zoukankan      html  css  js  c++  java
  • Linux配置ssh免密码登陆

    1. 两台机器之间免密码登陆配置

    这里我拿自己的两台机器(node1,node2)为例,介绍如何配置免密码登陆,这里我配置用户wxyuan的免密码登陆
    (1) 登陆node1机器,执行ssh-keygen -t rsa 命令生成公钥和私钥

    [wxyuan@node1 ~]$ ssh-keygen -t rsa
    # 连续三次回车,即在本地生成了公钥和私钥,不设置密码,默认存储在 ~/.ssh目录下
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/wxyuan/.ssh/id_rsa):  
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/wxyuan/.ssh/id_rsa.
    Your public key has been saved in /home/wxyuan/.ssh/id_rsa.pub.
    The key fingerprint is:
    45:ae:bf:00:5a:69:80:16:a9:34:b8:39:54:3a:ca:ee wxyuan@node1
    The key's randomart image is:
    +--[ RSA 2048]----+
    |. oo      .      |
    |.+oo     o       |
    |o*+ .     o      |
    |B..  . . o       |
    |.o    = S        |
    |.    + . .       |
    | .  .   . .      |
    |.        . .     |
    | E        .      |
    +-----------------+
    [wxyuan@node1 .ssh]$ ll
    总用量 12
    -rw------- 1 wxyuan wxyuan 1675 5月  25 16:01 id_rsa
    -rw-r--r-- 1 wxyuan wxyuan  394 5月  25 16:01 id_rsa.pub
    

    (2) 登陆node2机器,执行ssh-keygen -t rsa 命令生成公钥和私钥

    [wxyuan@node2 ~]$ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/wxyuan/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/wxyuan/.ssh/id_rsa.
    Your public key has been saved in /home/wxyuan/.ssh/id_rsa.pub.
    The key fingerprint is:
    56:c7:d5:df:be:ba:f4:09:74:e0:81:be:49:bb:29:2d wxyuan@node2
    The key's randomart image is:
    +--[ RSA 2048]----+
    |              .. |
    |           ...  .|
    |          ..oo  o|
    |         .... o o|
    |        S  o o o |
    |       .  . = . .|
    |          .+ o  .|
    |         E .+ o..|
    |          oo ooo |
    +-----------------+
    

    (3) 在node1的.ssh目录下创建authorized_keys文件,然后将node1和node2的id_rsa.pub文件内容保存到authorized_keys

    [wxyuan@node2 .ssh]$ ll
    总用量 12
    -rw-r----- 1 wxyuan wxyuan 1182 5月  25 16:06 authorized_keys
    -rw------- 1 wxyuan wxyuan 1675 5月  25 16:03 id_rsa
    -rw-r--r-- 1 wxyuan wxyuan  394 5月  25 16:03 id_rsa.pub
    [wxyuan@node2 .ssh]$ cat authorized_keys
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA38ylacLk4Pri8nN27yist2NkRCjQRKcflNPzkl9eOfx16M+HZ8gKQ+ZRvBzF9NUA5FLGpG9DmoYJ+EWmUHjfJaGt7mXIuOzYMyaHV5i/Lk28PkiZIzag5LIiR8bR6/0JnMXuZtCEvICdkzmGwIcQRmSLMbyAKhhirqFHiJDST8d3gDzIDM6B+NHG0ZWypNuj4GEIgy6xRFy3C895ZIp+4OzB4y0fDEbIxJdRWLkZGX6AD5fdQnNehCwrMtso9xZUIVPxztQWmkAPs+zjIqxXtEPFGNmtCvQPwwi0+aQn++ENoTYj2V6WWLlZw+T3KHkxawXbqpMf85al+k0Ce7DTIw== wxyuan@node1
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvzr7kzqcviS59yEsQemZakM2Qk94wWw42dVaEq1lQ8QGtBNerl9C4vVY5ZJbw20D7uHmCs13lZgV6OVfjJDoxwgsLmIjTDAxfR3L+sqnN+Tk90PFeCx9i5Rbb/as3lnNiZaISzFa8UjHRszIZsijgnGXgU1CLk1TijGq9L+4JDtHUPr8nvd+2apkeqZsU7I+pOhvXrR5RhkVbFpIgLpwPhNiGqIiG0YqBdUcKO8GmHZlM2rG2U5IAM0nlUmVHjSuTjrnjY3SL8ye1v8nl1CcLv5qNZEHtceH4LhibAYab+KcJsPzcja++2vyfY6VGLNIMZeETkA630K9VHWoYTei1w== wxyuan@node2
    

