建立證書:

  1. [root@lnmp src]# ssh-keygen -t rsa
  2. Generating public/private rsa key pair.
  3. Enter file in which to save the key (/root/.ssh/id_rsa):
  4. Created directory '/root/.ssh'.
  5. Enter passphrase (empty for no passphrase): #這裡設入密碼123456
  6. Enter same passphrase again: #再次輸入密碼123456
  7. Your identification has been saved in /root/.ssh/id_rsa.
  8. Your public key has been saved in /root/.ssh/id_rsa.pub.
  9. The key fingerprint is:
  10. :e2::f5::::d1:::::e1::bd:c5 root@lnmp
  11. The key's randomart image is:
  12. +--[ RSA ]----+
  13. | .+**. |
  14. | +ooo+. |
  15. | o.= E |
  16. | = * o . |
  17. | o o o S |
  18. | . o |
  19. | |
  20. | |
  21. | |
  22. +-----------------+

這一步裡,系統將自動生成一個公鑰(public key)並儲存在/home/root/.ssh/id_rsa.pub這個檔案裡。

  1. [root@lnmp src]# ls /root/.ssh/id_rsa.pub
  2. /root/.ssh/id_rsa.pub

看一下里面的內容:

  1. [root@lnmp src]# cat /root/.ssh/id_rsa.pub
  2. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== root@lnmp

我們把公鑰(public key)複製到遠端機器上面去:

  1. [root@lnmp src]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.12
  2. The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
  3. RSA key fingerprint is 5e:5b:d3::cd::::a1::f2:ed:9c:ac::.
  4. Are you sure you want to continue connecting (yes/no)? yes
  5. Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.
  6. root@192.168.1.12's password: #輸入192.168.1.12的登入密碼
  7. Now try logging into the machine, with "ssh 'root@192.168.1.12'", and check in:
  8.  
  9. .ssh/authorized_keys
  10.  
  11. to make sure we haven't added extra keys that you weren't expecting.

注意ssh-copy-id將key寫到遠端機器的~/.ssh/authorized_key檔案中:

  1. [root@ok ~]# ls ~/.ssh/authorized_keys
  2. /root/.ssh/authorized_keys
  3. [root@ok ~]# cat ~/.ssh/authorized_keys
  4. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== root@lnmp

登入遠端機器192.168.1.12就不需要密碼了。

  1. [root@lnmp src]# ssh 192.168.1.12
  2. Enter passphrase for key '/root/.ssh/id_rsa': #輸入剛才生成公鑰的時候,設的密碼123456如果當時沒設的話就是空!!!
  3. Last login: Sun Sep :: from 192.168.1.103

=============================================================================

上面的測試還沒真正實現無密碼登入,下面從新做一邊:

刪除上面生成的公鑰和遠端機上的私鑰:

  1. root@lnmp .ssh]# ls
  2. id_rsa id_rsa.pub known_hosts
  3. [root@lnmp .ssh]# rm id_rsa
  4. rm: remove regular file `id_rsa'? y
  5. 刪除遠端機上的私鑰:
  6. [root@ok .ssh]# ls
  7. authorized_keys known_hosts known_hosts.bak
  8. [root@ok .ssh]# rm authorized_keys
  9. rm: remove regular file `authorized_keys'? y

重新生成公鑰:

