原理就是把兩臺服務器的對應用戶的公鑰拷貝到對方authorized_keys文件裏面!
Client端
步驟1(生成證書)
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <-- 直接輸入回車
Enter same passphrase again: <-- 直接輸入回車
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
49:9c:8a:8f:bc:19:5e:8c:c0:10:d3:15:60:a3:32:1c root@Server
注意: 在程序提示輸入passphrase時直接輸入回車,表示無證書密碼。
上述命令將生成私鑰證書 id_rsa 和公鑰證書 id_rsa.pub ,存放在用戶家目錄的.ssh子目錄中。
步驟2(copy證書)
將Client服務器的公鑰證書id_rsa.pub複製到Server服務器的root家目錄的 .ssh 子目錄中
Client端
scp -p /root/.ssh/id_rsa.pub [email protected]:/root/.ssh/
下面命令如果不成功,請手動一出去後複製到另外一臺服務端
[email protected]'s password: <-- 輸入機器Client的root用戶密碼
id_rsa.pub 100% |**************************| 218 00:00
Server端
mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
或者
cat id_rsa.pub >>authorized_keys
經過以上2步,就在機器Client的root和機器Server的root之間建立安全信任關係。下面我們看看效果:
Client端
scp -i /root/ .ssh/id_rsa text [email protected]:/root
text 100% |**************************| 19 00:00
若ssh端口非22端口,請使用-P參數後跟端口號!
使用問題:
1、Add correct host key in /root/.ssh/known_hosts to get rid of this message
bug:
Add correct host key in /root/.ssh/known_hosts to get rid of this message
解決辦法:
rm ~/.ssh/known_hosts