LINUX環境配置SSH免密
阿新 • • 發佈:2019-01-11
本文主要講述了LINUX環境如何配置SSH信任,配置SSH信任的目地是,SSH到目標機器上時,不用再輸入密碼。
環境: 兩臺linux的機器,主機名分別為db2a、db2b,IP地址分別為192.168.187.141、192.168.187.142,都有一個名為qingsong的使用者
$ cat /etc/hosts
127.0.0.1 localhost
192.168.187.141 db2a
192.168.187.142 db2b
[email protected]:~$ ssh db2b
The authenticity of host 'db2b (192.168.187.142)' can't be established.
ECDSA key fingerprint is f2:94:73:e7:8e:6c:c4:50:aa:54:9c:15:57:61:bb:e6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'db2b,192.168.187.142' (ECDSA) to the list of known hosts.
[email protected]'s password: <--輸入密碼
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com/
New release '16.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Sat Jun 24 07:57:47 2017 from 192.168.187.1
[email protected]:~$ exit
logout
Connection to db2b closed.
[email protected]:~$ ssh db2b
[email protected]'s password: <--輸入密碼
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com/
New release '16.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Sat Jun 24 08:03:34 2017 from db2a
2. 配置SSH信任
看home目錄下有沒有名為 '.ssh'的資料夾,如果沒有,新建一個,兩個機器上執行的命令是相同的:
db2a上:
[email protected]:~/.ssh$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/qingsong/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/qingsong/.ssh/id_rsa.
Your public key has been saved in /home/qingsong/.ssh/id_rsa.pub.
The key fingerprint is:
a6:58:05:69:29:0c:a6:a3:ec:3d:54:2f:0a:b9:12:28 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| oo .o |
| o o +. |
|o + . |
|+.. . .. |
|E+ . ...S |
|o.= .o.o |
|.o +. . |
|. . |
| |
+-----------------+
[email protected]:~/.ssh$ ls
id_rsa id_rsa.pub known_hosts
[email protected]:~/.ssh$ touch authorized_keys
[email protected]:~/.ssh$ chmod 600 authorized_keys
db2b上:
[email protected]:~$ cd .ssh
[email protected]:~/.ssh$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/qingsong/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/qingsong/.ssh/id_rsa.
Your public key has been saved in /home/qingsong/.ssh/id_rsa.pub.
The key fingerprint is:
76:1a:39:eb:97:9b:31:28:ab:06:1f:ef:e9:7a:35:49 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| E. |
| .S.. |
| . . .+B |
| o o..+.o. |
| o o= o+ |
| .o*= ..o. |
+-----------------+
[email protected]:~/.ssh$ ls
id_rsa id_rsa.pub
[email protected]:~/.ssh$ touch authorized_keys
[email protected]:~/.ssh$ chmod 600 authorized_keys
這時候,只要把db2a中id_rsa.pub的內容追加到db2b的authorized_keys檔案裡,就可以實現使用者qingsong從db2a機SSH到db2b時,不用輸入密碼:
db2a上:
[email protected]:~/.ssh$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsI4m6nTRdaxviBLN9L8DONFj6Y3WUNzBgJsYKNfDfA/y+6ofF5eUgka2cJYeq06/0f+k7OeC4nJZL+pdcG5Syu20berO1KbIqE6hAZ8eUgbaoteR2/v1eySphV/kcus7NBOw611CKMLD1Q9sWLDsHqtZIlUdlnAX8EMAkwJImBuyLPYesOu/mejn6U474TUMS5WxfXpcoBPDTFvarZWLE2yhg6t//WDiuuileXtP+9T/zWBDyZmJSmc+EhnwvHqjCyylrRHHkks1B3ufYtzBM1HGt/MJKcOitkGshLJFHXam+ovNLU8D46RymZmOJOMMxxEIHMvzgz29URvYCRHsb [email protected]
db2b上:
[email protected]:~/.ssh$ echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsI4m6nTRdaxviBLN9L8DONFj6Y3WUNzBgJsYKNfDfA/y+6ofF5eUgka2cJYeq06/0f+k7OeC4nJZL+pdcG5Syu20berO1KbIqE6hAZ8eUgbaoteR2/v1eySphV/kcus7NBOw611CKMLD1Q9sWLDsHqtZIlUdlnAX8EMAkwJImBuyLPYesOu/mejn6U474TUMS5WxfXpcoBPDTFvarZWLE2yhg6t//WDiuuileXtP+9T/zWBDyZmJSmc+EhnwvHqjCyylrRHHkks1B3ufYtzBM1HGt/MJKcOitkGshLJFHXam+ovNLU8D46RymZmOJOMMxxEIHMvzgz29URvYCRHsb [email protected]" >> authorized_keys
db2a上:
[email protected]:~/.ssh$ ssh db2b
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com/
New release '16.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Sat Jun 24 08:05:16 2017 from db2a
可以看到,ssh到db2b時就不用輸入密碼了。
雙向免密都配置完之後,可以測試下:
db2a到本機:
[email protected]:~/.ssh$ ssh db2a date
Sat Jun 24 08:37:01 PDT 2017
db2a到db2b:
[email protected]:~/.ssh$ ssh db2b date
Sat Jun 24 08:37:06 PDT 2017
db2b到本機:
[email protected]:~/.ssh$ ssh db2b date
Sat Jun 24 08:37:27 PDT 2017
db2b到db2a:
[email protected]:~/.ssh$ ssh db2a date
Sat Jun 24 08:37:33 PDT 2017
環境: 兩臺linux的機器,主機名分別為db2a、db2b,IP地址分別為192.168.187.141、192.168.187.142,都有一個名為qingsong的使用者
$ cat /etc/hosts
127.0.0.1 localhost
192.168.187.141 db2a
192.168.187.142 db2b
具體步驟:
1. 沒有配置ssh時,從db2a SSH到db2b時,每次都要輸入密碼:[email protected]:~$ ssh db2b
The authenticity of host 'db2b (192.168.187.142)' can't be established.
