最近整理收藏的技術帖子,發現通過遠程機器直接連接本地機器每次需要輸入密碼,非常繁瑣,找了個方法直接免祕鑰進入。
建設原理:
本地服務器的公鑰,加密一段隨機字符串,把這段密文發送回給遠程服務器,遠程服務器利用私鑰解密這段密文,然後把明文發給本地服務器,本地服務器你驗證自己的明文祕鑰進行解析,讓遠程服務器直接免祕鑰訪問(處於安全考慮,建議不要在生產環境下面搞,免得被別人亂開信息)
準備環境:
本地機器A:192.168.139.144 遠程機器b:192.168.139.139
本地機器A:192.168.139.144配置
[root@localhost ~]# chmod 777 .ssh/ #網上其他說700,第二次我直接設置成777
root@localhost ~]# ssh-keygen -t rsa #默認都是yes,這是我第二次嘗試,祕鑰文件直接覆蓋
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)?
[root@localhost .ssh]# ls #檢查.ssh文件下面的公鑰和私鑰文件。
autorized_keys id_rsa id_rsa.pub known_hosts
[root@localhost .ssh]# cat known_hosts #檢查傳送祕鑰的本地主機
192.168.139.144 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo82MJSw8dxGTvrXCFIKiszfpxbF/riPrXCOvGMTRamyKTLpDQScq3qFtnBSBLWGpJCJ4etoQp/W7vFax/FcH+cCHO+dqs9qFpE84rKm5woXfNWpH/bo8U1r24DrxLagJz3B06W6/f+IedWj1bRZcY3cT6jy5sRh7y/lOnxLz3YEuHa37hRdHyXccWIkdT0xla3QBB5HHq0v4CXmy+Q8izVWHdiDgGUWhsBj+7SmyfQtQZPa4Lw/XXnzmT6+0Q9o1Y/3eteYZvyFGseKWdtwZmROMm33UGTVN8Iy8+WJ3XowJ697qx1MntKGfZu6bKlWsI6+oli6S2BZwfXnf+H6+KQ==
192.168.139.139 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0IbPQxB3kTktma3p35NSeeaZfwoaIuPuj6YXPL7KfryvNscrciUalzWVFm1r5JV0CuG5R0hnAQqmiKQJQnzDhcD0gw8oGynWL4LNCSEAvx5/D+IB8u/vSEquTAv17Iy/e476qNcWetjbxl9kMh/U+19E7ybhVkstQFDeelbg1478aUrU+hNnQgDZ3SMlAzzE2OdP+D9s9K6CPtpdF2zH0YL+liaL3xWvIxd6SSdl5JpTxjWxUTtmuI29GLxfLxC96KStStK0KbZUb5Sm7twYQGmbcN13wMhtW8TcgbxH52oT7NtyrqDshu0VgRika4CxIdokPD4yrcikn3pkzMzmZQ==
[root@localhost .ssh]# rm autorized_keys #這裏是我直接創建的文件,有一些網友說把祕鑰寫進來這個文件,幾次嘗試都不成功。直接刪除了。
rm: remove regular empty file `autorized_keys'? y
[root@localhost .ssh]# ssh-copy-id 192.168.139.139 #將祕鑰傳送到遠程服務器B,並且輸入遠程服務器的密碼。
[email protected]'s password: #輸入遠程服務器B的密碼
Now try logging into the machine, with "ssh '192.168.139.139'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
遠程服務器b-192.168.139.139的操作:
[root@localhost ~]# cd .ssh/ #檢查看144的祕鑰傳送過來的情況
[root@localhost .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@localhost .ssh]# cat authorized_keys #檢查本身祕鑰的情況,粗略看是144的祕鑰文
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuHoxFl+6Oa4mYgHvh1ihtmUOs0m7yEGEljX9xRpUe70iHHt7UnyDrIFCu7kfKTeP7FgBiCTPNjabuZdeNtQefHKB67eQ/U6H/ANUKUMg9YP6yVV4jruIw5fufMClIrad7MR4XyVAfhijmwSAmXL4d8Y89WX5zELKaMwaWMxeGcxSOHaBArNfn7Jn9u2ORWD7MHAl9xIMx768vO09vdwmQGIrkVwfyYXj2GhVKwcPWwUXmWqgbYnptq/qEZdwi4NSkJCz/nfnetDCZDfkKMD3Ksbxof1ziXa0E9l8Xlo9FtKeeCTbytRjtVIzKw016tInCSuI16oYbhVZ0kGO7UhGqw== [email protected]
[root@localhost .ssh]# ssh [email protected] #現在最直接ssh本地服務器A 192.168.139.144
Last login: Tue Apr 9 20:45:14 2019 from 192.168.139.139
[root@localhost ~]# ifconfig #連接完畢後檢查IP地址是不是正確
eth0 Link encap:Ethernet HWaddr 00:0C:29:31:AE:FD
inet addr:192.168.139.144 Bcast:192.168.139.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe31:aefd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18149 errors:0 dropped:0 overruns:0 frame:0
TX packets:8737 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22487040 (21.4 MiB) TX bytes:582276 (568.6 KiB)
總結:參考了網友一些經驗,給.ssh/設置權限時注意設置大一點。700的權限可能還不夠,最好設置到777.
傳輸過程中,確保兩個服務器之間能ping通。第一沒有成功,可能是應在.ssh中設置autorized的權限文件夾,和設置700的權限。
借鑑:https://jingyan.baidu.com/article/00a07f38bb594682d028dcc8.html
https://jingyan.baidu.com/article/02027811471aa91bcc9ce5a0.html