配置ssh祕鑰登錄

環境2臺linux服務器：node1 192.168.X.234 

                             node2 192.168.X.242

演示用node1無密碼登錄node2，祕鑰登錄是單向的，若是要雙向登錄再反過來配置一下就能夠

在node1上面建立密鑰對

#在/root/.ssh/目錄下執行ssh-keygen  一直回車就行,若是有須要也能夠給密碼設置密碼
[root@192-168-X-234 .ssh]# ssh-keygen  
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ec:80:8d:a2:2e:a4:74:f2:b4:99:4c:70:59:78:58:69 root@192-168-3-234.baicheng.com
The key's randomart image is:
+--[ RSA 2048]----+
|    +..          |
|   o E           |
|    =            |
| . o + .         |
|  + o o S        |
| = =   o         |
|= B +   .        |
|+  *             |
|..               |
+-----------------+

ls查看 目錄下面多了2個文件就是 公鑰和私鑰，公鑰內容須要添加到給你想登錄的那臺機器的任何用戶下的.ssh/authorized_keys，添加到哪一個用戶下面就用那個用戶登錄就能夠，這裏咱們添加到node2

[root@192-168-X-234 .ssh]# ls
id_rsa id_rsa.pub

用ssh-copy-id 能夠直接把id_rsa.pub裏面的內容追加到對方的.ssh/authorized_keys裏面

[root@192-168-X-234 .ssh]# ssh-copy-id "-p62387 xiewenming@192.168.X.242"
Address 192.168.X.242 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Now try logging into the machine, with "ssh '-p62387 xiewenming@192.168.X.242'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@192-168-3-234 .ssh]# 

注意：若是默認端口不是22，那麼ssh-copy-id "-p62387 xiewenming@192.168.X.242" 這裏須要加引號，不然會報下面的錯誤

[root@192-168-X-234 .ssh]# ssh-copy-id -p62387 xiewenming@192.168.X.242
Pseudo-terminal will not be allocated because stdin is not a terminal.
ssh: Could not resolve hostname umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sb: Name or service not known

在node2的節點上查看，authorized_keys權限是600，若是是本身建立的文件得注意這個權限問題，.ssh目錄文件夾權限爲700

[root@192-168-X-242 .ssh]# pwd
/home/xiewenming/.ssh
[root@192-168-X-242 .ssh]# cat authorized_keys 
AAAAB3NzaC1yc2EAAAABIwAAAQEA15QNqu6N0kkNv+e4qXD+Gz8TqWo7LJKeumuFAMD2ZDH0/MfKPKCfxOGv8k/cMB1XRKYFTuxR/ZW7HqmNK1wpppCqccxjKj/vOeWjuk16x2rMqqjkWBIedw7a/fGP87GC0DmOAe3bzWbqDY0rGA5jWR+YBItGES2GmW3889jJRhgcmQO2qsCnxfQ8g1D6XfpKSXCe7qvYtsqRn7Jcw35I39vx6kxpxgjtNobEo2Xw7tfx9n64poNzi72e/UF7mZSB5EZgKLM8uxw4wgBljB2yX9Cnsc5y4Qs+VzUaI7TyzR4RFTWiukOKCPEjxJPJ71E9/HL44Qi8LOTTBp/20T7JLw== root@192-168-3-234.xxx.com

 到這裏就已經配置完成能夠在node1上面不用密碼登錄到node2上面

[root@192-168-X-234 .ssh]# ssh xiewenming@192.168.X.242
Address 192.168.X.242 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Last login: Tue Aug 29 15:22:39 2017 from 192.168.X.234
[xiewenming@192-168-3-242 ~]$ ifconfig |grep 192.168
          inet addr:192.168.3.242  Bcast:192.168.X.255  Mask:255.255.255.0

ps：ssh-copy-id 是一個很好用的命令，若是沒有這個命令有的運維人員常常拷貝公鑰內容放到authorized_keys，那麼拷貝常常出現的問題是原來公鑰內容是一行，拷貝就會成了多行，須要手動調格式，下降了工做效率，有了上面的ssh-copy-id 基礎徹底能夠寫腳本批量完成對其它服務器的操做