服务器之间 ssh 免密码登录

最新推荐文章于 2025-07-13 11:23:11 发布

Jamin_Ma

最新推荐文章于 2025-07-13 11:23:11 发布

阅读量840

点赞数

CC 4.0 BY-SA版权

分类专栏： linux 文章标签： ssh linux

本文链接：https://blog.youkuaiyun.com/convict_eva/article/details/71088486

linux 专栏收录该内容

8 篇文章

订阅专栏

1、在所有服务器上生成公钥和密钥：
#ssh-keygen -t rsa
一路回车就行
执行完在后，在~目录下有生成了一个.ssh 文件夹，有两个文件：
id_rsa : 生成的私钥文件
id_rsa.pub ：生成的公钥文件

2、任择一个服务器A，在 ~/.ssh 目录下创建 authorized_keys 文件(如果有则清空文件内容)
#touch authorized_keys

3、把第一步所有服务器上生成的公钥复制到A服务器的authorized_keys文件中。这一步是为了在生成know_hosts 文件时(ssh 第一次登录服务器时)，不再需要服务器的密码。

4、把服务器A 上的authorized_keys 文件，复制到所有服务器 ~/.ssh/ 目录下
此时使用ssh 切换到别的服务器时，会出现以下提示：
The authenticity of host '192.168.77.128 (192.168.77.128)' can't be established.
RSA key fingerprint is bf:ff:72:ef:e2:5e:13:2f:0b:f9:3a:b3:3c:cf:f8:71.
Are you sure you want to continue connecting (yes/no)?

输入yes 后生成know_hosts 文件(如果文件已存在，则追加)

避免输入yes：

打开/etc/ssh/ssh_config文件：
找到：
# StrictHostKeyChecking ask
修改为
StrictHostKeyChecking no

（所以也不用生成know_hosts 文件了）

5、生成know_hosts 文件
在服务器A上，对所有的服务器（包括A）执行：
ssh host_name
有第4步提示时输入yes，之后就会追加know_hosts 文件，并切换到相应的服务器。在执行下一个ssh host_name 时，记得要先执行exit，退出到A服务器上。

6、把know_hosts 文件传到其它服务器~/.ssh/ 目录下，以后再使用ssh ，scp 命令可以直接使用了。

注：
id_rsa : 生成的私钥文件
id_rsa.pub ：生成的公钥文件
authorized_keys:存放远程免密登录的公钥,主要通过这个文件记录多台机器的公钥
know_hosts : 已知的主机公钥清单
1) .ssh目录的权限是700

2) .ssh/authorized_keys文件权限是600

ssh 切换服务器慢：

查看ssh 切换的信息

[jamin@localhost .ssh]$ ssh -v 192.168.77.129
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 192.168.77.129 [192.168.77.129] port 22.
debug1: Connection established.
debug1: identity file /home/jamin/.ssh/identity type -1
debug1: identity file /home/jamin/.ssh/identity-cert type -1
debug1: identity file /home/jamin/.ssh/id_rsa type 1
debug1: identity file /home/jamin/.ssh/id_rsa-cert type -1
debug1: identity file /home/jamin/.ssh/id_dsa type -1
debug1: identity file /home/jamin/.ssh/id_dsa-cert type -1
debug1: identity file /home/jamin/.ssh/id_ecdsa type -1
debug1: identity file /home/jamin/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '192.168.77.129' is known and matches the RSA host key.
debug1: Found key in /home/jamin/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Cannot determine realm for numeric host address

debug1: Next authentication method: publickey
debug1: Trying private key: /home/jamin/.ssh/identity
debug1: Offering public key: /home/jamin/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Last login: Tue Apr 25 14:28:23 2017 from 192.168.77.130

可以看出有 gssapi-with-mic 失败的信息
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.

关闭 gssapi-with-mic

修改：/etc/ssh/ssh_config 把 GSSAPIAuthentication 修改为no。再查看调试信息，就少了上面的失败信息。

还有一个命令：

ssh-copy-id ip