SSH免密码登录

SSH

SSH为Secure  Shell（安全Shell协议）的缩写，是专为远程登录会话和其他网络服务提供安全性的协议，并且利用ssh协议可以有效防止远程管理过程中的信息泄露问题。

1.安装openssh

 #rpm -qa | grep openssh  （查询，本机已安装openssh，四个安装包都需要安装）
openssh-server-5.3p1-84.1.el6.x86_64 服务端
openssh-5.3p1-84.1.el6.x86_64 通用组件库
openssh-clients-5.3p1-84.1.el6.x86_64  客户端
openssh-askpass-5.3p1-84.1.el6.x86_64 建立会话用的工具和库文件

2.ssh远程登录

#ssh  -l  USERNAME  REMOTE_HOST   后面可以加一条命令['COMMAND']，执行完命令就退出

or

#ssh  USERNAME@REMOTE_HOST

实例：

[root@admin2 ~]# ssh -l root 192.168.23.151
The authenticity of host '192.168.23.151 (192.168.23.151)' can't be established.主机真实性无法确立
RSA key fingerprint is 0a:9f:bc:43:31:12:98:29:6b:b2:99:af:dc:1a:1d:69.密钥指纹
Are you sure you want to continue connecting (yes/no)? yes是否确定继续连接
Warning: Permanently added '192.168.23.151' (RSA) to the list of known hosts.永久添加'192.168.23.151' (RSA)到主机列表
root@192.168.23.151's password:  输入登录密码
Last login: Wed Aug 29 16:14:37 2018 from 192.168.23.1

连接成功，远程主机的公钥会保存在$HOME/.ssh/known_hosts文件中，下次再次连接时识别到公钥则不会出现是否连接的警告。

3.ssh免密码登录

admin2为客户端，admin为服务器端

(1)生成密钥

.ssh目录得权限必须为700，否则公钥不能生效

#ssh-keygen   -t  {rsa | dsa }  -f  /path/to/keyfile  -N 'passwd'

-t:密钥类型

-f:存放密钥的路径

-N：设置登录密码

[root@admin2 ~]# ssh-keygen -t rsa    or   ssh-keygen  -t rsa -f .ssh/id_rsa  -N ' '

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):存放密钥的路径
Enter passphrase (empty for no passphrase):设置登录密码为空
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
17:8b:fd:5b:cb:aa:cc:78:2e:85:d8:d8:9b:ab:d6:e4 root@admin2
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|          .      |
|         o o     |
|       =S.+      |
|      o =...     |
|       + +  . .  |
|      . E+.  + . |
|     ...o==.o.o  |
+-----------------+

(2)将公钥传输至服务器某用户的$HOME/.ssh/authorized_keys文件中

#ssh-copy-id  -i  /path/to/pubkey  USERNAME@REMOTEHOST

[root@admin2 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.23.151
root@192.168.23.151's password:
Now try logging into the machine, with "ssh 'root@192.168.23.151'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

也可以使用scp传输

#scp  [options]  SRC：DEST

[root@admin2 ~]# scp .ssh/id_rsa.pub root@192.168.23.151:/root
id_rsa.pub                                                 100%  393     0.4KB/s   00:00    

[root@admin ~]# cat id_rsa.pub >> .ssh/authorized_keys

ssh-copy-id直接将公钥追加到authorized.keys文件中，更加方便，建议使用ssh-copy-id命令。

3.登录验证

免密码登录

[root@admin2 ~]# ssh -l root 192.168.23.151
Last login: Wed Aug 29 16:48:45 2018 from 192.168.23.151
[root@admin ~]#

免密码登录成功！