Centos7 免密码登录
原理
- 首先在 serverA 上生成一对秘钥(ssh-keygen)
- 将公钥拷贝到 serverB,重命名 authorized_keys
- serverA 向 serverB 发送一个连接请求,信息包括用户名、ip
- serverB 接到请求,会从 authorized_keys 中查找,是否有相同的用户名、ip,如果有 serverB 会随机生成一个字符串
- 然后使用使用公钥进行加密,再发送个 serverA
- serverA 接到 serverB 发来的信息后,会使用私钥进行解密,然后将解密后的字符串发送给 serverB
- serverB 接到 serverA 发来的信息后,会给先前生成的字符串进行比对,如果一直,则允许免密登录
启动ssh服务
# 查看 ssh 状态
systemctl status sshd
# 启动 ssh
systemctl start sshd
# 停止 ssh
systemctl stop sshd
serverA生成秘钥
[root@localhost .ssh]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/appdeployment/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/appdeployment/.ssh/id_rsa.
Your public key has been saved in /home/appdeployment/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:f/BaN7YYLQWgxPB3v9HxdJfWrG7E32gUBCAvWsBSJNk root@localhost
The key's randomart image is:
+---[RSA 2048]----+
| .*=oo o.... |
| o.E+.+ . . .o|
| . = o o .+*|
| o o . +.==|
| . S . O o|
| . o * =.|
| . * @ o|
| + O o |
| . . . |
+----[SHA256]-----+
[root@localhost .ssh]$
移动id_rsa.pub文件到serverB
下载serverA id_rsa.pub到本地
cd ~/.ssh/
sz id_rsa.pub
公钥导入到serverB
# 进入.ssh目录
cd ~/.ssh/
# 上传id_rsa.pub
rz
# 然后在 serverB 运行以下命令来将公钥导入到~/.ssh/authorized_keys这个文件中
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
# 设置 .ssh目录 权限设置为700
chmod 700 ~/.ssh
# 设置 authorized_keys的权限设置为600
chmod 600 ~/.ssh/authorized_keys
这是linux的安全要求,如果权限不对,自动登录将不会生效
验证
ssh 192.168.1.10