ECDSA key fingerprint is f2:94:73:e7:8e:6c:c4:50:aa:54:9c:15:57:61:bb:e6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'db2b,192.168.187.142' (ECDSA) to the list of known hosts.
[email protected]'s password: <--輸入密碼
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com/
New release '16.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Sat Jun 24 07:57:47 2017 from 192.168.187.1
[email protected]:~$ exit
logout
Connection to db2b closed.
[email protected]:~$ ssh db2b
[email protected]'s password: <--輸入密碼
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com/
New release '16.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Sat Jun 24 08:03:34 2017 from db2a
2. 配置SSH信任
看home目錄下有沒有名為 '.ssh'的資料夾,如果沒有,新建一個,兩個機器上執行的命令是相同的:
db2a上:
[email protected]:~/.ssh$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/qingsong/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/qingsong/.ssh/id_rsa.
Your public key has been saved in /home/qingsong/.ssh/id_rsa.pub.
The key fingerprint is:
a6:58:05:69:29:0c:a6:a3:ec:3d:54:2f:0a:b9:12:28 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| oo .o |
| o o +. |
|o + . |
|+.. . .. |
|E+ . ...S |
|o.= .o.o |
|.o +. . |
|. . |
| |
+-----------------+
[email protected]:~/.ssh$ ls
id_rsa id_rsa.pub known_hosts
[email protected]:~/.ssh$ touch authorized_keys
[email protected]:~/.ssh$ chmod 600 authorized_keys
db2b上:
[email protected]:~$ cd .ssh
[email protected]:~/.ssh$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/qingsong/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/qingsong/.ssh/id_rsa.
Your public key has been saved in /home/qingsong/.ssh/id_rsa.pub.
The key fingerprint is:
76:1a:39:eb:97:9b:31:28:ab:06:1f:ef:e9:7a:35:49 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| E. |
| .S.. |
| . . .+B |
| o o..+.o. |
| o o= o+ |
| .o*= ..o. |
+-----------------+
[email protected]:~/.ssh$ ls
id_rsa id_rsa.pub
[email protected]:~/.ssh$ touch authorized_keys
[email protected]:~/.ssh$ chmod 600 authorized_keys
這時候,只要把db2a中id_rsa.pub的內容追加到db2b的authorized_keys檔案裡,就可以實現使用者qingsong從db2a機SSH到db2b時,不用輸入密碼:
db2a上:
[email protected]:~/.ssh$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsI4m6nTRdaxviBLN9L8DONFj6Y3WUNzBgJsYKNfDfA/y+6ofF5eUgka2cJYeq06/0f+k7OeC4nJZL+pdcG5Syu20berO1KbIqE6hAZ8eUgbaoteR2/v1eySphV/kcus7NBOw611CKMLD1Q9sWLDsHqtZIlUdlnAX8EMAkwJImBuyLPYesOu/mejn6U474TUMS5WxfXpcoBPDTFvarZWLE2yhg6t//WDiuuileXtP+9T/zWBDyZmJSmc+EhnwvHqjCyylrRHHkks1B3ufYtzBM1HGt/MJKcOitkGshLJFHXam+ovNLU8D46RymZmOJOMMxxEIHMvzgz29URvYCRHsb [email protected]
db2b上:
[email protected]:~/.ssh$ echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsI4m6nTRdaxviBLN9L8DONFj6Y3WUNzBgJsYKNfDfA/y+6ofF5eUgka2cJYeq06/0f+k7OeC4nJZL+pdcG5Syu20berO1KbIqE6hAZ8eUgbaoteR2/v1eySphV/kcus7NBOw611CKMLD1Q9sWLDsHqtZIlUdlnAX8EMAkwJImBuyLPYesOu/mejn6U474TUMS5WxfXpcoBPDTFvarZWLE2yhg6t//WDiuuileXtP+9T/zWBDyZmJSmc+EhnwvHqjCyylrRHHkks1B3ufYtzBM1HGt/MJKcOitkGshLJFHXam+ovNLU8D46RymZmOJOMMxxEIHMvzgz29URvYCRHsb [email protected]" >> authorized_keys
db2a上:
[email protected]:~/.ssh$ ssh db2b
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 4.4.0-31-generic x86_64)
* Documentation: https://help.ubuntu.com/
New release '16.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Sat Jun 24 08:05:16 2017 from db2a
可以看到,ssh到db2b時就不用輸入密碼了。
同理,
如果想要使用者qingsong從db2b上SSH到db2a上時免密,只需要把db2b上的id_rsa.pub裡內容追加到db2a的authorized_keys裡;
如果想要SSH到本機免密(比如db2a到db2a),那麼只需要把自己id_rsa.pub的內容追加到自己的authorized_keys裡。雙向免密都配置完之後,可以測試下:
db2a到本機:
[email protected]:~/.ssh$ ssh db2a date
Sat Jun 24 08:37:01 PDT 2017
db2a到db2b:
[email protected]:~/.ssh$ ssh db2b date
Sat Jun 24 08:37:06 PDT 2017
db2b到本機:
[email protected]:~/.ssh$ ssh db2b date
Sat Jun 24 08:37:27 PDT 2017
db2b到db2a:
[email protected]:~/.ssh$ ssh db2a date
Sat Jun 24 08:37:33 PDT 2017