开发者

Linux实现免密登录的配置方法

开发者 https://www.devze.com 2024-08-10 11:52 出处:网络 作者: 生产队队长
需求描述:192.168.31.10服务器的yunwei账号,想要免密登陆到192.168.31.15服务器上。直接ssh root@192.168.31.15这样登陆,不用输入密码。

需求描述:

192.168.31.10服务器的yunwei账号,想要免密登陆到192.168.31.15服务器上。

直接ssh root@192.168.31.15这样登陆,不用输入密码。

实现:

1、在10机器上,创建运维账号。

[root@docker01 ~]# id yunwei				检查yunwei账号是否存在
id: yunwei: no such user
[root@docker01 ~]# useradd yunwei			创建yunwei账号
[root@docker01 ~]# su - yunwei				切换到yunwei账号
[yunwei@docker01 ~]$ pwd
/home/yunwei

2、编程在yunwei账号下创建密钥

[yunwei@docker01 ~]$ ssh-keygen		创建密钥,一路回车
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yunwei/.ssh/id_rsa):
Created directory '/home/yunwei/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/yunwei/.ssh/id_rsa.
Your public key has been saved in /home/yunwei/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:kLXaRvzgGOqF62RyGWKGUekspD39l0pudQBt1MQp3NU yunwei@docker01
The key's randomart image is:
+---[RSA 2048]----+
|  ..   +o=.o..   |
| o.   .+=.=   E  |
|++ .  +o=.       |
|oo= .o O.o       |
|..+.+.+ So.      |
| o o =o.+ .      |
|  . Bo + .       |
|   *  +          |
|    ..           |
www.devze.com+----[SHA256]-----+
检查密钥是否创建成功
[yunwei@docker01 ~]$ pwd
/h编程客栈ome/yunwei
[yunwei@docker01 ~]$ ll -a
total 12
drwx------.  5 yunwei yunwei 103 Mar 25 23:18 .
drwxr-xr-x. 16 root   root   177 Mar 25 23:17 ..
-rw-r--r--.  1 yunwei yunwei  18 Mar 31  2020 .bash_logout
-rw-r--r--.  1 yunwei yunwei 193 Mar 31  2020 .bash_profile
-rw-r--r--.  1 yunwei yunwei 231 Mar 31  2020 .bashrc
drwxrwxr-x.  3 yunwei yunwei  18 Mar 25 23:17 .cache
drwxrwxr-x.  3 yunwei yunwei  18 Mar 25 23:17 .config
drwx------.  2 yunwei yunwei  38 Mar 25 23:18 .ssh
[yunwei@docker01 ~]$ cd .ssh/
[yunwei@docker01 .ssh]$ ls
id_rsa  id_rsa.pub

3、复制密钥到15服务器

[yunwei@docker01 .ssh]$ ssh-copy-id root@192.168.31.15		复制密钥到15机器
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/yunwei/.ssh/id_rsa.pub"
The authenticity of host '192.168.31.15 (192.168.31.15)' can't be established.
ECDSA key fingerprint is SHA256:v3zhW/rvSt+T7QfAnIDIiHhbALRLNiLzl8Hg3TAZQCA.
ECDSA key fingerprint is MD5:cf:b8:e1:f6:a5:61:60:f0:77:aa:f3:76:ab:d2:ce:9b.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in编程客栈 with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.31.15's password:
Number of key(s) added: 1
Now try logging into the MAChine, with:   "ssh 'root@192.168.31.15'"
and checphpk to make sure that only the key(s) you wanted were added.

4、验证免密登陆

[yunwei@docker01 .ssh]$ ssh root@192.168.31.15
Last login: Sun Mar 26 11:21:02 2023 from 192.168.31.1

补充:优化密钥创建方式,免交互创建密钥

[yunwei@docker01 .ssh]$ ssh-keygen -P '' -f id_rsa		免交互方式,创建密钥
Generating public/private rsa key pair.
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
SHA256:hXuSBtV1o1D1PfIyG/+iC1IFnZh8Q3NGf5eiuQ8IExQ yunwei@docker01
The key's randomart image is:
+---[RSA 2048]----+
|       EoooB=+B  |
|      .. .=o=* +o|
|      ... ..o+ o*|
|       ..+ .o + +|
|       oS oo + . |
|       .o+. . *  |
|        ...o . . |
|         . .o . .|
|            o+ ..|
+----[SHA256]-----+
[yunwei@docker01 .ssh]$ ls
id_rsa  id_rsa.pub  known_hosts

参数说明:

-t 指定要创建的密钥类型

dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | RSA

可能的值为“dsa”、“ecdsa”、“ecdsa-sk”、“ed25519”、“ed25519-sk”或“rsa”。

当使用 RSA CA 密钥签署证书时,此标志还可用于指定所需的签名类型。可用的 RSA 签名变体是“ssh-rsa”(SHA1 签名,不推荐)、“rsa-sha2-256”和“rsa-sha2-512”(默认值)

-P 密码

提供(旧)密码。

这里的密码,是密钥的密码,不是远程主机的密码,随便设置。但是,这就失去了免密登陆的意义。因为,设置了这个后,登陆远程主机时,就必须输入密钥密码。

所以,一般这个指指定为空即可。

-f 文件名

指定密钥文件的文件名

这里的文件名,必须指定为id_rsa,不然,把密钥推送到目标机器,依然无法实现免密登陆。

总结:

就三个命令

cd							进入当前账号家目录
ssh-keygen					连续三次回车		
ssh-copy-id 192.168.31.15	复制公钥到hadoop104服务器,这样,就可以免密访问hadoop104服务器

这里用户账号省略,则使用当前账号进行免密登陆

比如,当前账号是test

ssh-copy-id 192.168.31.15 等价与 ssh-copy-id test@192.168.31.15

实现的效果是,当前服务器的test账号可以免密登陆15服务器的test账号

参考资料:https://www.cnblogs.com/dirigent/p/16636545.html 

到此这篇关于linux实现免密登录的配置方法的文章就介绍到这了,更多相关Linux免密登录内容请搜索编程客栈(www.devze.com)以前的文章或继续浏览下面的相关文章希望大家以后多多支持编程客栈(www.devze.com)!

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号