Linux SSH 免密登录

1、配置ssh

（1）基本语法，ssh 另一台电脑的ip地址

[root@localhost ~]# ssh root@192.168.1.220
The authenticity of host '192.168.1.220 (192.168.1.220)' can't be established.
ECDSA key fingerprint is SHA256:alUAo2jDmPaBZ+doVQhEWERG8ap21Ibii0mpQko0d2s.
ECDSA key fingerprint is MD5:6c:e7:fe:f6:b4:a6:b1:e4:04:47:fc:6b:e6:51:55:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.220' (ECDSA) to the list of known hosts.
root@192.168.1.220's password: 
Last login: Thu Jan 30 16:40:58 2020 from 192.168.1.6
[root@localhost ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:c5:19:99 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.220/24 brd 192.168.1.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 2409:8a0c:12:a9b0:e7c8:b827:8589:fc7e/64 scope global noprefixroute dynamic 
       valid_lft 259123sec preferred_lft 172723sec
    inet6 fe80::448f:7a09:b3fa:48e0/64 scope link 
       valid_lft forever preferred_lft forever
[root@localhost ~]# exit
登出
Connection to 192.168.1.220 closed.

（2）ssh server服务(默认有)

[root@localhost ~]# rpm -qa | grep ssh
openssh-server-7.4p1-11.el7.x86_64
libssh2-1.4.3-10.el7_2.1.x86_64
openssh-7.4p1-11.el7.x86_64
openssh-clients-7.4p1-11.el7.x86_64

2、无密钥配置

（1）进入到我的home目录

[root@localhost ~]# cd ~/.ssh/

（2）生成公钥和私钥

[root@localhost .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:1mYFkSups5dRDiSGRTRT8BpW1Svcz/ZKtBtbjfq3o8c [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|     =Boo.++     |
|    . o=. ...    |
|     .oo.o o..   |
|     . o+.=.o    |
|      ..S=+. o.  |
|      o..o.  .+o.|
|       o o   .*.o|
|      . o    o Eo|
|       .    .oB+o|
+----[SHA256]-----+
注：敲三个回车，生成id_rsa（私钥）、id_rsa.pub（公钥）两个文件

（3）将公钥拷贝到要免密登录的目标机器上

[root@localhost .ssh]# ssh-copy-id 192.168.1.220
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.220's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.1.220'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost .ssh]# 

3、.ssh文件夹下的文件功能解释

known_hosts ：记录ssh访问过计算机的公钥(public key)
 
id_rsa  ：生成的私钥
 
id_rsa.pub  ：生成的公钥
 
authorized_keys ：存放授权过得无秘登录服务器公钥

[root@localhost .ssh]# ssh root@192.168.1.220
Last login: Thu Jan 30 16:42:03 2020 from 192.168.1.221
[root@localhost ~]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.220  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::448f:7a09:b3fa:48e0  prefixlen 64  scopeid 0x20<link>
        inet6 2409:8a0c:12:a9b0:e7c8:b827:8589:fc7e  prefixlen 64  scopeid 0x0<global>
        ether 00:0c:29:c5:19:99  txqueuelen 1000  (Ethernet)
        RX packets 105195  bytes 148908529 (142.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 23576  bytes 2633389 (2.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost ~]# exit
登出
Connection to 192.168.1.220 closed.