一、以root用戶登錄,更改SSH的配置文件#vi /etc/ssh/sshd_config
RSAAuthentication yes # 啓用 RSA 認證
PubkeyAuthentication yes # 啓用公鑰私鑰配對認證方式
AuthorizedKeysFile .ssh/authorized_keys # 公鑰文件路徑
重啓SSH服務: service sshd restart
二、以無密碼訪問的用戶執行如下命令建立公鑰和私鑰,提示輸入時直接回車。
db1上的操作
[root@db1]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
72:bb:4f:1d:ef:57:d0:7f:5a:40:f2:63:cc:77:6c:86 root@db1
[root@db1]# scp 10.0.1.15:~/.ssh/id_rsa.pub ~/.ssh/15.pub
[root@db1]# cat ~/.ssh/15.pub >>~/.ssh/authorized_keys
db2上的操作
[root@db2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ef:03:60:28:17:70:cc:56:8d:0f:42:3c:53:b5:e2:af root@db2
[root@db2]# scp 10.0.1.14:~/.ssh/id_rsa.pub ~/.ssh/14.pub
[root@db2]# cat ~/.ssh/14.pub >>~/.ssh/authorized_keys
默認公鑰文件/root/.ssh/id_rsa.pub
默認私鑰文件/root/.ssh/id_rsa
.ssh文件夾如果不存在,需要手動創建,並將權限改爲700
三、SSH無密碼驗證的原理:
Master作爲客戶端,要實現無密碼公鑰認證,連接到服務器Salve上時,需要在Master上生成一個密鑰對,包括一個公鑰和一個私鑰,而後將公鑰複製到所有的Salve上。當Master通過SSH鏈接到Salve上時,Salve會生成一個隨機數並用Master的公鑰對隨機數進行加密,併發送給Master。Master收到加密數之後再用私鑰解密,並將解密數回傳給Salve,Salve確認解密數無誤之後就允許Master進行連接了。這就是一個公鑰認證過程,期間不需要手工輸入密碼,重要的過程是將Master上產生的公鑰複製到Salve上。