安装了jumpserver跳板机,通过跳板机登录到各个服务器,因此想实现ssh无密码登录,用ssh-keygen和ssh-copy-id实现。
ssh-keygen: generates, manages and converts authentication keys for ssh 创建公钥和密钥 ssh-copy-id: a script that uses ssh to log into a remote machine 默认情况下,把本地主机的公钥append到远程主机的~/.ssh/authorized_keys文件上
实现过程 1 服务器情况 server 1: 172.16.16.70, 用户名:test
test@host70:~$ ls -a . .. .bash_history .ssh test@host70:~$ ls -l .ssh/ total 4 -rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts test@host70:~$ cat .ssh/known_hosts |1|0ZfKXQmtuKnq2tlIndFLC6+ySc8=|0S7Plqf/gOzZU8jPQLDKEnv31Gg= ecdsa-sha2-nistp256 AAAA E2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOET4VFGdPJ8dFOQV5BN/x+gRU4T0MILTSr2D 2PLBid8ik715irXDDIsNAHSE+7yHFYG6XpqaOZmvRDn6TObhys= test@host70:~$ ssh zhai@172.16.16.80 The authenticity of host '172.16.16.80 (172.16.16.80)' can't be established. ECDSA key fingerprint is f5:d4:4a:3d:93:fa:73:da:47:82:35:38:38:fb:49:8e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '172.16.16.80' (ECDSA) to the list of known hosts. zhai@172.16.16.80's password: 登录server2需要密码 server 2: 172.16.16.80, 用户名:zhai
zhai@host80:~$ ls -a . .. .bash_history .bash_logout .bashrc .cache .profile 2 在server1上,用ssh-keygen生成公钥和私钥对 命令:ssh-keygen -t rsa
test@host70:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/test/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/test/.ssh/id_rsa. Your public key has been saved in /home/test/.ssh/id_rsa.pub. The key fingerprint is: 81:d4:64:d0:e4:9f:6a:de:74:0d:49:03:01:fd:02:8b test@test The key's randomart image is: +--[ RSA 2048]----+ | o*=oo. | | . ++ .. | | ..oo .o | | E .o.o.o | | S o.o | | . o | | o . . . | | o o . | | . . | +-----------------+ test@host70:~$ ls -l .ssh/ total 12 -rw------- 1 test test 1675 Jan 14 16:53 id_rsa -rw------- 1 test test 391 Jan 14 16:53 id_rsa.pub -rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts test@host70:~$ cat .ssh/id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9 p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5 5W79oTEIYkH/dlyVzJDGz9IdV1 test@test
3 在server1上,用ssh-copy-id将公钥复制到远程机器server2中 test@host70:~$ ssh-copy-id zhai@172.16.16.80 /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys zhai@172.16.16.80's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'zhai@172.16.16.80'" and check to make sure that only the key(s) you wanted were added. 在server2上查看是否已经生成文件authorized_keys zhai@host80:~$ ls -a . .. .bash_history .bash_logout .bashrc .cache .profile .ssh zhai@host80:~$ ls .ssh/ authorized_keys zhai@host80:~$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9 p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5 5W79oTEIYkH/dlyVzJDGz9IdV1 test@test 通过比较发现:authorized_keys文件与server1上的id_rsa.pub文件内容一致。
4 无密码登录远程服务器 test@host70:~$ ssh zhai@172.16.16.80 Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic ppc64le)
- Documentation: https://help.ubuntu.com/ Last login: Thu Jan 14 16:51:16 2016 from 172.16.16.173 zhai@host80~$ exit logout Connection to 172.16.16.80 closed.
注意: 如果远程服务器的sshd的服务端口不是默认的22,使用如下命令:
test@host70:~$ ssh-copy-id “-p 20000 zhai@172.16.16.80”
作者:翟海飞 来源:CSDN 原文:https://blog.csdn.net/zhaihaifei/article/details/50523576 版权声明:本文为博主原创文章,转载请附上博文链接!
