安裝了jumpserver跳板機,通過跳板機登錄到各個服務器,因此想實現ssh無密碼登錄,用ssh-keygen和ssh-copy-id實現。
ssh-keygen: generates, manages and converts authentication keys for ssh
創建公鑰和密鑰
ssh-copy-id: a script that uses ssh to log into a remote machine
默認情況下,把本地主機的公鑰append到遠程主機的~/.ssh/authorized_keys文件上
實現過程
1 服務器情況
server 1: 172.16.16.70, 用戶名:test
test@host70:~$ ls -a
. .. .bash_history .ssh
test@host70:~$ ls -l .ssh/
total 4
-rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts
test@host70:~$ cat .ssh/known_hosts
|1|0ZfKXQmtuKnq2tlIndFLC6+ySc8=|0S7Plqf/gOzZU8jPQLDKEnv31Gg= ecdsa-sha2-nistp256 AAAA
E2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOET4VFGdPJ8dFOQV5BN/x+gRU4T0MILTSr2D
2PLBid8ik715irXDDIsNAHSE+7yHFYG6XpqaOZmvRDn6TObhys=
test@host70:~$ ssh [email protected]
The authenticity of host '172.16.16.80 (172.16.16.80)' can't be established.
ECDSA key fingerprint is f5:d4:4a:3d:93:fa:73:da:47:82:35:38:38:fb:49:8e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.16.80' (ECDSA) to the list of known hosts.
[email protected]'s password:
登錄server2需要密碼
server 2: 172.16.16.80, 用戶名:zhai
zhai@host80:~$ ls -a
. .. .bash_history .bash_logout .bashrc .cache .profile
2 在server1上,用ssh-keygen生成公鑰和私鑰對
命令:ssh-keygen -t rsa
test@host70:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
81:d4:64:d0:e4:9f:6a:de:74:0d:49:03:01:fd:02:8b test@test
The key's randomart image is:
+--[ RSA 2048]----+
| o*=oo. |
| . ++ .. |
| ..oo .o |
| E .o.o.o |
| S o.o |
| . o |
| o . . . |
| o o . |
| . . |
+-----------------+
test@host70:~$ ls -l .ssh/
total 12
-rw------- 1 test test 1675 Jan 14 16:53 id_rsa
-rw------- 1 test test 391 Jan 14 16:53 id_rsa.pub
-rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts
test@host70:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
5W79oTEIYkH/dlyVzJDGz9IdV1 test@test
3 在server1上,用ssh-copy-id將公鑰複製到遠程機器server2中
test@host70:~$ ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
在server2上查看是否已經生成文件authorized_keys
zhai@host80:~$ ls -a
. .. .bash_history .bash_logout .bashrc .cache .profile .ssh
zhai@host80:~$ ls .ssh/
authorized_keys
zhai@host80:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
5W79oTEIYkH/dlyVzJDGz9IdV1 test@test
通過比較發現:authorized_keys文件與server1上的id_rsa.pub文件內容一致。
4 無密碼登錄遠程服務器
test@host70:~$ ssh [email protected]
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic ppc64le)
- Documentation: https://help.ubuntu.com/
Last login: Thu Jan 14 16:51:16 2016 from 172.16.16.173
zhai@host80~$ exit
logout
Connection to 172.16.16.80 closed.
注意:
如果遠程服務器的sshd的服務端口不是默認的22,使用如下命令:
test@host70:~$ ssh-copy-id “-p 20000 [email protected]”
作者:翟海飛
來源:CSDN
原文:https://blog.csdn.net/zhaihaifei/article/details/50523576
版權聲明:本文爲博主原創文章,轉載請附上博文鏈接!