远程密钥登录

    当需要同时管理上前台服务器的时候，如果挨个输入密码登录服务器就会很麻烦。我们可以用linux自带的ssh工具，设置密钥免密码登录。

    实验环境：机器A:192.168.241.128

              机器B:192.168.241.130

                  A机器上的操作

[root@1111 ~]# ssh-keygen           ###生成密钥对

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

dc:17:23:8c:62:a4:37:ac:24:b4:8f:e6:3c:6a:ee:c5 root@1111

The key's randomart p_w_picpath is:

+--[ RSA 2048]----+

|  .   .          |

| . . +   o       |

|  o o * . o o    |

|   = + + . . o   |

|  o o   S . .    |

| +.        .     |

|  +E             |

| o..             |

|=o               |

+-----------------+

[root@1111 ~]# cat /root/.ssh/id_rsa.pub           #在相应目录下找到公钥，并复制其内容

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsrEF5lUYe7u1i5v7ObcXDhqf3kPU9gJBF32xj/npllye99L                                                            S6k6NA/+lbjtKWZtR5sxXD2PfYE0z8t4DZ04fjDqVh6lMNWSmTWVP7DYmRHzqySUfDcH8NStVCHVt7J4ntu                                                            7bfV4ixswdMTt+5nRgS71ILHJ46n+EPfjKzrHmXxed4a4FLRh7uqD+YGQdD7+wiZvAQTz2PogoucGNgaDSZ                                                            Ve44UC7SM6W0L2WgcZnP5XysUua33+dcqt1h+ZKwurR3RuYc0ptyjIP/leckoJ0A/YWgig86vzWLh4LbBfX                                                            KF7gtwqFjUb+8iyqDr9ARmBn2VSxIyHAAASZ45SzZxwNNQ== root@1111

                        B机器上的操作

[root@333 ~]# mkdir /root/.ssh

[root@333 ~]# vim /root/.ssh/authorized_keys 在该文件中粘贴刚刚复制的公钥内容

[root@333 ~]# chmod 700  /root/.ssh

[root@333 ~]# chmod 600 /root/.ssh/authorized_keys

[root@333 ~]# iptables -F

[root@333 ~]# service iptables save

iptables：将防火墙规则保存到 /etc/sysconfig/iptables：     [确定]

先暂时关闭selinux：

[root@333 ~]# setenforce 0

再永久性关闭：

[root@333 ~]# vim /etc/selinux/config

将SELINUX=enforcing改为

SELINUX=disabled

保存退出。

                        进行以上操作后，再回到A机器上，测试是否成功

[root@1111 ~]# ssh 192.168.241.130

The authenticity of host '192.168.241.130 (192.168.241.130)' can't be established.

RSA key fingerprint is c2:09:a3:28:ec:61:cf:25:e9:9b:23:93:cb:4c:47:3f.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.241.130' (RSA) to the list of known hosts.

Last login: Sun Sep 18 19:04:08 2016 from 192.168.241.128

[root@333 ~]# logout

Connection to 192.168.241.130 closed.

[root@1111 ~]# ssh 192.168.241.130

Last login: Sun Sep 18 19:11:35 2016 from 192.168.241.128

                          成功通过密钥免密码登录

转载于:https://blog.51cto.com/11101179/1853547