    (4) 同样地,在node2的.ssh目录下创建authorized_keys文件,然后将node1和node2的id_rsa.pub文件内容保存到authorized_keys
    (5) 测试免密码登陆

    [wxyuan@node1 .ssh]$ ssh node2
    Last login: Fri May 25 16:22:53 2018 from node1
    [wxyuan@node2 ~]$ ssh node1
    Last login: Fri May 25 16:56:33 2018 from node2
    [wxyuan@node1 ~]$ 
    

    2. 多台机器配置免密码登陆

    当需要配置免密码的登陆的机器较多时,比如说几十台(A,B,C,D.....),如果安装上面的方法,是比较繁琐的,而且很容易出错。所以,这里介绍一种较省力的方法。
    (1) 登陆A机器,执行ssh-keygen -t rsa 命令生成公钥和私钥;
    (2) 在A机器的.ssh目录下创建authorized_keys文件,将id_rsa.pub文件内容保存到authorized_keys(cat id_rsa.pub > authorized_keys),然后把authorized_keys文件复制到B机器;
    (3) 登陆B机器,执行ssh-keygen -t rsa 命令生成公钥和私钥,然后将id_rsa.pub文件内容追加保存到authorized_keys文件末尾(cat id_rsa.pub >> authorized_keys),同时把authorized_keys文件复制到C机器;
    (4) 登陆C机器,执行ssh-keygen -t rsa 命令生成公钥和私钥,然后将id_rsa.pub文件内容追加保存到authorized_keys文件末尾(cat id_rsa.pub >> authorized_keys),同时把authorized_keys文件复制到D机器;
    (5) 以此类推,直到最后一台机器的id_rsa.pub文件内容追加保存到authorized_keys文件末尾;
    (6) 将authorized_keys文件复制到其它所有机器的.ssh目录下。
    到此,所有机器之间的免密码登陆配置完成,接下来测试一下能否成功就可以了。

    3. 配置完免密码登陆后不生效的问题

    如果免密码登陆配置完成后,仍然不能实现免密登陆,很可能是权限问题造成的,这里说明几个文件和目录的权限,供参考。
    (1) 修改id_rsa文件的权限为600
    (2) 修改id_rsa.pub文件的权限为644
    (3) 修改authorized_keys文件的权限为640或600
    (4) 修改.ssh文件夹的权限为700
    (5) 修改实现免密码登陆的用户目录权限(即用户家目录权限)为700或755
    注意:上面说明的几个文件和目录的权限都要保证正确,如果上面的文件或目录权限都正确,但免密码登陆仍然不生效,你可以借助ssh -v命令打印登陆信息,查看失败的原因。

  • 相关阅读:
    LeetCode 1275. 找出井字棋的获胜者 Find Winner on a Tic Tac Toe Game
    LeetCode 307. 区域和检索
    LeetCode 1271 十六进制魔术数字 Hexspeak
    秋实大哥与花 线段树模板
    AcWing 835. Trie字符串统计
    Leetcode 216. 组合总和 III
    Mybatis 示例之 复杂(complex)属性(property)
    Mybatis 示例之 复杂(complex)属性(property)
    Mybatis 高级结果映射 ResultMap Association Collection
    Mybatis 高级结果映射 ResultMap Association Collection
  • 原文地址:https://www.cnblogs.com/leekeggs/p/9347289.html
Copyright © 2011-2022 走看看