-
使用密码登录,每次都必须输入密码,非常麻烦。SSH还提供了公钥登录,可以省去输入密码的步骤。
-
所谓"公钥登录",就是用户将自己的公钥存储在远程主机上。登录的时候,远程主机会向发送一段随机字符串,用户用自己的私钥加密后,再发回来。远程主机用事先存储的公钥进行解密,如果成功,就证明用户是可信的,直接允许登录shell,不再要求密码。
-
生成公钥/私钥对(连续按四个回车键)
$ssh-keygen-t rsa -
在$HOME/.ssh/目录下,会新生成两个文件:id-rsa.pub和idz_rsa.前者是你的公钥,后者是你的私钥。
-
拷贝公钥至authorized_keys文件(+主机名)
$ssh-copy-id hadoop-senior.xiangkun
[xiangkun@hadoop-senior01 /]$ cd ~/.ssh/
[xiangkun@hadoop-senior01 .ssh]$ ls
[xiangkun@hadoop-senior01 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/xiangkun/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xiangkun/.ssh/id_rsa.
Your public key has been saved in /home/xiangkun/.ssh/id_rsa.pub.
The key fingerprint is:
de:76:78:38:e6:84:74:f1:2c:f8:da:50:9a:be:a4:33 xiangkun@hadoop-senior01.xiangkun
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . + |
| S + o |
| o O + |
| B X o |
| E+ O + |
| .o+.o |
+-----------------+
[xiangkun@hadoop-senior01 .ssh]$ ll
总用量 8
-rw-------. 1 xiangkun xiangkun 1675 7月 4 14:05 id_rsa
-rw-r--r--. 1 xiangkun xiangkun 415 7月 4 14:05 id_rsa.pub
[xiangkun@hadoop-senior01 .ssh]$ hostname
hadoop-senior01.xiangkun
[xiangkun@hadoop-senior01 .ssh]$ ssh-copy-id hadoop-senior01.xiangkun
The authenticity of host 'hadoop-senior01.xiangkun (192.168.111.106)' can't be established.
RSA key fingerprint is da:12:42:76:de:23:3a:01:48:18:cd:9e:60:d6:83:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hadoop-senior01.xiangkun,192.168.111.106' (RSA) to the list of known hosts.
xiangkun@hadoop-senior01.xiangkun's password:
Now try logging into the machine, with "ssh 'hadoop-senior01.xiangkun'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[xiangkun@hadoop-senior01 .ssh]$ ll
总用量 16
-rw-------. 1 xiangkun xiangkun 415 7月 4 14:08 authorized_keys
-rw-------. 1 xiangkun xiangkun 1675 7月 4 14:05 id_rsa
-rw-r--r--. 1 xiangkun xiangkun 415 7月 4 14:05 id_rsa.pub
-rw-r--r--. 1 xiangkun xiangkun 422 7月 4 14:08 known_hosts
[xiangkun@hadoop-senior01 .ssh]$