第一步:在主机A上生成公钥私钥对
#查看/root/.ssh/目录中是否有公钥私钥对 [root@localhost ~]# ll /root/.ssh/ total 4 -rw-r--r-- 1 root root 512 Sep 8 17:32 known_hosts #创建公钥私钥对(一直回车即可,创建的私钥会按照默认的格式创建) [root@localhost ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:7wpX+TirC3Bbbl/O+x1znXI3DEQ3A8BMRqwYbp0LuDY root@localhost.localdomain The key's randomart image is: +---[RSA 2048]----+ | *=.o.+ | | . .+. . o| | o + o . | | . = + .. | | . + S + . | | E + + o o o| | . = + + o. B+| | = o * o.*| | +++ +o. .| +----[SHA256]-----+
#看到/root/.ssh/目录中已生成公钥私钥对
[root@localhost ~]# ll /root/.ssh/
total 12
-rw------- 1 root root 1831 Sep 8 18:19 id_rsa
-rw-r--r-- 1 root root 408 Sep 8 18:19 id_rsa.pub
-rw-r--r-- 1 root root 512 Sep 8 17:32 known_hosts
第二步:通过ssh-copy-id命令将主机A公钥传给需要key验证的主机B
[root@localhost ~]# ssh-copy-id root@10.0.0.50 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@10.0.0.50's password: (输入50主机的root密码) Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@10.0.0.50'" and check to make sure that only the key(s) you wanted were added.
第三步:尝试基于key验证是否成功
[root@localhost ~]# ssh 10.0.0.50 Last login: Tue Sep 8 10:13:30 2020 from 10.0.0.8 操作系统注意事项: 1.不能随意使用root用户,如需使用请申请 2.操作前需对文件进行备份 3.请谨慎使用rm命令删除数据 [root@centos7 ~]#