需求描述:
192.168.31.10
服务器的yunwei账号,想要免密登陆到 192.168.31.15
服务器上。
直接 ssh root@192.168.31.15
这样登陆,不用输入密码。
实现:
1、在10机器上,创建运维账号。
[root@docker01 ~]# id yunwei 检查yunwei账号是否存在
id: yunwei: no such user
[root@docker01 ~]# useradd yunwei 创建yunwei账号
[root@docker01 ~]# su - yunwei 切换到yunwei账号
[yunwei@docker01 ~]$ pwd
/home/yunwei
2、在yunwei账号下创建密钥
[yunwei@docker01 ~]$ ssh-keygen 创建密钥,一路回车
Generating public/private rsa key pair.
Enter file in which to save the key (/home/yunwei/.ssh/id_rsa):
Created directory '/home/yunwei/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/yunwei/.ssh/id_rsa.
Your public key has been saved in /home/yunwei/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:kLXaRvzgGOqF62RyGWKGUekspD39l0pudQBt1MQp3NU yunwei@docker01
The key's randomart image is:
+---[RSA 2048]----+
| .. +o=.o.. |
| o. .+=.= E |
|++ . +o=. |
|oo= .o O.o |
|..+.+.+ So. |
| o o =o.+ . |
| . Bo + . |
| * + |
| .. |
+----[SHA256]-----+
检查密钥是否创建成功
[yunwei@docker01 ~]$ pwd
/home/yunwei
[yunwei@docker01 ~]$ ll -a
total 12
drwx------. 5 yunwei yunwei 103 Mar 25 23:18 .
drwxr-xr-x. 16 root root 177 Mar 25 23:17 ..
-rw-r--r--. 1 yunwei yunwei 18 Mar 31 2020 .bash_logout
-rw-r--r--. 1 yunwei yunwei 193 Mar 31 2020 .bash_profile
-rw-r--r--. 1 yunwei yunwei 231 Mar 31 2020 .bashrc
drwxrwxr-x. 3 yunwei yunwei 18 Mar 25 23:17 .cache
drwxrwxr-x. 3 yunwei yunwei 18 Mar 25 23:17 .config
drwx------. 2 yunwei yunwei 38 Mar 25 23:18 .ssh
[yunwei@docker01 ~]$ cd .ssh/
[yunwei@docker01 .ssh]$ ls
id_rsa id_rsa.pub
3、复制密钥到15服务器
[yunwei@docker01 .ssh]$ ssh-copy-id root@192.168.31.15 复制密钥到15机器
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/yunwei/.ssh/id_rsa.pub"
The authenticity of host '192.168.31.15 (192.168.31.15)' can't be established.
ECDSA key fingerprint is SHA256:v3zhW/rvSt+T7QfAnIDIiHhbALRLNiLzl8Hg3TAZQCA.
ECDSA key fingerprint is MD5:cf:b8:e1:f6:a5:61:60:f0:77:aa:f3:76:ab:d2:ce:9b.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.31.15's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.31.15'"
and check to make sure that only the key(s) you wanted were added.
4、验证免密登陆
[yunwei@docker01 .ssh]$ ssh root@192.168.31.15
Last login: Sun Mar 26 11:21:02 2023 from 192.168.31.1
补充:优化密钥创建方式,免交互创建密钥
[yunwei@docker01 .ssh]$ ssh-keygen -P '' -f id_rsa 免交互方式,创建密钥
Generating public/private rsa key pair.
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
SHA256:hXuSBtV1o1D1PfIyG/+iC1IFnZh8Q3NGf5eiuQ8IExQ yunwei@docker01
The key's randomart image is:
+---[RSA 2048]----+
| EoooB=+B |
| .. .=o=* +o|
| ... ..o+ o*|
| ..+ .o + +|
| oS oo + . |
| .o+. . * |
| ...o . . |
| . .o . .|
| o+ ..|
+----[SHA256]-----+
[yunwei@docker01 .ssh]$ ls
id_rsa id_rsa.pub known_hosts
参数说明:
参数说明:
-t 指定要创建的密钥类型
dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | RSA
可能的值为“dsa”、“ecdsa”、“ecdsa-sk”、“ed25519”、“ed25519-sk”或“rsa”。
当使用 RSA CA 密钥签署证书时,此标志还可用于指定所需的签名类型。可用的 RSA 签名变体是“ssh-rsa”(SHA1 签名,不推荐)、“rsa-sha2-256”和“rsa-sha2-512”(默认值)
-P 密码
提供(旧)密码。
这里的密码,是密钥的密码,不是远程主机的密码,随便设置。但是,这就失去了免密登陆的意义。因为,设置了这个后,登陆远程主机时,就必须输入密钥密码。
所以,一般这个指指定为空即可。
-f 文件名
指定密钥文件的文件名
这里的文件名,必须指定为 id_rsa
,不然,把密钥推送到目标机器,依然无法实现免密登陆。
总结:
就三个命令
cd 进入当前账号家目录
ssh-keygen 连续三次回车
ssh-copy-id 192.168.31.15 复制公钥到hadoop104服务器,这样,就可以免密访问hadoop104服务器
这里用户账号省略,则使用当前账号进行免密登陆
比如,当前账号是 test
ssh-copy-id 192.168.31.15 等价与 ssh-copy-id test@192.168.31.15
实现的效果是,当前服务器的 test
账号可以免密登陆 15
服务器的 test
账号
参考资料:https://www.cnblogs.com/dirigent/p/16636545.html
—— 评论区 ——