• SSH免密登陆


    SSH远程免密登录

    环境:两台centos虚拟机,一台为192.168.134.129(用作远程主机),另一台为192.168.134.130.

    首先查看一下两台linux的ip地址:

    [root@promote ~]# ifconfig
    ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.134.129  netmask 255.255.255.0  broadcast 192.168.134.255
            inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:eb:2d:01  txqueuelen 1000  (Ethernet)
            RX packets 145  bytes 18326 (17.8 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 144  bytes 23724 (23.1 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 64  bytes 5696 (5.5 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 64  bytes 5696 (5.5 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    再来看一下另外一台:

    [root@machine1 ~]# ifconfig
    ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.134.130  netmask 255.255.255.0  broadcast 192.168.134.255
            inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
            inet6 fe80::134a:dd7d:6b15:96ea  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:42:f7:1d  txqueuelen 1000  (Ethernet)
            RX packets 127  bytes 15748 (15.3 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 134  bytes 21258 (20.7 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 64  bytes 5696 (5.5 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 64  bytes 5696 (5.5 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    先在192.168.134.130上远程登录192.168.134.129试试。

    [root@machine1 ~]# ssh 192.168.134.129
    The authenticity of host '192.168.134.129 (192.168.134.129)' can't be established.
    ECDSA key fingerprint is SHA256:JqAC8jcLCLobvRy0wzY9VGBNuZU3EydpO8n2fEtQ178.
    ECDSA key fingerprint is MD5:5d:26:a1:60:c3:eb:02:e9:97:7a:bb:7a:49:8a:14:0b.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '192.168.134.129' (ECDSA) to the list of known hosts.
    root@192.168.134.129's password:
    

    发现是要输入密码才可以登录的。
    现在来实现免密登陆。
    首先在192.168.134.130上生成公钥。

    [root@machine1 ~]# ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:pRHW15F3aA7esrPe39CEchPqzPCKAIKd/+4liaigyzo root@machine1
    The key's randomart image is:
    +---[RSA 2048]----+
    |        o.   ..+ |
    |       . .. o = o|
    |        . .o =...|
    | o .     +  o.oo |
    |. + .   S . oo+ .|
    |   + o .   *oo + |
    |. . o + .   =o. .|
    |E.   . + . ... ..|
    |*+   o+ . ... ..o|
    +----[SHA256]-----+
    

    接着将此公钥发送到远程主机192.168.134.129

    [root@machine1 ~]# ssh-copy-id 192.168.134.129
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    root@192.168.134.129's password:
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh '192.168.134.129'"
    and check to make sure that only the key(s) you wanted were added.
    

    传送完成之后,到远程主机192.168.134.129上修改ssh的配置文件/etc/ssh/sshd_config.
    修改以下两条:PubkeyAuthentication yesPasswordAuthentication no,即密钥登陆改为yes,密码登陆改为no.

    接着重启一下sshd服务

    [root@machine1 ~]# systemctl restart sshd
    

    然后到192.168.134.130上远程免密登录192.168.134.129试试。

    [root@machine1 ~]# ssh 192.168.134.129
    Last login: Thu Jul 12 00:01:07 2018 from 192.168.134.1
    [root@promote ~]# ifconfig
    ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.134.129  netmask 255.255.255.0  broadcast 192.168.134.255
            inet6 fe80::4881:9be0:2bb6:62e  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:eb:2d:01  txqueuelen 1000  (Ethernet)
            RX packets 1927  bytes 207095 (202.2 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 1693  bytes 174581 (170.4 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 64  bytes 5696 (5.5 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 64  bytes 5696 (5.5 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    

    免密登录成功!

  • 相关阅读:
    只要7步,就能将任何魔方6面还原
    写一篇文章测试一下
    关于80端口被占用
    打造只能输入数字的文本框
    windows下MySql忘记密码的解决方案
    linq to xml 操作sitemap
    C#设计模式——工厂方法模式(Factory Method Pattern)
    C#设计模式——单件模式(Singleton Pattern)
    C#设计模式——迭代器模式(Iterator Pattern)
    C#设计模式——状态模式(State Pattern)
  • 原文地址:https://www.cnblogs.com/Timesi/p/9282653.html
Copyright © 2020-2023  润新知