Linux 服務器之間使用公鑰實現免密碼登陸

配置步驟

serverA 服務器：

[root@serverA ~]# su - usera
[usera@serverA ~]$ pwd
/home/usera

# 使用RSA生成密鑰對
[usera@serverA ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/usera/.ssh/id_rsa): 
Created directory '/home/usera/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/usera/.ssh/id_rsa.
Your public key has been saved in /home/usera/.ssh/id_rsa.pub.
The key fingerprint is:
39:f2:fc:70:ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverA
The key's randomart image is:
+--[ RSA 2048]----+
|     Eo*  |
|      @ .  |
|     = *  |
|     o o .  |
|   . S   . |
|    + .   . |
|    + .   .|
|     + . o . |
|     .o= o. |
+-----------------+

# 查看生成的密鑰對
[usera@serverA ~]$ ls -la .ssh
總用量 16
drwx------ 2 usera usera 4096 8月 24 09:22 .
drwxrwx--- 12 usera usera 4096 8月 24 09:22 ..
-rw------- 1 usera usera 1675 8月 24 09:22 id_rsa
-rw-r--r-- 1 usera usera 399 8月 24 09:22 id_rsa.pub

# 將公鑰上傳到serverB服務器的userb用戶下
# ssh-copy-id -i ~/.ssh/id_rsa.pub "-p 10022 userb@10.124.84.20"
[usera@portalweb1 ~]$ ssh-copy-id userb@10.124.84.20
The authenticity of host '10.124.84.20 (10.124.84.20)' can't be established.
RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.124.84.20' (RSA) to the list of known hosts.
userb@10.124.84.29's password: 
Now try logging into the machine, with "ssh 'userb@10.124.84.20'", and check in:
  
 .ssh/authorized_keys
  
to make sure we haven't added extra keys that you weren't expecting.

# 查看serverA服務器上usera的公鑰文件內容
[usera@serverA ~]$ cat .ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbu...

serverB 服務器：

# 查看serverB服務器userb用戶下的 ~/.ssh/authorized_keys 文件
[userb@serverB ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbu...

# 查看authorized_keys和id_rsa的權限是否爲600，登錄後會有known_hosts文件生成。
[useb@serverB ~]$ ls -la .ssh
total 24
drwx------. 2 useb useb 4096 Jul 27 16:13 .
drwx------. 35 useb useb 4096 Aug 24 09:18 ..
-rw-------  1 useb useb 796 Aug 24 09:24 authorized_keys
-rw-------  1 useb useb 1675 Jul 27 16:09 id_rsa
-rw-r--r--  1 useb useb 397 Jul 27 16:09 id_rsa.pub
-rw-r--r--  1 useb useb 1183 Aug 11 13:57 known_hosts

serverA 服務器免密碼登陸serverB 服務器：

[usera@serverA ~]$ ssh userb@10.124.84.20

拷貝公鑰的方法

將公鑰拷貝到目標服務器的 ~/.ssh/authorized_keys 文件中方法有以下幾種：

一、將公鑰經過scp拷貝到目標服務器上，而後追加到 ~/.ssh/authorized_keys 文件中，這種方式比較麻煩。scp -P 22 ~/.ssh/id_rsa.pub user@host:~/。

二、經過ssh-copy-id程序，就是我演示的方法，ssh-copyid user@host。

三、能夠經過cat ~/.ssh/id_rsa.pub | ssh -p 22 user@host ‘cat >> ~/.ssh/authorized_keys'，這個也是比較經常使用的方法，由於能夠更改端口號。