ssh 無密碼登陸要使用公鑰與私鑰。Linux下能夠用用ssh-keygen生成公鑰/私鑰對。算法
有機器A,B(192.168.0.32)。現想A經過ssh免密碼登陸到B。vim
1.在A機下生成公鑰/私鑰對。bash
➜ ~ ssh-keygen -t rsa -P ''ssh
-P表示密碼,-P '' 就表示空密碼,也能夠不用-P參數,這樣就要三車回車,用-P就一次回車。ip
該命令將在/root/.ssh目錄下面產生一對密鑰id_rsa和id_rsa.pub。it
通常採用的ssh的rsa密鑰:io
id_rsa 私鑰登錄
id_rsa.pub 公鑰file
下述命令產生不一樣類型的密鑰rsa
ssh-keygen -t dsa
ssh-keygen -t rsa
ssh-keygen -t rsa1
2.把A機目錄~/.ssh/下的全部文件複製到B機~/.ssh/目錄下,先要在B機上建立~/.ssh 這個目錄,用scp複製。
[xqzhang@PEKdev032 ~]$ mkdir .ssh
➜ ~ scp .ssh/* 192.168.0.32:/home/xqzhang/.ssh/
複製id_rsa.pub到authorized_keys文件裏,
[xqzhang@PEKdev032 ~]$ chmod 700 .ssh
[xqzhang@PEKdev032 .ssh]$ chmod 600 *
因爲尚未免密碼登陸的,因此要輸入一次B機的root密碼。
authorized_keys的權限要是600!!!
.ssh目錄的權限要是700!!!
3.A機登陸B機。
ssh -l xqzhang 192.168.0.32
第一次登陸是時要你輸入yes。
如今A機能夠無密碼登陸B機了。
小結:登陸的機子可有私鑰,被登陸的機子要有登陸機子的公鑰。這個公鑰/私鑰對通常在私鑰宿主機產生。上面是用rsa算法的公鑰/私鑰對,固然也能夠用dsa(對應的文件是id_dsa,id_dsa.pub)
附:
vim ssh-dist.sh
#!/bin/bash yum -y install sshpass # confirm the user of the operation echo "The current user is `whoami`" # 1.generate the key pair # 判斷key是否已經存在,若是不存在就生成新的key if [ -f ~/.ssh/id_rsa ];then echo "rsa ssh-key file already exists" /bin/true else echo "rsa ssh-key file does not exists" ssh-keygen -t rsa -f ~/.ssh/id_rsa -P "" >/dev/null 2>&1 if [ $? -eq 0 ];then echo "generate rsa ssh-key" /bin/true else echo "generate rsa ssh-key" /bin/false exit 1 fi fi # 2.distribution public key for host in $(cat ./ssh-ip | grep -v "#" | grep -v ";" | grep -v "^$") do ip=$(echo ${host} | cut -f1 -d ":") password=$(echo ${host} | cut -f2 -d ":") user=root port_ip=$(echo ${user}@${ip}) sshpass -p "${password}" ssh-copy-id -i ~/.ssh/id_rsa.pub -o StrictHostKeyChecking=no ${port_ip} if [ $? -eq 0 ];then echo "${ip} distribution public key" /bin/true else echo "${ip} distribution public key" /bin/false exit 1 fi done
vim ssh-ip
# 格式以下: ip:密碼