工作中如果两台服务器需要建立互信关系,那么需要做的就是拷贝秘钥信息,这个工作就得手工来完成,有时候感觉真是麻烦,但是又无可奈何。
一般建立单向信任关系的步骤如下:
1)检查是否有秘钥生成,如果没有则使用ssh-keygen -t rsa来生成即可。
2)拷贝id_rsa.pub的信息,稍后使用。
3) ssh连接到目标服务器,然后到.ssh/authorized_keys文件中添加拷贝的id_rsa.pub的内容即可
4)退出当前窗口,重新登录验证,是否可以无密码通信
现在有个命令可以使我们免除2、3步骤,类似一键配置得那种。。。
#假设要从本机登录远端机器,免密码登录的那种,那么:
#本机产生秘钥
[root@localhost .ssh]# ssh-keygen -t rsa
#查看下公钥和私钥文件
[root@localhost .ssh]# ls -lrt
总用量 12
-rw-r--r--. 1 root root 408 9月 23 17:43 id_rsa.pub
-rw-------. 1 root root 1675 9月 23 17:43 id_rsa
-rw-r--r--. 1 root root 784 9月 23 17:48 known_hosts
#将公钥拷贝到远端机器中(-i 参数指定公钥,可以忽略后缀名)
[root@localhost .ssh]# ssh-copy-id -i id_rsa root@10.*.*.*
The authenticity of host '10.*.*.* (10.*.*.*)' can't be established.
RSA key fingerprint is 88:bf:37:46:6f:71:02:36:62:4e:d2:7a:31:54:ba:68.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.*.*.*'"
and check to make sure that only the key(s) you wanted were added.
#验证
[root@localhost .ssh]# ssh root@10.*.*.*
Last login: Fri Sep 23 10:21:27 2016 from 10.64.132.108
[root@bak-hesuan ~]# exit
883
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
