背景:
A主機(node32)需要免密登錄B(node33)主機
步驟:
1.在A主機運行如下命令然後一直按回車鍵,生成密鑰對,包含公鑰和私鑰
ssh-keygen -t rsa
一直按回車鍵,顯示如下:
[root@node32 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ACaurLVh+vMvDPOB4tGK4XZjegO7IsTfK0Rj0c35kPA [email protected]
The key's randomart image is:
+---[RSA 2048]----+
| . +.+ o |
| . + o.* |
| . . .Eo |
|.. + . . |
|o.B.. S |
|+O+=. |
|BoO=.. |
|+B.O+. |
|+oBo=+o |
+----[SHA256]-----+
會在 ~/.ssh / 目錄下生成兩個文件:私鑰:id_rsa 公鑰:id_rsa.pub
2.在A主機運行如下命令將生成的公鑰發送到B主機
ssh-copy-id node33
輸入B主機的root密碼完成操作。顯示如下:
[root@node33 .ssh]# ssh-copy-id node33
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'node33 (172.16.18.33)' can't be established.
ECDSA key fingerprint is SHA256:591R1j/G7VowLEhaiZoIXQZ2hfJyk8T7kf8h5BjEshE.
ECDSA key fingerprint is MD5:ac:a8:0a:5d:d4:1d:f5:29:28:8d:12:98:c8:22:b3:1e.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node32's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'node33'"
and check to make sure that only the key(s) you wanted were added.
完成:
現在可以在A主機嘗試免密連接B主機:
ssh node33
注意:可能還需要輸入密碼, 這是因爲權限問題, /root 目錄權限:700 .ssh/目錄權限:700 authorized_keys 文件權限: 700 或者600