本文详细介绍如何通过SSH公钥认证实现两台服务器之间的免密码登录,包括设置.ssh目录权限、生成RSA密钥对、传输公钥及验证连接过程。
最近整理收藏的技术帖子,发现通过远程机器直接连接本地机器每次需要输入密码,非常繁琐,找了个方法直接免秘钥进入。
建设原理:
本地服务器的公钥,加密一段随机字符串,把这段密文发送回给远程服务器,远程服务器利用私钥解密这段密文,然后把明文发给本地服务器,本地服务器你验证自己的明文秘钥进行解析,让远程服务器直接免秘钥访问(处于安全考虑,建议不要在生产环境下面搞,免得被别人乱开信息)
准备环境:
本地机器A:192.168.139.144 远程机器b:192.168.139.139
本地机器A:192.168.139.144配置
[root@localhost ~]# chmod 777 .ssh/ #网上其他说700,第二次我直接设置成777
root@localhost ~]# ssh-keygen -t rsa #默认都是yes,这是我第二次尝试,秘钥文件直接覆盖
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)?
[root@localhost .ssh]# ls #检查.ssh文件下面的公钥和私钥文件。
autorized_keys id_rsa id_rsa.pub known_hosts
[root@localhost .ssh]# cat known_hosts #检查传送秘钥的本地主机
192.168.139.144 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo82MJSw8dxGTvrXCFIKiszfpxbF/riPrXCOvGMTRamyKTLpDQScq3qFtnBSBLWGpJCJ4etoQp/W7vFax/FcH+cCHO+dqs9qFpE84rKm5woXfNWpH/bo8U1r24DrxLagJz3B06W6/f+IedWj1bRZcY3cT6jy5sRh7y/lOnxLz3YEuHa37hRdHyXccWIkdT0xla3QBB5HHq0v4CXmy+Q8izVWHdiDgGUWhsBj+7SmyfQtQZPa4Lw/XXnzmT6+0Q9o1Y/3eteYZvyFGseKWdtwZmROMm33UGTVN8Iy8+WJ3XowJ697qx1MntKGfZu6bKlWsI6+oli6S2BZwfXnf+H6+KQ==
192.168.139.139 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0IbPQxB3kTktma3p35NSeeaZfwoaIuPuj6YXPL7KfryvNscrciUalzWVFm1r5JV0CuG5R0hnAQqmiKQJQnzDhcD0gw8oGynWL4LNCSEAvx5/D+IB8u/vSEquTAv17Iy/e476qNcWetjbxl9kMh/U+19E7ybhVkstQFDeelbg1478aUrU+hNnQgDZ3SMlAzzE2OdP+D9s9K6CPtpdF2zH0YL+liaL3xWvIxd6SSdl5JpTxjWxUTtmuI29GLxfLxC96KStStK0KbZUb5Sm7twYQGmbcN13wMhtW8TcgbxH52oT7NtyrqDshu0VgRika4CxIdokPD4yrcikn3pkzMzmZQ==
[root@localhost .ssh]# rm autorized_keys #这里是我直接创建的文件,有一些网友说把秘钥写进来这个文件,几次尝试都不成功。直接删除了。
rm: remove regular empty file `autorized_keys'? y
[root@localhost .ssh]# ssh-copy-id 192.168.139.139 #将秘钥传送到远程服务器B,并且输入远程服务器的密码。
root@192.168.139.139's password: #输入远程服务器B的密码
Now try logging into the machine, with "ssh '192.168.139.139'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
远程服务器b-192.168.139.139的操作:
[root@localhost ~]# cd .ssh/ #检查看144的秘钥传送过来的情况
[root@localhost .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@localhost .ssh]# cat authorized_keys #检查本身秘钥的情况,粗略看是144的秘钥文
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuHoxFl+6Oa4mYgHvh1ihtmUOs0m7yEGEljX9xRpUe70iHHt7UnyDrIFCu7kfKTeP7FgBiCTPNjabuZdeNtQefHKB67eQ/U6H/ANUKUMg9YP6yVV4jruIw5fufMClIrad7MR4XyVAfhijmwSAmXL4d8Y89WX5zELKaMwaWMxeGcxSOHaBArNfn7Jn9u2ORWD7MHAl9xIMx768vO09vdwmQGIrkVwfyYXj2GhVKwcPWwUXmWqgbYnptq/qEZdwi4NSkJCz/nfnetDCZDfkKMD3Ksbxof1ziXa0E9l8Xlo9FtKeeCTbytRjtVIzKw016tInCSuI16oYbhVZ0kGO7UhGqw== root@localhost.localdomain
[root@localhost .ssh]# ssh root@192.168.139.144 #现在最直接ssh本地服务器A 192.168.139.144
Last login: Tue Apr 9 20:45:14 2019 from 192.168.139.139
[root@localhost ~]# ifconfig #连接完毕后检查IP地址是不是正确
eth0 Link encap:Ethernet HWaddr 00:0C:29:31:AE:FD
inet addr:192.168.139.144 Bcast:192.168.139.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe31:aefd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18149 errors:0 dropped:0 overruns:0 frame:0
TX packets:8737 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22487040 (21.4 MiB) TX bytes:582276 (568.6 KiB)
总结:参考了网友一些经验,给.ssh/设置权限时注意设置大一点。700的权限可能还不够,最好设置到777.
传输过程中,确保两个服务器之间能ping通。第一没有成功,可能是应在.ssh中设置autorized的权限文件夹,和设置700的权限。
借鉴:https://jingyan.baidu.com/article/00a07f38bb594682d028dcc8.html
https://jingyan.baidu.com/article/02027811471aa91bcc9ce5a0.html
扫一扫
2318
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
