1、基于密钥对的认证
基于密钥对认证,免密登录
1. 跳板机上的开发人员自己生成一对秘钥
code1为例:
[code1@MissHou ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/code1/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/code1/.ssh/id_rsa.
Your public key has been saved in /home/code1/.ssh/id_rsa.pub.
The key fingerprint is:
14:78:f6:70:9f:48:64:7e:19:c3:cb:c3:7a:52:1e:d8 code1@MissHou.itcast.cc
The key’s randomart image is:
±-[ RSA 2048]----+
| …o.o |
| . ++o .+ |
| o.=.Boo |
| . +.E |
| S + o |
| o o |
| o |
| |
| |
±----------------+
[code1@MissHou ~]$ ll -a .ssh/
total 16
drwx------ 2 code1 coding 4096 Dec 28 09:33 .
drwx------ 5 code1 coding 4096 Dec 27 11:49 …
-rw------- 1 code1 coding 1675 Dec 28 09:33 id_rsa
-rw-r–r-- 1 code1 coding 405 Dec 28 09:33 id_rsa.pub
- 将code1用户的公钥远程拷贝到生产服务器上指定用户的指定目录
[code1@MissHou ~]$ ssh-copy-id code@10.1.1.1
The authenticity of host ‘10.1.1.1 (10.1.1.1)’ can’t be established.
RSA key fingerprint is 30:c8:1a:67:55:22:33:26:e5:fb:44:56:4d:8b:26:40.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘10.1.1.1’ (RSA) to the list of known hosts.
code@10.1.1.1’s password:
Now try logging into the machine, with “ssh ‘code@10.1.1.1’”, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
或者
[code1@MissHou ~]$ scp -P22 ~/.ssh/id_rsa.pub code@10.1.1.1:/home/code/.ssh/authorized_keys
code@10.1.1.1’s password:
id_rsa.pub
3. 测试验证
[code1@MissHou ~]$ ssh -lcode 10.1.1.1
Last login: Fri Dec 28 09:38:17 2018 from 10.1.1.250
[code@server ~]$