1、确认系统已经安装了SSH。
rpm –qa | grep openssh
yum install ssh -y ##安装SSH协议
2、生成秘钥对
ssh-keygen -t rsa -P '' ##直接回车生成的密钥对:id_rsa和id_rsa.pub,默认存储在用户的目录下 如:'/home/oldboy/.ssh'。 如下:
例:
[oldboy@m01 ~]$ ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key(/home/oldboy/.ssh/id_rsa):
Created directory '/home/oldboy/.ssh'.
Your identification has been saved in/home/oldboy/.ssh/id_rsa.
Your public key has been saved in/home/oldboy/.ssh/id_rsa.pub.
The key fingerprint is:
12:87:bf:b2:ee:2f:71:eb:21:32:cc:51:81:cb:91:26oldboy@m01
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| o. |
| E= o |
| +o+ . |
| o. + |
| . . S |
| o..... |
| = ooo. |
| o.+.. |
| o++o |
+-----------------+
[oldboy@m01 ~]$
[oldboy@m01 ~]$ cd .ssh
[oldboy@m01 .ssh]$ ll -a
总用量 16
drwx------ 2 oldboy incahome 4096 10月 6 17:48 .
drwx------. 4 oldboy oldboy 4096 10月 6 17:48 ..
-rw------- 1 oldboy incahome 1675 10月 6 17:48 id_rsa
-rw-r--r-- 1 oldboy incahome 392 10月 6 17:48 id_rsa.pub
3、把id_rsa.pub追加到授权的key里面去。
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
例:
[oldboy@m01 .ssh]$ cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys
[oldboy@m01 .ssh]$ ll -a
总用量 20
drwx------ 2 oldboy incahome 4096 10月 6 17:52 .
drwx------. 4 oldboy oldboy 4096 10月 6 17:48 ..
-rw-r--r-- 1 oldboy incahome 392 10月 6 17:52 authorized_keys
-rw------- 1 oldboy incahome 1675 10月 6 17:48 id_rsa
-rw-r--r-- 1 oldboy incahome 392 10月 6 17:48 id_rsa.pub
4、修改授权key的权限
chmod 600 ~/.ssh/authorized_keys
例:
[oldboy@m01 .ssh]$ chmod 600~/.ssh/authorized_keys
[oldboy@m01 .ssh]$ ll -a
总用量 20
drwx------ 2 oldboy incahome 4096 10月 6 17:52 .
drwx------. 4 oldboy oldboy 4096 10月 6 17:48 ..
-rw------- 1 oldboy incahome 392 10月 6 17:52 authorized_keys
-rw------- 1 oldboy incahome 1675 10月 6 17:48 id_rsa
-rw-r--r-- 1 oldboy incahome 392 10月 6 17:48 id_rsa.pub
5、修改SSH配置文件
su - -->登陆root用户修改配置文件
vim /etc/ssh/sshd_config ##去掉下面中三行的注释
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
6、测试连接
service sshd restart ##重启ssh服务,
exit ##退出root用户,回到普通用户
ssh localhost ##连接普通用户测试
这只是配置好了单机环境上的SSH服务,要远程连接其它的服务器,接着看下面
[oldboy@m01 .ssh]$ssh localhost
The authenticity ofhost 'localhost (::1)' can't be established.
RSA key fingerprintis 69:95:60:11:b7:f8:ce:5c:18:5e:ab:22:6f:3e:c4:8f.
Are you sure youwant to continue connecting (yes/no)? yes
Warning:Permanently added 'localhost' (RSA) to the list of known hosts.
Last login: Sat Sep 24 16:40:51 2016 from 10.0.0.1 ##表示连接成功
“wangpu studying linux。day day up.”
[oldboy@m01 ~]$
7、现在秘钥对已经生成好了,客户端SSH服务也已经配置好了,现在就把我们的钥匙(公钥)送给服务器。
scp ~/.ssh/id_rsa.pub 远程用户名@远程服务器IP:~/ ##将公钥复制到远程服务器的~/目录下
如: scp ~/.ssh/id_rsa.pub oldboy@10.0.0.31:~/
可以看到我们复制的时候需要我们输入服务器的密码,等我们把SSH配置好之后这些步骤就可以不用输入密码了。
[oldboy@m01 ~]$
[oldboy@m01 ~]$ scp ~/.ssh/id_rsa.pub oldboy@10.0.0.31:~/
The authenticity of host '10.0.0.31(10.0.0.31)' can't be established.
RSA key fingerprint is69:95:60:11:b7:f8:ce:5c:18:5e:ab:22:6f:3e:c4:8f.
