ssh免密访问对端服务

ssh免密访问对端服务

主机名	主机IP	用途
ssh01	192.168.200.30	节点一
ssh02	192.168.200.31	节点二

1. root超级用户之前互相免密访问

#由节点一生产密匙
[root@ssh01 ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):    #直接回车确认
Enter passphrase (empty for no passphrase):                 #直接回车确认
Enter same passphrase again:                                #直接回车确认
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:                                     #直接回车确认
SHA256:EtqTFNuA6RHt84GS6k3akEOCJddF+mIdfYLvoUustdc root@ssh01
The key's randomart image is:                               #直接回车确认
+---[RSA 2048]----+
|   ..B=          |
|. o =..B         |
|.+ ..+*.+ .      |
|o . +*+=.o       |
| o o+.BoS.       |
|  =..o =..       |
| . B  = ..       |
|  o o+ o. E      |
|    . o.         |
+----[SHA256]-----+

#将节点一公钥id_rsa.pub文件复制到节点二的用户家目录下的.ssh目录下。如果对方没有.sh这个目录，就自己创建一个，但切记要把目录权限改成700
[root@ssh02 ~]# mkdir .ssh
[root@ssh02 ~]# chmod +700 .ssh
[root@ssh02 ~]# ll -la
#以上省略若干。。。
drwxr-xr-x   2 root root    6 3月  21 19:30 .ssh
#以下省略若干。。。

[root@ssh01 ~]# scp ./.ssh/id_rsa.pub root@192.168.200.58:~/.ssh/
ssh: connect to host 192.168.200.58 port 22: No route to host
lost connection
[root@ssh01 ~]# scp ./.ssh/id_rsa.pub root@192.168.200.31:~/.ssh/
root@192.168.200.31's password: 
id_rsa.pub                                                                   100%  392   536.7KB/s   00:00    

#将拷贝过去的id_rsa.pub文件里的内容追加到～/.ssh/authorized_keys文件当中
[root@ssh02 ~]# cd .ssh/
[root@ssh02 .ssh]# ll
总用量 4
-rw-r--r-- 1 root root 392 3月  21 19:31 id_rsa.pub
[root@ssh02 .ssh]# cat id_rsa.pub > authorized_keys

#实验测试
[root@ssh01 ~]# hostname -I
[root@ssh01 ~]# 192.168.200.30
[root@ssh01 ~]# ssh 192.168.200.31
Last login: Sat Mar 21 19:26:56 2020 from 192.168.200.1
[root@ssh02 ~]# hostname -I
[root@ssh02 ~]# 192.168.200.31

2. 非root普通用户之前互相免密访问

#由节点一生产密匙
[tomcat@ssh01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/tomcat/.ssh/id_rsa):  #直接回车确认
Enter passphrase (empty for no passphrase):                      #直接回车确认
Enter same passphrase again:                                     #直接回车确认
Your identification has been saved in /home/tomcat/.ssh/id_rsa.
Your public key has been saved in /home/tomcat/.ssh/id_rsa.pub.
The key fingerprint is:                                          #直接回车确认
SHA256:kiTqjtV8B+NS8WRwjj4fxk1BjexJpXd37K9LM6h0/2o tomcat@ssh01
The key's randomart image is:                                    #直接回车确认
+---[RSA 2048]----+
|      . .oo+.    |
|       =  +o.  . |
|    . + +oo.. . +|
|   . + B oo. . o.|
|  .   O S .     .|
| . o o B .   .  .|
|  o + o o . o + .|
| +   o . . o oE+ |
|. .       .  .=+.|
+----[SHA256]-----+

#将节点一公钥id_rsa.pub文件复制到节点二的用户家目录下的.ssh目录下。
[tomcat@ssh01 ~]$ ssh-copy-id -i /home/tomcat/.ssh/id_rsa.pub tomcat@192.168.200.31
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/tomcat/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
tomcat@192.168.200.31's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'tomcat@192.168.200.31'"
and check to make sure that only the key(s) you wanted were added.

#实验测试
[tomcat@ssh01 ~]$ hostname -I
192.168.200.30 
[tomcat@ssh01 ~]$ ssh 192.168.200.31
Last login: Sat Mar 21 19:43:40 2020 from 192.168.200.30
[tomcat@ssh02 ~]$ hostname -I
192.168.200.31