ssh-keygen和ssh-copy-id实现SSH无密码登录

女爷i 2022-08-19 13:13 298阅读 0赞

安装了jumpserver跳板机,通过跳板机登录到各个服务器,因此想实现ssh无密码登录,用ssh-keygen和ssh-copy-id实现。

ssh-keygen: generates, manages and converts authentication keys for ssh
创建公钥和密钥
ssh-copy-id: a script that uses ssh to log into a remote machine
默认情况下,把本地主机的公钥append到远程主机的~/.ssh/authorized_keys文件上

实现过程

1 服务器情况

server 1: 172.16.16.70, 用户名:test

  1. test@host70:~$ ls -a
  2. . .. .bash_history .ssh
  3. test@host70:~$ ls -l .ssh/
  4. total 4
  5. -rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts
  6. test@host70:~$ cat .ssh/known_hosts
  7. |1|0ZfKXQmtuKnq2tlIndFLC6+ySc8=|0S7Plqf/gOzZU8jPQLDKEnv31Gg= ecdsa-sha2-nistp256 AAAA
  8. E2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOET4VFGdPJ8dFOQV5BN/x+gRU4T0MILTSr2D
  9. 2PLBid8ik715irXDDIsNAHSE+7yHFYG6XpqaOZmvRDn6TObhys=
  10. test@host70:~$ ssh zhai@172.16.16.80
  11. The authenticity of host '172.16.16.80 (172.16.16.80)' can't be established.
  12. ECDSA key fingerprint is f5:d4:4a:3d:93:fa:73:da:47:82:35:38:38:fb:49:8e.
  13. Are you sure you want to continue connecting (yes/no)? yes
  14. Warning: Permanently added '172.16.16.80' (ECDSA) to the list of known hosts.
  15. zhai@172.16.16.80's password:

登录server2需要密码

server 2: 172.16.16.80, 用户名:zhai

  1. zhai@host80:~$ ls -a
  2. . .. .bash_history .bash_logout .bashrc .cache .profile

2 在server1上,用ssh-keygen生成公钥和私钥对

  1. 命令:ssh-keygen -t rsa
  2. test@host70:~$ ssh-keygen -t rsa
  3. Generating public/private rsa key pair.
  4. Enter file in which to save the key (/home/test/.ssh/id_rsa):
  5. Enter passphrase (empty for no passphrase):
  6. Enter same passphrase again:
  7. Your identification has been saved in /home/test/.ssh/id_rsa.
  8. Your public key has been saved in /home/test/.ssh/id_rsa.pub.
  9. The key fingerprint is:
  10. 81:d4:64:d0:e4:9f:6a:de:74:0d:49:03:01:fd:02:8b test@test
  11. The key's randomart image is:
  12. +--[ RSA 2048]----+
  13. | o*=oo. |
  14. | . ++ .. |
  15. | ..oo .o |
  16. | E .o.o.o |
  17. | S o.o |
  18. | . o |
  19. | o . . . |
  20. | o o . |
  21. | . . |
  22. +-----------------+
  23. test@host70:~$ ls -l .ssh/
  24. total 12
  25. -rw------- 1 test test 1675 Jan 14 16:53 id_rsa
  26. -rw------- 1 test test 391 Jan 14 16:53 id_rsa.pub
  27. -rw-r--r-- 1 test test 222 Jan 14 16:50 known_hosts
  28. test@host70:~$ cat .ssh/id_rsa.pub
  29. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
  30. jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
  31. WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
  32. er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
  33. p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
  34. 5W79oTEIYkH/dlyVzJDGz9IdV1 test@test

3 在server1上,用ssh-copy-id将公钥复制到远程机器server2中

  1. test@host70:~$ ssh-copy-id zhai@172.16.16.80
  2. /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
  3. /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
  4. zhai@172.16.16.80's password:
  5. Number of key(s) added: 1
  6. Now try logging into the machine, with: "ssh 'zhai@172.16.16.80'"
  7. and check to make sure that only the key(s) you wanted were added.

在server2上查看是否已经生成文件authorized_keys

  1. zhai@host80:~$ ls -a
  2. . .. .bash_history .bash_logout .bashrc .cache .profile .ssh
  3. zhai@host80:~$ ls .ssh/
  4. authorized_keys
  5. zhai@host80:~$ cat .ssh/authorized_keys
  6. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZdvvCYbVzNyW0cpLm1L1F7wJieiQOlWL
  7. jDrpE5TlQXRpoW9I5xjFz0726nCaDtOJcd0ajzD4XrV/DeT71p6Odw2JEuQBNIZr59oFsZ
  8. WLZifZtHTmrX40nF0sMeEak51mUEMoo9+Wjn/HwMR2/61qHHNjgL8HMaZ+uSn7yzuSUCxKZ
  9. er3CzrUOXRBurucdTO5FUi/bGrhdz2UTgmafhPjabqgiSayNrC65YNfJhBhqOC2T2omsvO9
  10. p75pnQZBGdUJTK7immNrJ4UhArFDSLhg0jm36w15r2sYN64JKpsNYSjrGkYnpigtadalpS5
  11. 5W79oTEIYkH/dlyVzJDGz9IdV1 test@test

通过比较发现:authorized_keys文件与server1上的id_rsa.pub文件内容一致。

4 无密码登录远程服务器

  1. test@host70:~$ ssh zhai@172.16.16.80
  2. Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.19.0-25-generic ppc64le)
  3. * Documentation: https://help.ubuntu.com/
  4. Last login: Thu Jan 14 16:51:16 2016 from 172.16.16.173
  5. zhai@host80~$ exit
  6. logout
  7. Connection to 172.16.16.80 closed.

注意:

如果远程服务器的sshd的服务端口不是默认的22,使用如下命令:

  1. test@host70:~$ ssh-copy-id “-p 20000 zhai@172.16.16.80

参考:

1 http://blog.chinaunix.net/uid-26284395-id-2949145.html

2 http://roclinux.cn/?p=2551

发表评论

表情:
评论列表 (有 0 条评论,298人围观)

还没有评论,来说两句吧...

相关阅读

    相关 linux ssh密码登录

    使用一种被称为"公私钥"认证的方式来进行ssh登录. "公私钥"认证方式简单的解释:首先在客户端上创建一对公私钥 (公钥文件:~/.ssh/id\_rsa.pub; 私钥文件:

    相关 实现ssh密码登录

    这里所说的ssh是指OpenSSH SSH客户端,是用于登录远程主机,并且在远程主机上执行命令。它的目的是替换rlogin和rsh,同时在不安全的网络之上,两个互不信任的主机之

    相关 SSH 密码登录 Linux

    SSH Key的知识 Linux系统有一个钥匙环(keyring)的管理程序.钥匙环受到用户登录密码的保护.当你登录Linux系统时,会自动解开钥匙环的密码,从而可访问钥