Are you sure you want to continueconnecting (yes/no)? yes
Warning: Permanently added '10.0.0.31'(RSA) to the list of known hosts.
oldboy@10.0.0.31'spassword:
id_rsa.pub 100% 392 0.4KB/s 00:00
[oldboy@m01 ~]$
8、上一步把公钥发送到10.0.0.31服务器上去了,我们去31机器上把公钥追加到授权key中去。(注意:如果是第一次运行SSH,那么.ssh目录需要手动创建,或者使用命令ssh-keygen -t rsa生成秘钥,它会自动在用户目录下生成.ssh目录。特别注意的是.ssh目录的权限问题,记得运行下chmod 700 .ssh命令)
在31机器上使用命令:
cat ~/id_rsa.pub >>~/.ssh/authorized_keys ##追加公钥到授权key中
rm ~/id_rsa.pub ##保险起见,删除公钥
同样在31机器上重复第四步和第五步,
/etc/init.d/sshd reload ##重启ssh服务
[oldboy@nfs ~]$ sftp oldboy@10.0.0.61 ##首先创建~/.ssh目录
Connecting to 10.0.0.61...
The authenticity of host '10.0.0.61(10.0.0.61)' can't be established.
RSA key fingerprint is69:95:60:11:b7:f8:ce:5c:18:5e:ab:22:6f:3e:c4:8f.
Are you sure you want to continueconnecting (yes/no)? yes
Warning: Permanently added '10.0.0.61'(RSA) to the list of known hosts.
oldboy@10.0.0.61's password:
[oldboy@nfs ~]$ cd ~/.ssh/ ##切换进去
[oldboy@nfs .ssh]$ ls
known_hosts
[oldboy@nfs .ssh]$ ssh-keygen -t rsa ##执行自动生成秘钥
Generating public/private rsa key pair.
Enter file in which to save the key(/home/oldboy/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/home/oldboy/.ssh/id_rsa.
Your public key has been saved in/home/oldboy/.ssh/id_rsa.pub.
The key fingerprint is:
cf:ef:3f:86:7e:46:54:1a:80:dc:98:e3:5e:5d:f3:eeoldboy@nfs
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| . =.. |
| * . ..o|
| . . . =o|
| . . + .|
| S. . . . |
| o. . .|
| o o . |
| .. = E|
| o+=.. |
+-----------------+
[oldboy@nfs .ssh]$
[oldboy@nfs .ssh]$ ls ##查看
id_rsa id_rsa.pub known_hosts
[oldboy@nfs .ssh]$ cat ~/id_rsa.pub>> ~/.ssh/authorized_keys ##追加公钥到授权中
[oldboy@nfs .ssh]$ ll -a
总用量 24
drwx------ 2 oldboy incahome 4096 10月 6 18:26 .
drwx------. 4 oldboy oldboy 4096 10月 6 18:25 ..
-rw-r--r-- 1 oldboy incahome 392 10月 6 18:26 authorized_keys
-rw------- 1 oldboy incahome 1675 10月 6 18:26 id_rsa
-rw-r--r-- 1 oldboy incahome 392 10月 6 18:26 id_rsa.pub
-rw-r--r-- 1 oldboy incahome 391 10月 6 18:25 known_hosts
[oldboy@nfs .ssh]$ rm ~/id_rsa.pub -f ##保险起见,删除公钥
[oldboy@nfs .ssh]$ chmod 600 authorized_keys ##授权600
[oldboy@nfs .ssh]$ ll -a
总用量 24
drwx------ 2 oldboy incahome 4096 10月 6 18:26 .
drwx------. 4 oldboy oldboy 4096 10月 6 18:30 ..
-rw------- 1 oldboy incahome 392 10月 6 18:26 authorized_keys
-rw------- 1 oldboy incahome 1675 10月 6 18:26 id_rsa
-rw-r--r-- 1 oldboy incahome 392 10月 6 18:26 id_rsa.pub
-rw-r--r-- 1 oldboy incahome 391 10月 6 18:25 known_hosts
vim /etc/ssh/sshd_config
RSAAuthentication yes ##修改配置文件
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
[root@nfs ~]# /etc/init.d/sshd reload
重新载入 sshd: [确定]
9、回到客户机来,输入:
ssh 192.168.1.134 ##应该就可以直接连服务器咯
例:
[oldboy@m01 ~]$ ssh 10.0.0.31
Last login: Sat Sep 24 16:40:51 2016 from10.0.0.1
“wangpu studying linux。day day up.”
[oldboy@nfs ~]$
成功!!!!
转载于:https://blog.51cto.com/11945803/1859004
1178
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
