ssh-keygen和ssh-copy-id实现SSH无密码登录

本文主要是介绍ssh-keygen和ssh-copy-id实现SSH无密码登录，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

安装了jumpserver跳板机，通过跳板机登录到各个服务器，因此想实现ssh无密码登录，用ssh-keygen和ssh-copy-id实现。

ssh-keygen:  generates, manages and converts authentication keys for ssh
             创建公钥和密钥
ssh-copy-id: a script that uses ssh to log into a remote machine
             默认情况下，把本地主机的公钥append到远程主机的~/.ssh/authorized_keys文件上

实现过程

1 服务器情况

server 1: 172.16.16.70, 用户名：test

test@host70:~$ ls -a
.  ..  .bash_history  .ssh
test@host70:~$ ls -l .ssh/
total 4
-rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts
test@host70:~$ cat .ssh/known_hosts
|1|0ZfKXQmtuKnq2tlIndFLC6+ySc8=|0S7Plqf/gOzZU8jPQLDKEnv31Gg= ecdsa-sha2-nistp256 AAAA
E2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOET4VFGdPJ8dFOQV5BN/x+gRU4T0MILTSr2D
2PLBid8ik715irXDDIsNAHSE+7yHFYG6XpqaOZmvRDn6TObhys=
test@host70:~$ ssh zhai@172.16.16.80
The authenticity of host '172.16.16.80 (172.16.16.80)' can't be established.
ECDSA key fingerprint is f5:d4:4a:3d:93:fa:73:da:47:82:35:38:38:fb:49:8e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.16.80' (ECDSA) to the list of known hosts.
zhai@172.16.16.80's password:

登录server2需要密码

server 2: 172.16.16.80, 用户名：zhai

zhai@host80:~$ ls -a
.  ..  .bash_history  .bash_logout  .bashrc  .cache  .profile

2 在server1上，用ssh-keygen生成公钥和私钥对

        命令：ssh-keygen -t rsa

test@host70:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
81:d4:64:d0:e4:9f:6a:de:74:0d:49:03:01:fd:02:8b test@test
The key's randomart image is:
+--[ RSA 2048]----+
|      o*=oo.     |
|     . ++ ..     |
|      ..oo .o    |
|      E .o.o.o   |
|        S o.o    |
|         .   o   |
|        o . . .  |
|       o o .     |
|        . .      |
+-----------------+
test@host70:~$ ls -l .ssh/
total 12
-rw------- 1 test test 1675 Jan 14 16:53 id_rsa
-rw------- 1 test test  391 Jan 14 16:53 id_rsa.pub
-rw-r--r-- 1 test test  222 Jan 14 16:50 known_hosts
test@host70:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
5W79oTEIYkH/dlyVzJDGz9IdV1 test@test

3 在server1上，用ssh-copy-id将公钥复制到远程机器server2中

test@host70:~$ ssh-copy-id zhai@172.16.16.80
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
zhai@172.16.16.80's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'zhai@172.16.16.80'"
and check to make sure that only the key(s) you wanted were added.

在server2上查看是否已经生成文件authorized_keys

zhai@host80:~$ ls -a
.  ..  .bash_history  .bash_logout  .bashrc  .cache  .profile  .ssh
zhai@host80:~$ ls .ssh/
authorized_keys
zhai@host80:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
5W79oTEIYkH/dlyVzJDGz9IdV1 test@test

通过比较发现：authorized_keys文件与server1上的id_rsa.pub文件内容一致。

4 无密码登录远程服务器

test@host70:~$ ssh zhai@172.16.16.80
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic ppc64le)* Documentation:  https://help.ubuntu.com/
Last login: Thu Jan 14 16:51:16 2016 from 172.16.16.173
zhai@host80~$ exit
logout
Connection to 172.16.16.80 closed.

注意：

如果远程服务器的sshd的服务端口不是默认的22，使用如下命令：

test@host70:~$ ssh-copy-id “-p 20000 zhai@172.16.16.80”

参考：

1 http://blog.chinaunix.net/uid-26284395-id-2949145.html

2 http://roclinux.cn/?p=2551

这篇关于ssh-keygen和ssh-copy-id实现SSH无密码登录的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---