您好,登錄后才能下訂單哦!
0.說明
平常使用ssh登陸遠程服務器時,都需要使用輸入密碼,希望可以實現通過密鑰登陸而免除輸入密碼,從而可以為以后實現批量自動部署主機做好準備。
環境如下:
IP地址 | 操作系統 | |
服務器端 | 10.0.0.128/24 | CentOS 6.5 x86 |
客戶端 | 10.0.0.129/24 | Ubuntu 16.04 x86 |
1.客戶端生成密鑰對
生成密鑰對:
xpleaf@leaf:~$ ssh-keygen -t rsa -b 2048 Generating public/private rsa key pair. Enter file in which to save the key (/home/xpleaf/.ssh/id_rsa): Created directory '/home/xpleaf/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/xpleaf/.ssh/id_rsa. Your public key has been saved in /home/xpleaf/.ssh/id_rsa.pub. The key fingerprint is: SHA256:eLssyXJLzUCfSN5mu6nqNH9dB/gOyXSvWBwQdNssIYE xpleaf@leaf The key's randomart p_w_picpath is: +---[RSA 2048]----+ | o=oo | | E .o = | | o oo o | | + = .o +. | | = So = + | | B o+ = o | | o...=. * o | | ..+=..+o o | | .o++== | +----[SHA256]-----+
查看生成的密鑰對:
xpleaf@leaf:~$ ls .ssh id_rsa id_rsa.pub # id_rsa為私鑰,這個一般需要保密;id_rsa.pub為公鑰,這個可以公開。
2.上傳公鑰到服務器端
使用scp命令操作:
xpleaf@leaf:~$ scp .ssh/id_rsa.pub root@10.0.0.128:/root The authenticity of host '10.0.0.128 (10.0.0.128)' can't be established. RSA key fingerprint is SHA256:0Tpm11wruaQXyvOfEB1maIkEwxmjT2AklWb198Vrln0. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.128' (RSA) to the list of known hosts. root@10.0.0.128's password: id_rsa.pub 100% 393 0.4KB/s 00:00
3.服務器端操作
把從客戶端傳來的公鑰添加到.ssh/authorized_keys中:
[root@leaf ~]# cat id_rsa.pub >> .ssh/authorized_keys [root@leaf ~]# chmod 600 .ssh/authorized_keys # authorized_keys的權限需要為600
修改ssh配置文件/etc/ssh/sshd_config,找到下面一行:
PubkeyAuthentication no
修改為:
PubkeyAuthentication yes
4.測試
在客戶端上使用密鑰登陸到服務器上:
xpleaf@leaf:~$ ssh -i .ssh/id_rsa root@10.0.0.128 Last login: Tue May 9 15:14:01 2017 from 10.0.0.129 [root@leaf ~]#
5.注意事項
在服務器端需要把selinux關閉,否則最后無法使用密鑰進行遠程登陸;
客戶端使用scp命令時,在服務器端也需要安裝ssh客戶端,否則無法把公鑰上傳到服務器端,另外也可以使用ssh-copy-id root@10.0.0.128來代替scp操作(這樣在服務器端也不需要執行創建.ssh目錄等這些操作,即相當于該命令可以一步幫我們完成密鑰的上傳與配置工作);
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。