPnDgfKnbyD20WroJ7Yf70Yk1G2S4ZEZcWAjteuQCKtDVBYsi3KaG3WHxZ0jDQryqhlPT1KstYlA8trkyK7sJWHBGwNMOBdshiPud81mfYXuU+Rv8BYr3ChdBvmq29/gOD14KEH root@ecs-7bc6-0001.novalocal2,保存密钥,添加公钥
把生成的密钥id_rsa复制到主机A的root用户根目录的.ssh/目录下。
把生成的公钥id_rsa.pub中的内容添加到主机B,相同用户根目录下.ssh目录下的authorized_keys文件中。
通过以上两步,主机B就可以无密码的访问主机A。
3,同样如果主机A需要无密码访问主机B,根据1,2两步。
在主机B上生成密钥和公钥,并把B的公钥添加到A的authorized_keys中,且把B的私钥存放在B的root用户根目录的.ssh目录下。
4,如果有多台机器,只需要保证本机的公钥添加到目标机器./ssh/authorized_keys中,目标机器就可以无密码访问本机。
5,多台机器时,有一个简单的方案。
生成一个密钥对,多台机器共用一个密钥和公钥,authorized_keys中添加多行公钥,每个公钥的最后一列修改IP或者主机名,标记这是登录某个主机时需要携带的公钥即可。如下:
ssh-rsa {xxxxxxkeys} root@master2
ssh-rsa {xxxxxsKeys} root@slave3
ssh-rsa {xxxxxsKeys} root@slave4(完)(^_^)
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
