兩臺機器免密登錄

同一個網段的兩臺機器免密登錄

免密登錄的配置，除了方便登錄，還方便傳輸文件。在兩臺機器之間如果要傳輸文件，每次都要輸入密碼，做了免密登錄，傳輸文件不需要輸入密碼。但是做機器的免密登錄也有一定的弊端，如果有攻擊者將自己的公鑰放到我們的服務器中，那麼他就不需要密碼直接就能登錄到我們的服務器。

服務器1：192.168.184.137

服務器2：192.168.184.150

1、在兩臺機器上做解析,修改完主機名再重新連接一下即可

在服務器1上

[root@localhost ~]# vim /etc/hosts
192.168.184.137   web-1
192.168.184.150   web-2
[root@localhost ~]# hostnamectl set-hostname web-1

在服務器2上

[root@localhost ~]# vim /etc/hosts
192.168.184.137   web-1
192.168.184.150   web-2
[root@localhost ~]# hostnamectl set-hostname web-2 

2、測試連通性

使用ping命令測試兩臺機器是否可以連通

[root@web-1 ~]# ping -c1 192.168.184.150           #返回以下值說明機器連通
PING 192.168.184.150 (192.168.184.150) 56(84) bytes of data.
64 bytes from 192.168.184.150: icmp_seq=1 ttl=64 time=1.22 ms
--- 192.168.184.150 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.228/1.228/1.228/0.000 ms

3、在服務器1上生成祕鑰對

輸入ssh-keygen，按三次回車(回車表示默認值)，生成祕鑰對(祕鑰對存在於/root/.ssh/文件中)。

[root@web-1 ~]# ssh-keygen                 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):     
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:bs6VQ7GKjbkUT2WUEnG7FZc/bRAIjFdtwORI1S7PSCY root@localhost
The key's randomart image is:
+---[RSA 2048]----+
|        o==B*=oo |
|        o+++oo*  |
|         o* oo o.|
|         oE=+ ..+|
|      . S ++ = ..|
|       X o .. o  |
|      = * +      |
|     . = . .     |
|      . o        |
+----[SHA256]-----+
[root@web-1 ~]# ls .ssh/           #查看是否生成了祕鑰對
id_rsa  id_rsa.pub

4、拷貝公鑰

生成祕鑰對後，拷貝公鑰給服務器2 — 使用ssh-copy-id

[root@web-1 ~]# ssh-copy-id -i 192.168.184.150         #將公鑰拷給服務器2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.184.150 (192.168.184.150)' can't be established.
ECDSA key fingerprint is SHA256:j0/tu1CABCF02pkRgidcJtsmPTFF5Cjhnh7rE+9rO4I.
ECDSA key fingerprint is MD5:7f:f1:84:99:27:b5:a2:d0:4d:09:ba:11:94:15:33:c9.
Are you sure you want to continue connecting (yes/no)? yes      #輸入"yes"，繼續連接
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:              #輸入密碼，此處的密碼輸入是不顯示的
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '192.168.184.150'"
and check to make sure that only the key(s) you wanted were added.

[root@web-1 ~]# ls .ssh/
id_rsa  id_rsa.pub  known_hosts
[root@web-1 ~]# cat .ssh/known_hosts       #cat查看一下新生成的這個文件，寫入了已知的主機
192.168.184.150 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBM1gXyboMN2qBA4ienZRgw23rTw1ukFusV9AucuPBHifaaAKYjys4uNhQ5/6paETsUI8/YcWfAQU9FCCYBfNI5k=

查看服務器2上的文件

[root@web-2 ~]# ls .ssh/
authorized_keys

5、測試

使用ssh 登錄服務器2 ，並查看登錄後的ip地址。

[root@web-1 ~]# ssh 192.168.184.150
Last login: Mon Sep 16 21:50:28 2019 from 192.168.184.1
[root@web-1 ~]# ip a |grep ens33        #查看登陸後的ip，若爲服務器2的地址，則免密登錄成功
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 192.168.184.150/24 brd 192.168.184.255 scope global dynamic ens33
[root@web-1 ~]# exit      退出登錄
logout
Connection to 192.168.184.150 closed.
[root@web-1 ~]# ip a | grep ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    inet 192.168.184.137/24 brd 192.168.184.255 scope global dynamic ens33

至此，免密登錄配置成功。

擴展

如果服務器2不想讓服務器1免密登錄，則刪除掉自己/root/.ssh/下的文件即可

[root@web-2 ~]# cd .ssh/
[root@web-2 .ssh]# ls
authorized_keys
[root@web-2 .ssh]# rm -rf authorized_keys