SSH免密登陆

SSH远程免密登录

环境：两台centos虚拟机，一台为192.168.134.129（用作远程主机），另一台为192.168.134.130.

首先查看一下两台linux的ip地址：

[root@promote ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.134.129  netmask 255.255.255.0  broadcast 192.168.134.255
        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:eb:2d:01  txqueuelen 1000  (Ethernet)
        RX packets 145  bytes 18326 (17.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 144  bytes 23724 (23.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 64  bytes 5696 (5.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64  bytes 5696 (5.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

再来看一下另外一台：

[root@machine1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.134.130  netmask 255.255.255.0  broadcast 192.168.134.255
        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
        inet6 fe80::134a:dd7d:6b15:96ea  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:42:f7:1d  txqueuelen 1000  (Ethernet)
        RX packets 127  bytes 15748 (15.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 134  bytes 21258 (20.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 64  bytes 5696 (5.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64  bytes 5696 (5.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

先在192.168.134.130上远程登录192.168.134.129试试。

[root@machine1 ~]# ssh 192.168.134.129
The authenticity of host '192.168.134.129 (192.168.134.129)' can't be established.
ECDSA key fingerprint is SHA256:JqAC8jcLCLobvRy0wzY9VGBNuZU3EydpO8n2fEtQ178.
ECDSA key fingerprint is MD5:5d:26:a1:60:c3:eb:02:e9:97:7a:bb:7a:49:8a:14:0b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.134.129' (ECDSA) to the list of known hosts.
root@192.168.134.129's password:

发现是要输入密码才可以登录的。
现在来实现免密登陆。
首先在192.168.134.130上生成公钥。

[root@machine1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pRHW15F3aA7esrPe39CEchPqzPCKAIKd/+4liaigyzo root@machine1
The key's randomart image is:
+---[RSA 2048]----+
|        o.   ..+ |
|       . .. o = o|
|        . .o =...|
| o .     +  o.oo |
|. + .   S . oo+ .|
|   + o .   *oo + |
|. . o + .   =o. .|
|E.   . + . ... ..|
|*+   o+ . ... ..o|
+----[SHA256]-----+

接着将此公钥发送到远程主机192.168.134.129。

[root@machine1 ~]# ssh-copy-id 192.168.134.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.134.129's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.134.129'"
and check to make sure that only the key(s) you wanted were added.

传送完成之后，到远程主机192.168.134.129上修改ssh的配置文件/etc/ssh/sshd_config.
修改以下两条：PubkeyAuthentication yes和PasswordAuthentication no,即密钥登陆改为yes，密码登陆改为no.

接着重启一下sshd服务

[root@machine1 ~]# systemctl restart sshd

然后到192.168.134.130上远程免密登录192.168.134.129试试。

[root@machine1 ~]# ssh 192.168.134.129
Last login: Thu Jul 12 00:01:07 2018 from 192.168.134.1
[root@promote ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.134.129  netmask 255.255.255.0  broadcast 192.168.134.255
        inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:eb:2d:01  txqueuelen 1000  (Ethernet)
        RX packets 1927  bytes 207095 (202.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1693  bytes 174581 (170.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 64  bytes 5696 (5.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 64  bytes 5696 (5.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

免密登录成功！