CentOS 7 配置ssh免密码登录

最新推荐文章于 2024-09-05 21:07:35 发布

原创最新推荐文章于 2024-09-05 21:07:35 发布 · 938 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#linux免密码登录

Linux 专栏收录该内容

2 篇文章

订阅专栏

本文介绍如何在CentOS7中配置SSH免密码登录。通过生成密钥对，并将公钥复制到目标主机上，实现从一台服务器无密码登录到另一台服务器的功能。文章详细记录了配置步骤和验证过程。

CentOS 7 配置ssh免密码登录

这里是使用root用户登录和执行相关操作

我这里是配置了hosts，下面操作的直接域名，可以把域名换成IP。

192.168.247.129 master
192.168.247.131 slave1
192.168.247.132 slave2

生成密钥

切换到用户主目录下的.ssh，如root用户 /root/.ssh/ ，执行ssh-keygen -t rsa生成公钥和密码

cd /root/.ssh/
ssh-keygen -t rsa

执行结果（默认回车3次车），生成2个文件id_rsa id、rsa.pub

[root@slave2 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:VeTLrMmHpweWBlBCYmhlxf96uD/IV7H7tzgWDUC9XHI root@slave2
The key's randomart image is:
+---[RSA 2048]----+
|   o=++.. .o+    |
|  oo .o.   + o E |
| .     o  . + =  |
|        o. o.=   |
|        So .+oo  |
|         .*+o. . |
|       . *=oo..  |
|        = ++oo. .|
|        .=oo.ooo.|
+----[SHA256]-----+
[root@slave2 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

know_hosts : 已知的主机公钥清单
id_rsa : 生成的私钥文件
id_rsa.pub ： 生成的公钥文件

复制公钥到其它主机

这里使用ssh-copy-id 命令 ssh-copy-id user@host，不写用户默认是root

ssh-copy-id master
ssh-copy-id slave1
ssh-copy-id slave2

验证
使用ssh指令 ssh user@ip，不指定user默认root

ssh master
ssh slave1
ssh slave2

如果希望ssh公钥生效需满足至少下面两个条件：1、ssh目录的权限必须是700 2、 .ssh/authorized_keys文件权限必须是600

执行过程

[root@slave2 .ssh]# ssh-copy-id master
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@master's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'master'"
and check to make sure that only the key(s) you wanted were added.

[root@slave2 .ssh]# ssh master
Last login: Wed Apr 11 22:09:27 2018 from 192.168.247.132
[root@master ~]# exit
logout
Connection to master closed.
[root@slave2 .ssh]# ssh-copy-id slave1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host 'slave1 (192.168.247.131)' can't be established.
ECDSA key fingerprint is SHA256:4L+UTEoSu7D5Z0KwVZ8hiLXORJsLdhj5v+9NUrdJyA8.
ECDSA key fingerprint is MD5:a6:13:a5:aa:4b:f4:57:b4:7e:93:06:19:a9:8c:a1:56.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@slave1's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'slave1'"
and check to make sure that only the key(s) you wanted were added.

[root@slave2 .ssh]# ssh slave1
Last login: Wed Apr 11 21:37:40 2018 from 192.168.247.129
[root@slave1 ~]# exit
logout
Connection to slave1 closed.
[root@slave2 .ssh]#