1. 机器列表
A:192.168.4.4
B:192.168.4.5
实现A免密钥登陆B
2. A生成密钥对
[root@A ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xfLhSq92OwFP30kH+K6QAQo1V38dTmjHdULaV66Zq8s root@A
The key's randomart image is:
+---[RSA 2048]----+
| .o ... o=o=|
| . o.. ..=+*+|
| . ...+ +.+o+|
| . .=o. .o=.|
| S+o+ ++o |
| . o= . +. |
| . .o .. |
| ..o... |
| ....oE. |
+----[SHA256]-----+
[root@A ~]# cd .ssh/
[root@A .ssh]# ls
id_rsa id_rsa.pub
id_rsa : 生成的私钥文件
id_rsa.pub : 生成的公钥文件
know_hosts : 已知的主机公钥清单
如果希望ssh公钥生效需满足至少下面两个条件:
1) .ssh目录的权限必须是700
2) .ssh/authorized_keys文件权限必须是600
3. 将生成的公钥scp到想要登陆的服务器 B,B服务器必须有 .ssh目录,如果没有就创建并授予700权限
[root@A .ssh]# scp -p ~/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys
[email protected]'s password:
id_rsa.pub
4. 验证
[root@A ~]# ssh 192.168.4.5
Last login: Thu Apr 19 10:32:54 2018 from 192.168.4.2