linux 实现多台主机无密码ssh
linux 主机之间实现无密码登录
- 服务器A ip:192.168.0.100 ssh port 10086 (默认是22)
- 服务器B ip:192.168.0.101 ssh port 10086 (默认是22)
- 服务器C ip:192.168.0.102 ssh port 10086 (默认是22)
- 服务器A 操作:生成密钥对
[root@www ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 9a:c4:4a:39:96:88:c6:be:58:8b:a8:33:13:0a:be:34 [email protected] The key's randomart image is: +--[ RSA 2048]----+ | | | | | | |.. . + | |.o. * o S | |= o + o | |+E. . o | |O+o. | |**o | -----------------+
- 生成结果在当前用户根目录~/.ssh/
- 里面有id_rsa(私钥)和id_rsa.pub(公钥)
- 此时确定下.ssh 目录权限是 770
- 确定 id_rsa 权限是 600
- 确定 id_rsa.pub 权限是 644
drwx------ 2 root root 4096 Dec 9 22:55 .ssh -rw------- 1 root root 1671 Dec 9 22:55 id_rsa -rw-r--r-- 1 root root 401 Dec 9 22:55 id_rsa.pub
2. 将公钥添加到需要无密码登陆的服务器B的名为authorized_keys文件里
[root@www ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub '-p 10086 [email protected]' The authenticity of host '191.168.0.100 (191.168.0.100)' can't be established. RSA key fingerprint is 04:0d:7e:b7:73:f2:60:b4:df:fe:1e:1e:bd:49:86:d4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '191.168.0.100' (RSA) to the list of known hosts. [email protected]'s password: Now try logging into the machine, with "ssh '-p 10086 [email protected]'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@www ~]#
- 这里会让你输入主机里的密码用户是root ([email protected]) 你也可以用其他账号
- 请注意 ssh-copy-id -i ~/.ssh/id_rsa.pub ' -p 10086 [email protected]'
- 上面黑体加粗的地方因为服务器B的端口是改过的默认是22,(安全起见)改成其他端口,需要用引号包起来.
- 试试在服务器A上直接 ssh -p 10086 [email protected]
- 祝君成功!
备注:
- 如果是单机做无密码登陆,将服务器A生成的id_rsa.pub copy 到 服务器B .ssh 目录下并改名为authorized_keys
- 如果是多台服务器用 ssh-copy-id 命令