Linux CentOS7 兩臺機器之間免輸入密碼相互登錄(密鑰對認證)
兩臺機器爲:
主機名:fxq-1,IP:192.168.42.181
主機名:fxq-2, IP:192.168.42.182
w命令可以查看當前登錄用戶的信息
[root@fxq-1 ~]# w 23:59:42 up 12 min, 1 user, load average: 0.00, 0.07, 0.11USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.42.2 23:48 6.00s 0.13s 0.07s w
[root@fxq-1 ~]# w 00:00:18 up 12 min, 2 users, load average: 0.00, 0.06, 0.11USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.42.2 23:48 2.00s 0.08s 0.02s w root pts/1 192.168.42.181 00:00 5.00s 0.07s 0.07s -bash
whoami ##查看當前登錄用戶 ssh -p 22 [email protected] ##指定端口和用戶進行登錄
1.關閉SELINUX(每臺機器都要關閉)
臨時關閉SELINUX
setenforce 0 ##臨時關閉SELINUX
getenforce 0 ##查看SELINUX設置
永久關閉SELINUX
vi /etc/selinux/conf
改其中第六行爲: SELINUX=disabled 保存退出
在fxq-1機器上:
ssh-keygen生成密鑰對
[root@fxq-1 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 68:6a:c4:24:60:3d:dc:2a:cc:4b:04:58:0a:a8:3f:a9 root@fxq-1The key's randomart image is: +--[ RSA 2048]----+ |Bo+ . | |=+ + . | |* . + | |.= = . | |..o.o o S | | .+. o | | . .o | |E . | | | +-----------------+ [root@fxq-1 ~]#
[root@fxq-1 ~]# ls /root/.ssh/id_rsa id_rsa.pub known_hosts [root@fxq-1 ~]#
在fxq-1機器上輸入,下面命令,按提示輸入fxq-2的root用戶的密碼:
scp /root/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys
此步驟是把fxq-1機器的公鑰寫入到fxq-2的authorized_keys文件中,如果fxq-2之前已有authorized_keys文件,那麼需要手工把公鑰內容粘貼到fxq-2的authorized_keys文件中。否則會把原有的其他機器的公鑰覆蓋。
在fxq-2機器上操作如下:
[root@fxq-2 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 68:6a:c4:24:60:3d:dc:2a:cc:4b:04:58:0a:a8:3f:a9 root@fxq-1The key's randomart image is: +--[ RSA 2048]----+ |Bo+ . | |=+ + . | |* . + | |.= = . | |..o.o o S | | .+. o | | . .o | |E . | | | +-----------------+ [root@fxq-2 ~]# [root@fxq-2 ~]#
[root@fxq-1 ~]# ls /root/.ssh/id_rsa id_rsa.pub known_hosts [root@fxq-1 ~]#
在fxq-2機器上輸入,下面命令,按提示輸入fxq-1的root用戶的密碼:
scp /root/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys
此步驟是把fxq-2機器的公鑰寫入到fxq-1的authorized_keys文件中,如果fxq-1之前已有authorized_keys文件,那麼需要手工把公鑰內容粘貼到fxq-1的authorized_keys文件中。否則會把原有的其他機器的公鑰覆蓋。
完成後可以在fxq-1上測試,不用輸入密碼就能登錄fxq-2成功:
[root@fxq-1 ~]# ssh 192.168.42.182 Last login: Thu Aug 3 17:28:57 2017 [root@fxq-2 ~]#