建立證書:
- [root@lnmp src]# ssh-keygen -t rsa
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa):
- Created directory '/root/.ssh'.
- Enter passphrase (empty for no passphrase): #這裡設入密碼123456
- Enter same passphrase again: #再次輸入密碼123456
- Your identification has been saved in /root/.ssh/id_rsa.
- Your public key has been saved in /root/.ssh/id_rsa.pub.
- The key fingerprint is:
- :e2::f5::::d1:::::e1::bd:c5 root@lnmp
- The key's randomart image is:
- +--[ RSA ]----+
- | .+**. |
- | +ooo+. |
- | o.= E |
- | = * o . |
- | o o o S |
- | . o |
- | |
- | |
- | |
- +-----------------+
這一步裡,系統將自動生成一個公鑰(public key)並儲存在/home/root/.ssh/id_rsa.pub這個檔案裡。
- [root@lnmp src]# ls /root/.ssh/id_rsa.pub
- /root/.ssh/id_rsa.pub
看一下里面的內容:
- [root@lnmp src]# cat /root/.ssh/id_rsa.pub
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== root@lnmp
我們把公鑰(public key)複製到遠端機器上面去:
- [root@lnmp src]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.12
- The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
- RSA key fingerprint is 5e:5b:d3::cd::::a1::f2:ed:9c:ac::.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.
- root@192.168.1.12's password: #輸入192.168.1.12的登入密碼
- Now try logging into the machine, with "ssh 'root@192.168.1.12'", and check in:
- .ssh/authorized_keys
- to make sure we haven't added extra keys that you weren't expecting.
注意ssh-copy-id將key寫到遠端機器的~/.ssh/authorized_key檔案中:
- [root@ok ~]# ls ~/.ssh/authorized_keys
- /root/.ssh/authorized_keys
- [root@ok ~]# cat ~/.ssh/authorized_keys
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== root@lnmp
登入遠端機器192.168.1.12就不需要密碼了。
- [root@lnmp src]# ssh 192.168.1.12
- Enter passphrase for key '/root/.ssh/id_rsa': #輸入剛才生成公鑰的時候,設的密碼123456如果當時沒設的話就是空!!!
- Last login: Sun Sep :: from 192.168.1.103
=============================================================================
上面的測試還沒真正實現無密碼登入,下面從新做一邊:
刪除上面生成的公鑰和遠端機上的私鑰:
- root@lnmp .ssh]# ls
- id_rsa id_rsa.pub known_hosts
- [root@lnmp .ssh]# rm id_rsa
- rm: remove regular file `id_rsa'? y
- 刪除遠端機上的私鑰:
- [root@ok .ssh]# ls
- authorized_keys known_hosts known_hosts.bak
- [root@ok .ssh]# rm authorized_keys
- rm: remove regular file `authorized_keys'? y
重新生成公鑰:
- [root@lnmp .ssh]# rm id_rsa
- rm: remove regular file `id_rsa'? y
- [root@lnmp .ssh]# cd
- [root@lnmp ~]# ssh-keygen -t rsa
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa):
- Enter passphrase (empty for no passphrase): #這裡是空的話,就真正實現了,無需輸入密碼,登入遠端主機
- Enter same passphrase again:
- Your identification has been saved in /root/.ssh/id_rsa.
- Your public key has been saved in /root/.ssh/id_rsa.pub.
