1. ssh免密登录

  通常在服务集群部署操作时,我们希望能够从其中一台服务器通过SSH免密码登录到另一台服务器,或者互相复制文件时,免去输入密码等便捷操作。

2. 生成密钥

  指令: ssh-keygen -t rsa

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
[root@es-node1 .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
# 输入文件名(可不输)
Enter file in which to save the key (/root/.ssh/id_rsa):
# 输入密码(可不输)
Enter passphrase (empty for no passphrase):
# 输入确认密码(可不输)
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9FmE70cLjCJTIvnMVnCMTTXjgywgGmFOLYC76g432m0 root@es-node1
The key's randomart image is:
+---[RSA 2048]----+
|*+o ...*o.+.. |
|=+ oo.oo=o.+ |
|.o. =.++ o+. |
|. Bo...++ . |
| . . oS.o. o . |
|. . o |
|o o . |
|o+ oE |
|+o... |
+----[SHA256]-----+

3. 将公钥传输给远程机器

  指令: ssh-copy-id -i 文件 用户@主机ip; 重复操作保证多服务器互相拥有彼此公钥。

1
2
3
4
5
6
7
8
9
10
11
[root@es-node1 .ssh]# ssh-copy-id -i ./id_rsa.pub root@es-node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "./id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
# 输入登录密码
root@es-node2's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@es-node2'"
and check to make sure that only the key(s) you wanted were added.

4. 查看认证信息

  .ssh目录在linux服务器~目录下, 如果没有可以先ssh ip进行访问一次,自动生成该目录.

1
2
3
[root@es-node1 .ssh]# cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoelnEY7xakhRf5HwU4Lc6Eeq1N3ay6uI7sjOJq/rtDDpLOHjrYTtTDTvYWNcwh2mJej/Pmeu1vVmdHyu9rKcDNldNgjnGXAZCBuSDHZw7gBDcyNMoB4HEEQmIF7vBv5mRYcyxUT0OXp2s7f6xG6dL8QNUAletZSvrLURbTlxtqQpQ+DOyl3Y0Vt78AaxLf19SDEYt47hq/t3k428U83huL88uG5xl+d3R1kKs4W+vDEztTSgDpL7lzUCUKpK3bxUHgWVVebGH5lYSr3t+GmT0Hw2UKPeQuC8N5AQ2TY6jTO8b8S93He+Dr+jt9S92zktS33pNhXfe+5wZNL0B7hZX root@es-node2
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbeSqiunNtgCYoXLWJRKIBuN5Lfs/8ATendF7v233KJ51ONYM7p9G3uxkuhaRJD1FRX44Tpb0//lxuh3rEQnZS9BGAe55vhlW9Dcr6f5/VgiO4eo6H3F3xK7wmjqy6reHwQvbe/679K0ZGumlvJZ5zm2gsNL+IyDcxUIgSLRe2gHKjZnxHpfcQRltujqj3gU3dEABpYXDe7Pbc67yvqZXK5wVDDAieWJVzGHHwD5Wkr3nwNy8TM+Nc09/5BRqgdBCu752y1XV2u1UEID9WSz4OO5EVyjcG9a+QA5yFlFvh/p9yovnik1S/NnJmtHU0UknDsqRolwRNVx3phGk8NfUN root@es-node3

5. 测试是否生效

  指令:ssh [ip](因为我配了hosts文件, 所以可以直接使用别名访问.)

1
2
3
4
# 切换
[root@es-node1 ~]# ssh es-node2
Last login: Wed Jul 24 04:52:46 2019 from es-node1
[root@es-node2 ~]#

最后更新: 2019年07月24日 20:23

原始链接: http://www.lmaye.com/2019/07/24/20190724180814/

× 多少都行~
打赏二维码