local ipaddress:10.47.39.7;remote ipaddress:10.47.39.8
1、生成公钥和私钥
[root@local ~]# ssh-keygen -t rsa #一路回车
[root@local ~]# ssh-keygen -t rsa -P "" -N '' -f ~/.ssh/id_rsa -q -b 2048 #一键生成公钥和私钥
-N '' 是指密码为空;
-f ~/.ssh/id_rsa 是指保存文件为~/.ssh/id_rsa和~/.ssh/id_rsa.pub;
-q 是指静默模式,和unzip的-q参数一样的;
-b 是指位数,可以指定1024这类的,默认是2048;
2、生成完后在.ssh目录里会看全id_isa和id_rsa.pub两个文件
[root@local ~]# cd .ssh/
[root@local .ssh]# ls
id_rsa id_rsa.pub known_hosts
3、复制id_rsa.pub文件到需要登陆的远程主机的.ssh目录
[root@local ~]# scp /root/.ssh/id_rsa.pub root@10.47.39.8:/root/.ssh/
[root@local ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@[ip] #使用此命令不需要重命名id_dsa.pub文件为authorized_keys
[root@local ~]# yum -y install sshpass
[root@local ~]# sshpass -p[password] ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no root@[ip] #使用sshpass命令批量推送,不需要交互式输入服务器密码
注:如复制时提示以下错误请先在远程主机上ssh连接到其它主机
[root@local .ssh]# scp id_rsa.pub root@10.47.39.8:/root/.ssh/
The authenticity of host '10.47.39.8 (10.47.39.8)' can't be established.
RSA key fingerprint is 15:89:eb:56:74:61:01:aa:f3:94:d5:16:f6:f4:22:f1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.47.39.8' (RSA) to the list of known hosts.
root@10.47.39.8's password: scp: /root/.ssh/: Is a directory
4、在远程主机上把id_rsa.pub文件重命名为authorized_keys
[root@remote .ssh]# mv id_rsa.pub authorized_keys
[root@remote .ssh]# ls
authorized_keys known_hosts
5、测试
[root@local ~]# ssh 10.47.39.8
Last login: Mon Dec 25 17:00:45 2017 from 10.47.39.7
[root@remote ~]#
6、Xshell使用密钥登陆远程主机
参考链接:
http://www.mls-software.com/opensshd.html#botpage #openssh for windows下载
https://cygwin.com/install.html #cygwin下载