平常使用ssh登陆远程服务器时,都需要使用输入密码,希望可以实现通过密钥登陆而免除输入密码,从而可以为以后实现批量自动部署主机做好准备。
环境如下:| IP地址 | 操作系统 | |
|---|---|---|
| 服务器端 | 10.0.0.10 | CentOS 6.5 x86 |
| 客户端 | 10.0.0.61 | CentOS 6.5 x86 |
1.客户端生成密钥对
[root@rsync10 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
99:af:26:b0:23:e2:04:9f:48:02:77:8a:d5:6d:b3:c7 root@rsync10
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . . |
|. o o + |
|.+ o . + o |
|+.. . E |
|+o .. . . |
|..o o . |
|o . o . .. |
|.o . . o. |
+-----------------+查看生成的密钥对
[root@rsync10 ~]# ls .ssh/
id_rsa id_rsa.pub
id_rsa为私钥,这个一般需要保密;id_rsa.pub为公钥,这个可以公开。
2.上传公钥到服务器端
使用scp命令操作:
[root@rsync10 ~]# scp .ssh/id_rsa.pub root@10.0.0.61:/root/
The authenticity of host '10.0.0.61 (10.0.0.61)' can't be established.
RSA key fingerprint is 83:c2:2d:85:79:f7:20:36:34:1d:53:1c:7a:b0:d9:bc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.61' (RSA) to the list of known hosts.
root@10.0.0.61's password:
id_rsa.pub 100% 394 0.4KB/s 00:00
3.服务器端操作
把从客户端传来的公钥添加到.ssh/authorized_keys中:
[root@mb01 ~]# mkdir .ssh
[root@mb01 ~]# cat id_rsa.pub >> .ssh/authorized_keys
[root@mb01 ~]# chmod 600 .ssh/authorized_keys
4.修改ssh配置文件/etc/ssh/sshd_config,找到下面一行:
PubkeyAuthentication no
修改为:PubkeyAuthentication yes
5.测试
[root@rsync10 ~]# ssh root@10.0.0.61
Last login: Wed May 2 13:39:22 2018 from 10.0.0.10
[root@mb01 ~]#
6.注意事项
- 在服务器端需要把selinux关闭,否则最后无法使用密钥进行远程登陆;
- 客户端使用scp命令时,在服务器端也需要安装ssh客户端,否则无法把公钥上传到服务器端,另外也可以使用ssh-copy-id root@10.0.0.61来代替scp操作(这样在服务器端也不需要执行创建.ssh目录等这些操作,即相当于该命令可以一步帮我们完成密钥的上传与配置工作);
转载于:https://blog.51cto.com/chenmingqi/2110678
扫一扫
1236
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
