OpenSSH免密登录设置
目的:一台centos服务器 可以免密登录其余2台服务器
备材料:三台centos虚拟机
同网 同网段 同型号系统
IP地址为 :
192.168.217.12
192.168.217.11
192.168.217.13
生成公私钥服务器为192.168.217.12
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:jDYIWF6C8iNZg+goCO9PtY8vDtK8nu+CaJJmUHSCrnQ root@localhost
The key's randomart image is:
+---[RSA 2048]----+
|.+o . |
|B+=o. |
|O*o+ |
|*+=E ..o |
|++....+.S |
|o .o.... |
|.o.++ o |
|++..o+o . |
|= .+=+o. |
+----[SHA256]-----+
查看密钥文件(id_rsa id_rsa.pub)
[root@localhost ~]# ls .ssh
authorized_keys id_rsa id_rsa.pub
将秘钥文件 id_rsa.pub 发送到 192.168.217.11、 192.168.217.13服务器
[root@localhost ~]# ssh-copy-id -i .ssh/id_rsa.pub root@192.168.217.11
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '192.168.217.11 (192.168.217.11)' can't be established.
ECDSA key fingerprint is SHA256:Qj4J9VmgCVZSQSJBFJ5/7QkK2frMx8i7zbfFVT8OR0Y.
ECDSA key fingerprint is MD5:4a:ad:7e:14:5e:cc:48:a8:8c:8a:1a:53:5d:9a:8b:e3.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysroot@192.168.217.11's password:
Permission denied, please try again.
root@192.168.217.11's password:Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.217.11'"
and check to make sure that only the key(s) you wanted were added.
192.168.217.11服务器查看 秘钥文件
[root@ftp-server ~]# ls .ssh
authorized_keys
192.168.217.13 操作同上
192.168.217.12服务器登录 11、13IP
[root@localhost ~]# ssh 192.168.217.11
Last login: Tue Mar 8 18:18:09 2022 from 192.168.217.50
12服务器查看登录服务器ip
[root@ftp-server ~]# ip addr
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:84:17:a8 brd ff:ff:ff:ff:ff:ff
inet 192.168.217.11/24 brd 192.168.217.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::cca1:73f7:a8e4:c2f9/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::d4f5:dc44:ab9a:4241/64 scope link noprefixroute
valid_lft forever preferred_lft forever