ssh免密碼登陸配置方法

首先，說明一下咱們要作的是，serverA 服務器的 usera 用戶免密碼登陸 serverB 服務器的 userb用戶。

咱們先使用usera 登陸 serverA 服務器

 

1.  [root@serverA ~] # su - usera
2.  [usera@serverA ~]$ pwd
3.  /home/usera

 

而後在serverA上生成密鑰對

 

1.  [usera@serverA ~]$ ssh-keygen -t rsa
2.  Generating public/private rsa key pair.
3.  Enter file in which to save the key (/home/usera/.ssh/id_rsa):
4.  Created directory '/home/usera/.ssh'.
5.  Enter passphrase (empty for no passphrase):
6.  Enter same passphrase again:
7.  Your identification has been saved in /home/usera/.ssh/id_rsa.
8.  Your public key has been saved in /home/usera/.ssh/id_rsa.pub.
9.  The key fingerprint is:
10.  39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA
11.  The key's randomart image is:
12.  +--[ RSA 2048]----+
13.  | Eo* |
14.  | @ . |
15.  | = * |
16.  | o o . |
17.  | . S . |
18.  | + . . |
19.  | + . .|
20.  | + . o . |
21.  | .o= o. |
22.  +-----------------+

 

此時會在/home/usera/.ssh目錄下生成密鑰對

 

1.  [usera@serverA ~]$ ls -la .ssh
2.  總用量 16
3.  drwx------ 2 usera usera 4096 8月 24 09:22 .
4.  drwxrwx--- 12 usera usera 4096 8月 24 09:22 ..
5.  -rw------- 1 usera usera 1675 8月 24 09:22 id_rsa
6.  -rw-r--r-- 1 usera usera 399 8月 24 09:22 id_rsa.pub

 

而後將公鑰上傳到serverB 服務器的，並以userb用戶登陸

 

1.  [usera@portalweb1 ~]$ ssh-copy-id userb@10.124.84.20
2.  The authenticity of host '10.124.84.20 (10.124.84.20)' can't be established.
3.  RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf.
4.  Are you sure you want to continue connecting (yes/no)? yes
5.  Warning: Permanently added '10.124.84.20' (RSA) to the list of known hosts.
6.  userb@10.124.84.29's password:
7.  Now try logging into the machine, with "ssh 'userb@10.124.84.20'", and check in:
8.  
    
9.  .ssh/authorized_keys
10.  
     
11.  to make sure we haven't added extra keys that you weren't expecting.

 

這個時候usera的公鑰文件內容會追加寫入到userb的 .ssh/authorized_keys 文件中

 

1.  [usera@serverA ~]$ cat .ssh/id_rsa.pub
2.  ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA

 

查看serverB服務器userb用戶下的 ~/.ssh/authorized_keys文件，內容是同樣的，此處我就不粘貼圖片了。

 

1.  [userb@serverB ~]$ cat .ssh/authorized_keys
2.  ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA

 

另外咱們要注意，.ssh目錄的權限爲700，其下文件authorized_keys和私鑰的權限爲600。不然會由於權限問題致使沒法免密碼登陸。咱們能夠看到登錄後會有known_hosts文件生成。

 

1.  [useb@serverB ~]$ ls -la .ssh
2.  total 24
3.  drwx------. 2 useb useb 4096 Jul 27 16:13 .
4.  drwx------. 35 useb useb 4096 Aug 24 09:18 ..
5.  -rw------- 1 useb useb 796 Aug 24 09:24 authorized_keys
6.  -rw------- 1 useb useb 1675 Jul 27 16:09 id_rsa
7.  -rw-r--r-- 1 useb useb 397 Jul 27 16:09 id_rsa.pub
8.  -rw-r--r-- 1 useb useb 1183 Aug 11 13:57 known_hosts

這樣作完以後咱們就能夠免密碼登陸了

 

[usera@serverA ~]$ ssh userb@10.124.84.20

另外，將公鑰拷貝到服務器的~/.ssh/authorized_keys文件中方法有以下幾種：
一、將公鑰經過scp拷貝到服務器上，而後追加到~/.ssh/authorized_keys文件中，這種方式比較麻煩。scp -P 22 ~/.ssh/id_rsa.pub user@host:~/。
二、經過ssh-copy-id程序，就是我演示的方法，ssh-copyid user@host便可
三、能夠經過cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host ‘cat >> ~/.ssh/authorized_keys’，這個也是比較經常使用的方法，由於能夠更改端口號。