两台Linux主机需要从其中一台ssh至另外一台需要手动输入密码,通过以下设置免密码登录
在需要远程登录的源主机生成秘钥,例如需要在Jenkins远程登录其他主机用于构建发送文件则在Jenkins主机上面执行
ssh-keygen -t rsa
会在文件夹/root/.ssh下面生产公钥和私钥
把秘钥复制至需要免密登录的目的远程主机,第一次拷贝需要输入一次密码
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.1.3.4
会在远程主机的文件夹/root/.ssh下面自动生成文件authorized_keys 文件内容为公钥id_ras.pub一样
也可以直接把公钥复制编辑需要远程登录的主机的/root/.ssh/authorized_keys文件
验证能否免密登录
ssh 10.1.3.4
拍错
在需要登录的远程主机跟换以后但是ip保存原来的进行秘钥拷贝时候会出现以下错误提示
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)! ERROR: It is also possible that a host key has just been changed. ERROR: The fingerprint for the ECDSA key sent by the remote host is ERROR: SHA256:pTp06EZ6R6ntAYVjQSD3I2/Zy8BPxWj3NVL10SmrSWI. ERROR: Please contact your system administrator. ERROR: Add correct host key in /root/.ssh/known_hosts to get rid of this message. ERROR: Offending ECDSA key in /root/.ssh/known_hosts:35 ERROR: ECDSA host key for 192.168.1.99 has changed and you have requested strict checking. ERROR: Host key verification failed.
解决办法
删除/root/.ssh/known_hosts对应主机哪行重新拷贝秘钥
如果远程主机无法直接root登录可以使用以下命令拷贝秘钥
ssh-copy-id -i ~/.ssh/id_rsa.pub username@$ip
用户名+@+IP地址