- 1如何快速入门sift算法_离散空间极值点与连续空间极值点
- 2基于Java+Vue+uniapp微信小程序健身小助手系统设计和实现_java健身助手
- 3Python tkinter库之Canvas 直线等分圆弧(割圆术)_python等分圆弧
- 4element-ui的el-menu路由模式下选中无颜色_el-menu移入不改变颜色
- 5【CI/CD】基于 Jenkins+Docker+Git 的简单 CI 流程实践(上)_设置ci流程,选择git
- 6unity3d 透明贴图双面显示
- 7彻底搞清楚map和flatmap_flatmap与map怎么都理解不了
- 8微软宣布.NET Core 3.0之后的下一个版本将是.NET 5,支持跨平台、移动开发_as p.net是什么的下一个版本
- 9大模型——LLAMA模型
- 10android源码编译环境准备(1)
Centos 7 做ssh免密登录_/usr/bin/ssh-copy-id: info: 1 key(s) remain to be
赞
踩
一、准备阶段
1、两台Centos系统,并已经安装了ssh
jerry7-11 10.4.7.11
jerry7-12 10.4.7.12
2、关闭防火墙,如果防火墙开启,将端口加入到防火墙规则中。
二、操作步骤
1、 22端口修改
可以修改ssh的22端口,或者不改 vim /etc/ssh/sshd_config,找到如下部分
#Port 22 将#去除,22改为想要的端口号。然后重启sshd服务
systemctl restart sshd
使用netstat -tlunp | grep sshd查看端口号
2、单向免密登录
jerry7-11使用ssh远程jerry7-12不需要密码,反之需要密码
在jerry7-11上使用ssh-keygen生成公钥和私钥(这里使用默认的rsa),一路默认即可
- [root@ jerry7-11 ~]# ssh-keygen -t rsa //默认指定算法的是rsa,可以没有-t rsa
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa):
- //保存私钥的路径默认/root/.ssh/id_rsa,可以指定生成地址
- Created directory '/root/.ssh'.
- Enter passphrase (empty for no passphrase): //密码
- Enter same passphrase again:
- Your identification has been saved in /root/.ssh/id_rsa. 生成私钥
- Your public key has been saved in /root/.ssh/id_rsa.pub. 生成公钥
- The key fingerprint is:
- SHA256:PXTg9KW4P582PWJMEwUstPfyXk6NWdrB518yCORbisc root@hdss7-11
- The key's randomart image is:
- +---[RSA 2048]----+
- | +...o |
- | o =.+ . |
- | =.=.. |
- | = o..o |
- | S * ...+o|
- | o B +oB+|
- | . E * BoB|
- | . *+B=|
- | ..+o+|
- +----[SHA256]-----+
- [root@ jerry7-11 ~]#
在没有指定生成地址时,会默认生成到家目录下的.ssh/目录下。使用rsa就会生成id_rsa和id_rsa.pub两个文件,如果使用的是dsa则生成的是id_dsa和id_dsa.pub两个文件。
[root@ jerry7-11 ~]# ll /root/.ssh/
-rw-------. 1 root root 1679 9月 16 14:53 id_rsa
-rw-r--r--. 1 root root 395 9月 16 14:53 id_rsa.pub
接着使用命令ssh-copy-id命令将本机生成的公钥发给jerry7-12被远程的服务器
- [root@ jerry7-11 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub -p22 root@10.4.7.12
- //-p是指你要发送对方的端口号
- /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
- The authenticity of host '10.4.7.12 (10.4.7.12)' can't be established.
- ECDSA key fingerprint is SHA256:iGP1Ez7V8/O5JAgo9FJ5GZ20TMU9l/dEVQkpRQrPO58.
- ECDSA key fingerprint is MD5:d9:7f:07:c6:a7:77:8f:56:32:bc:69:83:cb:17:a6:c2.
- Are you sure you want to continue connecting (yes/no)? yes //yes继续
- /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
- /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
- root@10.4.7.12's password: //输入jerry7-12服务器上的root用户的密码
-
- Number of key(s) added: 1
-
- Now try logging into the machine, with: "ssh -p '22' 'root@10.4.7.12'"
- and check to make sure that only the key(s) you wanted were added.
- [root@ jerry7-11 ~]#
公钥传完后在本地.ssh/ 下生成known_hosts文件
[root@jerry7-11 ~]# ll /root/.ssh/
-rw-------. 1 root root 1679 9月 16 14:53 id_rsa
-rw-r--r--. 1 root root 395 9月 16 14:53 id_rsa.pub
-rw-r--r--. 1 root root 171 9月 16 15:02 known_hosts
而在jerry7-12 服务器的root用户的家目录下生成.ssh目录,并含有authorized_keys文件。
[root@jerry7-12 .ssh]# ll /root/.ssh/
-rw------- 1 root root 395 9月 16 15:02 authorized_keys
测试:在hdss7-11测试ssh jerry7-12
[root@jerry7-11~]# ssh root@10.4.7.12 -p 22
Last login: Wed Sep 16 12:59:08 2020 from 10.4.7.1
[root@jerry7-12 ~]#
3、双向免密登录
双向免密就是互换公钥即可,这里接着上面把jerry7-12 的公钥发送到jerry7-11 上,并进行测试。
jerry7-12 :
[root@jerry7-12 .ssh]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:0N5SHnrZtgCwqcXd+W1waUrPpKaZN864xfKVp8LWiqU root@hdss7-12
The key's randomart image is:
+---[RSA 2048]----+
| . |
| . * . . . |
| * + = o = |
| o o * * @ |
| . S * B = |
| o O o . |
| =.B.o .|
| %+o.o |
| Eo=o. |
+----[SHA256]-----+[root@jerry7-12 .ssh]# cd /root/.ssh/
[root@jerry7-12 .ssh]# ll
-rw------- 1 root root 395 9月 16 15:02 authorized_keys
-rw------- 1 root root 1679 9月 16 15:21 id_rsa
-rw-r--r-- 1 root root 395 9月 16 15:21 id_rsa.pub[root@jerry7-12 .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub -p22 root@10.4.7.11
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.4.7.11 (10.4.7.11)' can't be established.
ECDSA key fingerprint is SHA256:iGP1Ez7V8/O5JAgo9FJ5GZ20TMU9l/dEVQkpRQrPO58.
ECDSA key fingerprint is MD5:d9:7f:07:c6:a7:77:8f:56:32:bc:69:83:cb:17:a6:c2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.4.7.11's password:Number of key(s) added: 1
Now try logging into the machine, with: "ssh -p '22' 'root@10.4.7.11'"
and check to make sure that only the key(s) you wanted were added.
jerry7-11 :
[root@jerry7-12 ~]# ll /root/.ssh/
-rw------- 1 root root 395 9月 16 15:02 authorized_keys
-rw------- 1 root root 1679 9月 16 15:21 id_rsa
-rw-r--r-- 1 root root 395 9月 16 15:21 id_rsa.pub
-rw-r--r-- 1 root root 171 9月 16 15:22 known_hosts
jerry7-12 :
[root@jerry7-12 .ssh]# ssh 10.4.7.11 -p 22
Last login: Wed Sep 16 12:59:07 2020 from 10.4.7.1
[root@jerry7-11 ~]#
