免密码 密钥登陆
0. 说明
平常使用 ssh 登陆远程服务器时,都需要使用输入密码,希望可以实现通过密钥登陆而免除输入密码,从而可以为以后实现批量自动部署主机做好准备。
环境如下:
IP 地址 | 操作系统 | |
服务器端 | 10.0.0.128/24 | CentOS 6.5 x86 |
客户端 | 10.0.0.129/24 | Ubuntu 16.04 x86 |
1. 客户端生成密钥对
生成密钥对:
- [email protected]:~$ ssh-keygen -t rsa -b 2048
- Generating public/private rsa key pair.
- Enter file in which to save the key (/home/xpleaf/.ssh/id_rsa):
- Created directory '/home/xpleaf/.ssh'.
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Your identification has been saved in /home/xpleaf/.ssh/id_rsa.
- Your public key has been saved in /home/xpleaf/.ssh/id_rsa.pub.
- The key fingerprint is:
- SHA256:eLssyXJLzUCfSN5mu6nqNH9dB/gOyXSvWBwQdNssIYE [email protected]The key's randomart image is:
- +---[RSA 2048]----+
- | o=oo |
- | E .o = |
- | o oo o |
- | + = .o +. |
- | = So = + |
- | B o+ = o |
- | o...=. * o |
- | ..+=..+o o |
- | .o++== |
- +----[SHA256]-----+
查看生成的密钥对:
- [email protected]:~$ ls .ssh
- id_rsa id_rsa.pub
- # id_rsa为私钥,这个一般需要保密;id_rsa.pub为公钥,这个可以公开。
2. 上传公钥到服务器端
使用 scp 命令操作:
- [email protected]:~$ scp .ssh/id_rsa.pub [email protected]:/root
- The authenticity of host '10.0.0.128 (10.0.0.128)' can't be established.
- RSA key fingerprint is SHA256:0Tpm11wruaQXyvOfEB1maIkEwxmjT2AklWb198Vrln0.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '10.0.0.128' (RSA) to the list of known hosts.[email protected]password:
- id_rsa.pub 100% 393 0.4KB/s 00:00
3. 服务器端操作
把从客户端传来的公钥添加到. ssh/authorized_keys 中:
- [[email protected]~]# cat id_rsa.pub >> .ssh/authorized_keys
- [[email protected]~]# chmod 600 .ssh/authorized_keys
- # authorized_keys的权限需要为600
修改 ssh 配置文件 / etc/ssh/sshd_config,找到下面一行:
- PubkeyAuthentication no
修改为:
- PubkeyAuthentication yes
4. 测试
在客户端上使用密钥登陆到服务器上:
- [email protected]:~$ ssh -i .ssh/id_rsa [email protected]Last login: Tue May 9 15:14:01 2017 from 10.0.0.129
- [[email protected]~]#
5. 注意事项
来源: http://www.bubuko.com/infodetail-2065351.html