本文主要是介绍ssh-keygen和ssh-copy-id实现SSH无密码登录,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
安装了jumpserver跳板机,通过跳板机登录到各个服务器,因此想实现ssh无密码登录,用ssh-keygen和ssh-copy-id实现。
ssh-keygen: generates, manages and converts authentication keys for ssh
创建公钥和密钥
ssh-copy-id: a script that uses ssh to log into a remote machine
默认情况下,把本地主机的公钥append到远程主机的~/.ssh/authorized_keys文件上
实现过程
1 服务器情况
server 1: 172.16.16.70, 用户名:test
test@host70:~$ ls -a
. .. .bash_history .ssh
test@host70:~$ ls -l .ssh/
total 4
-rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts
test@host70:~$ cat .ssh/known_hosts
|1|0ZfKXQmtuKnq2tlIndFLC6+ySc8=|0S7Plqf/gOzZU8jPQLDKEnv31Gg= ecdsa-sha2-nistp256 AAAA
E2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOET4VFGdPJ8dFOQV5BN/x+gRU4T0MILTSr2D
2PLBid8ik715irXDDIsNAHSE+7yHFYG6XpqaOZmvRDn6TObhys=
test@host70:~$ ssh zhai@172.16.16.80
The authenticity of host '172.16.16.80 (172.16.16.80)' can't be established.
ECDSA key fingerprint is f5:d4:4a:3d:93:fa:73:da:47:82:35:38:38:fb:49:8e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.16.80' (ECDSA) to the list of known hosts.
zhai@172.16.16.80's password:
server 2: 172.16.16.80, 用户名:zhai
zhai@host80:~$ ls -a
. .. .bash_history .bash_logout .bashrc .cache .profile2 在server1上,用ssh-keygen生成公钥和私钥对
命令:ssh-keygen -t rsa
test@host70:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/test/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/test/.ssh/id_rsa.
Your public key has been saved in /home/test/.ssh/id_rsa.pub.
The key fingerprint is:
81:d4:64:d0:e4:9f:6a:de:74:0d:49:03:01:fd:02:8b test@test
The key's randomart image is:
+--[ RSA 2048]----+
| o*=oo. |
| . ++ .. |
| ..oo .o |
| E .o.o.o |
| S o.o |
| . o |
| o . . . |
| o o . |
| . . |
+-----------------+
test@host70:~$ ls -l .ssh/
total 12
-rw------- 1 test test 1675 Jan 14 16:53 id_rsa
-rw------- 1 test test 391 Jan 14 16:53 id_rsa.pub
-rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts
test@host70:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
5W79oTEIYkH/dlyVzJDGz9IdV1 test@test
3 在server1上,用ssh-copy-id将公钥复制到远程机器server2中
test@host70:~$ ssh-copy-id zhai@172.16.16.80
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
zhai@172.16.16.80's password:Number of key(s) added: 1Now try logging into the machine, with: "ssh 'zhai@172.16.16.80'"
and check to make sure that only the key(s) you wanted were added.zhai@host80:~$ ls -a
. .. .bash_history .bash_logout .bashrc .cache .profile .ssh
zhai@host80:~$ ls .ssh/
authorized_keys
zhai@host80:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
5W79oTEIYkH/dlyVzJDGz9IdV1 test@test
4 无密码登录远程服务器
test@host70:~$ ssh zhai@172.16.16.80
Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic ppc64le)* Documentation: https://help.ubuntu.com/
Last login: Thu Jan 14 16:51:16 2016 from 172.16.16.173
zhai@host80~$ exit
logout
Connection to 172.16.16.80 closed.注意:
如果远程服务器的sshd的服务端口不是默认的22,使用如下命令:
test@host70:~$ ssh-copy-id “-p 20000 zhai@172.16.16.80”
参考:
1 http://blog.chinaunix.net/uid-26284395-id-2949145.html
2 http://roclinux.cn/?p=2551
这篇关于ssh-keygen和ssh-copy-id实现SSH无密码登录的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
