远程管理服务器 免密登录 3（运维笔记）

远程管理服务器 免密登录 3（运维笔记）

任务开发人员通过远程业务用户pos登录服务器实现免密登录

server1新建pos用户,设置密码：

[root@server1 ~]# useradd pos
[root@server1 ~]# passwd pos
更改用户 pos 的密码 。
新的 密码：
重新输入新的 密码：
passwd：所有的身份验证令牌已经成功更新。

另一主机server2的code用户远程登录

首先在server2主机的code用户生成一对密钥：公钥和私钥

[code@server2 ~]$ ls -a  #登录code账号 查看文件
.  ..  .bash_logout  .bash_profile  .bashrc  .ssh


[code@server2 ~]$ cd .ssh/  #进入目录
[code@server2 .ssh]$ ssh-keygen  #生成密钥
Generating public/private rsa key pair.
Enter file in which to save the key (/home/code/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/code/.ssh/id_rsa.
Your public key has been saved in /home/code/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:NvkGn64Fi/PIsHihBAkVyM3BeiNY4xmxjHtxVrE/3gI code@server2
The key's randomart image is:
+---[RSA 2048]----+
|.oB+. o.         |
|o++= . .         |
|++=+o .          |
|++o*   . .       |
|.++ . E S        |
| .. .  = X .     |
| . ...o + B      |
|  ...+ + =       |
|  ... o o..      |
+----[SHA256]-----+
[code@server2 .ssh]$ ll
total 12
-rw------- 1 code code 1679 Apr 14 10:16 id_rsa
-rw-r--r-- 1 code code  394 Apr 14 10:16 id_rsa.pub
-rw-r--r-- 1 code code  171 Apr 14 10:12 known_hosts

把code用户公钥拷贝到远程主机上server1的pos用户的家目录里(~/.ssh/xxx)

[code@server2 .ssh]$ ssh-copy-id -i pos@121.199.54.222 #你需要远程免密登录的主机和用户
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/code/.ssh/id_rsa.pub"
The authenticity of host '121.199.54.222 (121.199.54.222)' can't be established.
ECDSA key fingerprint is SHA256:NTa2GLaVBM+N/T9canF+dKw2gF6Lee2UbntGFgGieZE.
ECDSA key fingerprint is MD5:9e:8b:f1:90:d1:8a:70:2f:44:54:f5:fa:7d:df:1f:39.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
pos@121.199.54.222's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'pos@121.199.54.222'"
and check to make sure that only the key(s) you wanted were added.

在server1的pos用户上.ssh/查看：

[pos@server1 ~]$ cd .ssh/
[pos@server1 .ssh]$ ll
total 4
-rw------- 1 pos pos 394 Apr 14 10:21 authorized_keys

生成认证钥匙

测试验证

[code@server2 .ssh]$ ssh pos@121.199.54.222
Last login: Fri Apr 14 10:19:48 2023

Welcome to Alibaba Cloud Elastic Compute Service !

[pos@server1 ~]$ 

使用pos用户远程实现免密登录