  1. [root@lnmp .ssh]# rm id_rsa
  2. rm: remove regular file `id_rsa'? y
  3. [root@lnmp .ssh]# cd
  4. [root@lnmp ~]# ssh-keygen -t rsa
  5. Generating public/private rsa key pair.
  6. Enter file in which to save the key (/root/.ssh/id_rsa):
  7. Enter passphrase (empty for no passphrase): #這裡是空的話,就真正實現了,無需輸入密碼,登入遠端主機
  8. Enter same passphrase again:
  9. Your identification has been saved in /root/.ssh/id_rsa.
  10. Your public key has been saved in /root/.ssh/id_rsa.pub.
  11. The key fingerprint is:
  12. c9:fe::6a:7c:e1:2a:ba:aa:6e:2c:f0:ee::7d:af root@lnmp
  13. The key's randomart image is:
  14. +--[ RSA ]----+
  15. | |
  16. | |
  17. | |
  18. | . . |
  19. | S |
  20. |. . . |
  21. |o+ ...o. |
  22. |oo+ . . o=o |
  23. |==++E=.ooo. |
  24. +-----------------+
  25. [root@lnmp ~]# ls ~/.ssh/
  26. id_rsa id_rsa.pub known_hosts
  27. [root@lnmp ~]# ls ~/.ssh/id_rsa
  28. /root/.ssh/id_rsa
  29. [root@lnmp ~]# cat ~/.ssh/id_rsa
  30. -----BEGIN RSA PRIVATE KEY-----
  31. MIIEoQIBAAKCAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vt
  32. gPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspU
  33. Ir5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJ
  34. I2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+Lh
  35. C6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/U
  36. MduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQIBIwKCAQBr8lzU9JeTA/4bRS1m
  37. /5okO0DbGtnOJqc6DLCArrs1V9I9bykov9VKHDHLIk5fAncmw/+T8bE7nOqgOj8I
  38. g8sCMny7aImQDlXxD9EYDk/7GS/g1DxNYAlGvDBMfTHkLAt1vhlqAoWPAvxzAAvz
  39. Po4x9cowDxaBOvix1omSYwe3O2xBQ9c7W4RXMdArzFQluC16gqtjt7DZnloNSbex
  40. gXDAsKCn62NFuiUTRz2+3B5j4/ryE7vljmZbx482yAsVMAg9ZpvfRfoFqafJ9+IG
  41. YUySna/hD5SfZJPd3W4anmuLsRqUiA7RTv9OEvddVYDFn5yL0uo53qoYuLwicxQr
  42. +qwLAoGBAPm2cvvsKXXl8S2jL0AXMJ27lHmgeVhcOwYW0d0Iw5wRkUt2UNcj3fqd
  43. OLjb5Ee8ZQbFPMqAUOHexgaTziPZ4kYTqckVUymLM3nX+rcDjdzHb6P+UGyrZdB9
  44. kYQ7O6VZz2egnHY93zYCt4+Ooy6XipCWjtr9C32OjEzUppd5lAHZAoGBAMvbHBGT
  45. /TRa3xmYCzKHRPKUPz7jNngZ2F9nh8FOdXJ3SU4ancG/RXfLYhjuZzmQrDLpjzWu
  46. lrA9l8Ey/EJEJtFbk9JqdGUi+rYhjNIsp/plEzycDGYcvcD/tGy7auoWycv9+0Ko
  47. T901vXAEuq4t+XDUYz+Z552atbmoISo/XG6xAoGBAORPCgrmjE6JFwUne6hPt2uk
  48. L/osUa/fS+hPYMoWpDbrfYbSkw3XpmF5zXXQW69NKSrC9cB1UUOJ2Z+dFD4JCWSk
  49. Q3YE3lHeWvMOnBUKkFTTmUV6zTAnrYtrfbq50CImOfhYVIldI9mcFYqRCjk6GEmu
  50. OXfCyK1PITBNZRzG7biLAoGAaNcVv+W1a2HvFHoUYyD+4yerf22JuhvrnseHpT5L
  51. B6sPwcSLpXhPnLG9a+hSWB6EcfR1iVJ5YfPKY1wMtF2QTmmcetepkxlNvMDMFFF6
  52. 9c2U3VeRWRYYceKXTdy6pEY75UDKXMuWyYlaHFo0HxBUZemSILWNDzmfSYmqqANU
  53. G6sCgYAr/Fom3TlFZ9RzYtMLVYeS0U0OZ7Lerrv/3hOtXgEc7frp3MFPEdCwvVI2
  54. zSDPMx7Ts44OalQdIbDi9tdJJeCLCWY3TvLoi1O0blPhwi+uKwtDsPACfIZ+3MLi
  55. zCUhHxkwjKxrvI6BmYPzOAazob10HWfLhppKtotiwH3BfudICg==
  56. -----END RSA PRIVATE KEY-----

用ssh-copy-id將公鑰複製到遠端機器中:

  1. [root@lnmp ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.12
  2. root@192.168.1.12's password:
  3. Now try logging into the machine, with "ssh 'root@192.168.1.12'", and check in:
  4.  
  5. .ssh/authorized_keys
  6.  
  7. to make sure we haven't added extra keys that you weren't expecting.

檢視遠端主機上生成的私鑰:

  1. [root@ok ~]# cat ~/.ssh/authorized_keys
  2. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vtgPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspUIr5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJI2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+LhC6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/UMduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQ== root@lnmp

成功實現無密碼登入:

  1. [root@lnmp ~]# ssh 192.168.1.12
  2. Last login: Sun Sep :: from 192.168.1.105

特別注意一定要把私鑰保管好,如果被其它的伺服器得到,那麼這臺得到你的私鑰的伺服器將可以無密碼豋錄所有認證過的伺服器!!!!!