1、爲什麼要面密碼登錄ssh呢
第一,方便使用
第二,在雲環境中,新加入的主機,要實現自動部署,則要由控制節點進行免密碼管理,比如ceph中新節點的加入。
2、免密碼登錄的原理是什麼呢
ssh登錄有兩種方式,密碼和密鑰文件,既然免密碼,那麼可以使用密鑰文件來實現登錄。
3、那麼如何實現呢
在這裏,我們有兩臺服務器。
server01 ,地址是192.168.0.131
server02, 地址是192.168.0.132
我們經過如下幾步,可實現server01免密碼登錄server02
第一步
在server01,創建密鑰對,只有一條命令,後面直接回車就好
[root@server01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:OY18ZQDBLOgxHv2fpKwEWT7m6iLtDH5mKs6/7wqxNiE root@server01
The key's randomart image is:
+---[RSA 2048]----+
| o ooo. |
| = + o . |
| o B o o |
| = +..+.o |
|Eo + oS+o. |
|. + o ooo |
|. o . |
|o=+. . |
|oBO**o |
+----[SHA256]-----+
第二步,將產生的公鑰,發送到目標主機,這裏暫時還要輸入一次密碼[root@server01 ~]# ssh-copy-id -i [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.0.132 (192.168.0.132)' can't be established.
ECDSA key fingerprint is SHA256:sXdoFk4lfiKs2dlk2QNwbxzWZbKEchhyoYRKcFqnjkY.
ECDSA key fingerprint is MD5:9b:5f:c7:28:ac:3b:9c:6d:00:25:49:91:62:60:b7:b6.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
第三步:測試,已經可以免密碼登錄server02主機了
[root@server01 ~]# ssh [email protected]
Last login: Sun Aug 11 10:02:48 2019
[root@server02 ~]#
是不是很容易
更多學習資料請關注微信18198518349(個人號)