背景:
两台服务器ssh登录,不用输密码!!!
试验环境:
vmware workstation 11
服务器A:ip:192.168.0.19
服务器B:ip:192.168.0.12
SecureCRT (ssh远程连接软件)
软件介绍
加密数据所用的秘钥是成对的(公钥和私钥)
私钥留在自己的主机上,公钥送给对方的机器。
机器A的公钥放到机器B上面,A登录B可以实现免密。
那么数据到底是怎么传输的?
服务器-->客户端
服务器传送用客户端公钥加密的数据----------->用服务器端私钥解密
客户端的秘钥是随机运算产生的所以这次的和下次的不一样。
实验过程:
一、生成密钥
[root@baculaServer ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
43:2e:ab:3d:1e:7a:7b:39:78:78:8f:71:e9:6e:39:44 root@baculaServer
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| o E |
| . S. |
| o ... |
| oo.oo. |
| +=.*=+ |
| oo+*.=+. |
+-----------------+
二、公钥发送到另一台服务器
[root@baculaServer ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.0.12
The authenticity of host '192.168.0.12 (192.168.0.12)' can't be established.
RSA key fingerprint is fb:60:11:0b:20:da:e0:27:f0:b2:13:13:57:7c:00:77.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.12' (RSA) to the list of known hosts.
root@192.168.0.12's password:
Now try logging into the machine, with "ssh 'root@192.168.0.12'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
另一台上面进行相同操作!!!
测试:
服务器:192.168.0.19
[root@baculaServer ~]# ssh root@192.168.0.12
Last login: Mon Mar 14 00:31:53 2016 from 192.168.0.31
[root@Slave-drbd ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:86:D2:12
inet addr:192.168.0.12 Bcast:192.168.0.255 Mask:255.255.255.0
服务器:192.168.0.12
[root@Slave-drbd ~]# ssh root@192.168.0.19
Last login: Mon Mar 14 00:16:22 2016 from 192.168.0.31
[root@baculaServer ~]#
总结:简单的很这样操作。