- The key fingerprint is:
- c9:fe::6a:7c:e1:2a:ba:aa:6e:2c:f0:ee::7d:af root@lnmp
- The key's randomart image is:
- +--[ RSA ]----+
- | |
- | |
- | |
- | . . |
- | S |
- |. . . |
- |o+ ...o. |
- |oo+ . . o=o |
- |==++E=.ooo. |
- +-----------------+
- [root@lnmp ~]# ls ~/.ssh/
- id_rsa id_rsa.pub known_hosts
- [root@lnmp ~]# ls ~/.ssh/id_rsa
- /root/.ssh/id_rsa
- [root@lnmp ~]# cat ~/.ssh/id_rsa
- -----BEGIN RSA PRIVATE KEY-----
- MIIEoQIBAAKCAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vt
- gPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspU
- Ir5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJ
- I2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+Lh
- C6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/U
- MduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQIBIwKCAQBr8lzU9JeTA/4bRS1m
- /5okO0DbGtnOJqc6DLCArrs1V9I9bykov9VKHDHLIk5fAncmw/+T8bE7nOqgOj8I
- g8sCMny7aImQDlXxD9EYDk/7GS/g1DxNYAlGvDBMfTHkLAt1vhlqAoWPAvxzAAvz
- Po4x9cowDxaBOvix1omSYwe3O2xBQ9c7W4RXMdArzFQluC16gqtjt7DZnloNSbex
- gXDAsKCn62NFuiUTRz2+3B5j4/ryE7vljmZbx482yAsVMAg9ZpvfRfoFqafJ9+IG
- YUySna/hD5SfZJPd3W4anmuLsRqUiA7RTv9OEvddVYDFn5yL0uo53qoYuLwicxQr
- +qwLAoGBAPm2cvvsKXXl8S2jL0AXMJ27lHmgeVhcOwYW0d0Iw5wRkUt2UNcj3fqd
- OLjb5Ee8ZQbFPMqAUOHexgaTziPZ4kYTqckVUymLM3nX+rcDjdzHb6P+UGyrZdB9
- kYQ7O6VZz2egnHY93zYCt4+Ooy6XipCWjtr9C32OjEzUppd5lAHZAoGBAMvbHBGT
- /TRa3xmYCzKHRPKUPz7jNngZ2F9nh8FOdXJ3SU4ancG/RXfLYhjuZzmQrDLpjzWu
- lrA9l8Ey/EJEJtFbk9JqdGUi+rYhjNIsp/plEzycDGYcvcD/tGy7auoWycv9+0Ko
- T901vXAEuq4t+XDUYz+Z552atbmoISo/XG6xAoGBAORPCgrmjE6JFwUne6hPt2uk
- L/osUa/fS+hPYMoWpDbrfYbSkw3XpmF5zXXQW69NKSrC9cB1UUOJ2Z+dFD4JCWSk
- Q3YE3lHeWvMOnBUKkFTTmUV6zTAnrYtrfbq50CImOfhYVIldI9mcFYqRCjk6GEmu
- OXfCyK1PITBNZRzG7biLAoGAaNcVv+W1a2HvFHoUYyD+4yerf22JuhvrnseHpT5L
- B6sPwcSLpXhPnLG9a+hSWB6EcfR1iVJ5YfPKY1wMtF2QTmmcetepkxlNvMDMFFF6
- 9c2U3VeRWRYYceKXTdy6pEY75UDKXMuWyYlaHFo0HxBUZemSILWNDzmfSYmqqANU
- G6sCgYAr/Fom3TlFZ9RzYtMLVYeS0U0OZ7Lerrv/3hOtXgEc7frp3MFPEdCwvVI2
- zSDPMx7Ts44OalQdIbDi9tdJJeCLCWY3TvLoi1O0blPhwi+uKwtDsPACfIZ+3MLi
- zCUhHxkwjKxrvI6BmYPzOAazob10HWfLhppKtotiwH3BfudICg==
- -----END RSA PRIVATE KEY-----
用ssh-copy-id將公鑰複製到遠端機器中:
- [root@lnmp ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.12
- root@192.168.1.12's password:
- Now try logging into the machine, with "ssh 'root@192.168.1.12'", and check in:
- .ssh/authorized_keys
- to make sure we haven't added extra keys that you weren't expecting.
檢視遠端主機上生成的私鑰:
- [root@ok ~]# cat ~/.ssh/authorized_keys
- ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vtgPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspUIr5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJI2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+LhC6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/UMduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQ== root@lnmp
成功實現無密碼登入:
- [root@lnmp ~]# ssh 192.168.1.12
- Last login: Sun Sep :: from 192.168.1.105
特別注意一定要把私鑰保管好,如果被其它的伺服器得到,那麼這臺得到你的私鑰的伺服器將可以無密碼豋錄所有認證過的伺服器!!!!!