ssh免密登陆详解

最新推荐文章于 2024-08-19 12:54:29 发布

kate zhu

最新推荐文章于 2024-08-19 12:54:29 发布

阅读量983

点赞数

分类专栏：网络安全 Linux Others 文章标签： ssh centos linux

本文链接：https://blog.csdn.net/weixin_43246151/article/details/128929951

版权

Linux 同时被 3 个专栏收录

19 篇文章 1 订阅

订阅专栏

Others

16 篇文章 0 订阅

订阅专栏

网络安全

5 篇文章 0 订阅

订阅专栏

环境说明

操作系统Centos7.6
ssh版本号7.4

应用场景

在日常运维不包括拥有堡垒机场景下，数量庞大的设备运维起来登陆设备是一件繁琐的事情，需要一对一查询资产表，通过ip地址、账号密码去登录设备进行巡检运维，设备量一多，造成了运维成本高，效率低，出错率高等问题。

配置说明

ssh-keygen -t rsa   ### -t 指定加密/解密算法类型

参数说明
-t 加/解密算法
-b 秘钥长度,rsa默认秘钥长度的为 2048
-C 注释，一般是填写用户名

ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.93.130   ###将本地生成的公钥发送至192.168.93.130主机，本地保留私钥

本地主机进行ssh 192.168.93.130时可免密登陆。
（免密登陆谁，公钥就给谁，私钥可一对多公钥）

[root@centos ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:K5BdmhviEe8kqTIdISOtFhTpKZ40etbhLlbWPWE17/k root@centos
The key's randomart image is:
+---[RSA 2048]----+
| oo              |
|.o        o      |
|=.+ .   .. o     |
|oO...* +o   .    |
|*.+oBoBoS. . .   |
|o+o+=B.oo.  o    |
|ooo+. + ..   .   |
| oo .  .      E  |
| . .             |
+----[SHA256]-----+

[root@centos ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.93.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.93.130 (192.168.93.130)' can't be established.
ECDSA key fingerprint is SHA256:h1Bbt2WrAXtlb8f17tD8+rofNsraD8L+xL6gahxLt2E.
ECDSA key fingerprint is MD5:3b:7d:b4:3b:00:73:b0:d7:a3:13:c5:01:7b:9f:bd:fa.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.93.130's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.93.130'"
and check to make sure that only the key(s) you wanted were added.


[root@centos ~]# ssh root@192.168.93.130
Last login: Sat Jan  7 02:36:38 2023 from 192.168.93.1
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:76:57:2a brd ff:ff:ff:ff:ff:ff
    inet 192.168.93.130/24 brd 192.168.93.255 scope global noprefixroute dynamic ens33
       valid_lft 1693sec preferred_lft 1693sec
    inet6 fe80::b7a1:360e:d7fe:537d/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@localhost ~]# exit
登出
Connection to 192.168.93.130 closed.