1. 機器列表
A:192.168.4.4
B:192.168.4.5
實現A免密鑰登陸B
2. A生成密鑰對
[root@A ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xfLhSq92OwFP30kH+K6QAQo1V38dTmjHdULaV66Zq8s root@A
The key's randomart image is:
+---[RSA 2048]----+
| .o ... o=o=|
| . o.. ..=+*+|
| . ...+ +.+o+|
| . .=o. .o=.|
| S+o+ ++o |
| . o= . +. |
| . .o .. |
| ..o... |
| ....oE. |
+----[SHA256]-----+
[root@A ~]# cd .ssh/
[root@A .ssh]# ls
id_rsa id_rsa.pub
id_rsa : 生成的私鑰文件
id_rsa.pub : 生成的公鑰文件
know_hosts : 已知的主機公鑰清單
如果希望ssh公鑰生效需滿足至少下面兩個條件:
1) .ssh目錄的權限必須是700
2) .ssh/authorized_keys文件權限必須是600
3. 將生成的公鑰scp到想要登陸的服務器 B,B服務器必須有 .ssh目錄,如果沒有就創建並授予700權限
[root@A .ssh]# scp -p ~/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys
[email protected]'s password:
id_rsa.pub
4. 驗證
[root@A ~]# ssh 192.168.4.5
Last login: Thu Apr 19 10:32:54 2018 from 192.168.4.2