类型:【转载】
原文作者:【少年不在了】
日期:【2016-09-06 21:31:41】
原文地址:https://blog.51cto.com/yinsuifeng/1847001

 

通常我们使用ssh登录远程主机的时候是要密码的,当我们想要免密登录对方的主机时,这时就要用到基于秘钥得认证机制。使用方法也十分简单,只需要两步:

  1. 客户端本地生成一对秘钥
  2. 将公钥传输至远程服务器,追加保存到远程主机某用户的家目录 的.ssh/authorized_keys文件或.ssh/authorized_keys2文件中。

在这里我使用192.168.1.106位客户端。192.168.1.108作为远程服务器。

[root@mylinux home]# ssh-keygen  -t rsa  ;生成一对秘钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e9:ae:a4:2c:bd:68:64:6a:ae:a4:81:20:39:9f:ac:2f root@mylinux
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
| .       .       |
|=       S        |
|++o.   .         |
|o=+.  . .        |
|E+oo.o .         |
|B=o.+....        |
+-----------------+
[root@mylinux home]# cd ~/.ssh/
[root@mylinux .ssh]# ls
id_rsa  id_rsa.pub  known_hosts
[root@mylinux .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.1.108 ;将公钥传送至远程服务器
root@192.168.1.108's password: 
Now try logging into the machine, with "ssh 'root@192.168.1.108'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[root@mylinux .ssh]# ssh root@192.168.1.108  ;免密登录成功
Last login: Tue Sep  6 21:18:21 2016 from 192.168.1.106
[root@lamp01 ~]#

如果ssh的端口不是22,可用下面命令

ssh-copy-id -i ~/.ssh/id_rsa.pub “-p 23 root@192.168.1.108”

发表评论