记一次ssh无秘钥登录
无秘钥登录主要用于两台相互信任的设备直接进行远程登录
大体思路是ssh-keygen -t rsa 创建id_rsa秘钥,需要的是.pub
然后将.pub内的内容拷贝到需要远程登录的主机的.ssh/authorized_keys (644)下
#ssh-copy-id user@192.168.0.111
需要注意的是,从A机拷过去是为了从A机无秘钥登录B机
原理是:B机的公钥池里拥有A机的rsa认证公钥,则A机可无秘钥登录B机
有个需要注意的点是:
主机的rsa秘钥重新生成后,所有之前可无秘钥的服务器都需要重新拷rsa公钥
因为原来的rsa秘钥已经失效了,具有唯一性
无法连接提示known_hosts相关问题的报如下
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:KocrdGdS0pG8eYGqAMelxJaAiPBW8Le+/c4cbAMGhf0.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:4
remove with:
ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.0.111"
ECDSA host key for 192.168.0.111 has changed and you have requested strict checking.
Host key verification failed.
即提示你更新known_host
root@1:~/.ssh# ssh-keygen -f "/root/.ssh/known_hosts" -R "192.168.0.111"
# Host 192.168.0.111 found: line 4
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
随后即可正常ssh no-pass