前言:
为了保证Linux 主机的安全,我们在登录每台主机时都设置了非常繁琐的密码来进行登录,但是有时因工作需要,还需要设置SSH免密登录。
以下为详细配置过程:
一、前期准备工作
两台服务器 A和B ,其中
A服务器的ip 地址为192.168.10.155 【静态ip】
B服务器的ip地址为192.168.10.154【静态ip】
二、服务器环境
A服务器系统环境如下:
[root@Backup1 data]# [root@Backup1 data]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@Backup1 data]# [root@Backup1 data]# uname -r 3.10.0-327.el7.x86_64 [root@Backup1 data]# [root@Backup1 data]# uname -a Linux Backup1 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@Backup1 data]# [root@Backup1 data]# uname -m x86_64 [root@Backup1 data]#
B服务器系统环境如下:
[root@Backup2 ~]# [root@Backup2 ~]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@Backup2 ~]# [root@Backup2 ~]# uname -a Linux Backup2 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@Backup2 ~]# [root@Backup2 ~]# uname -r 3.10.0-327.el7.x86_64 [root@Backup2 ~]# [root@Backup2 ~]# uname -m x86_64
三、开始配置
1、在每台服务器上配置hosts 文件,具体操作如下:
A服务器【ip :192.168.10.155】
[root@Backup1 data]# vim /etc/hosts #在其中添加A 服务器和B服务器 的IP 和对应的域名 192.168.10.154 Backup2 192.168.10.155 Backup1
然后 :wq!保存退出
B服务器【ip:192.168.10.154】:
[root@Backup2 ~]# [root@Backup2 ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.154 Backup2 192.168.10.155 Backup1
然后:wq!保存退出
2、配置免密登录,具体操作如下:
A服务器配置:
[root@Backup1 data]# [root@Backup1 data]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): 《==路径确认,直接回车保存默认路径即可 Enter passphrase (empty for no passphrase): 《==直接回车,我们不使用密码进行登陆,用密码太麻烦 Enter same passphrase again: 《==在次要求输入密码 我们直接回车 Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 。。。 The key's randomart image is: +--[ RSA 2048]----+ | | | . . | | + . o | | o . + . | | S + = + o| | o = E =.| | o o o oo | | . .o .| | .+. | +-----------------+ [root@Backup1 data]# [root@Backup2 /]# cd ~ [root@Backup2 ~]# cd .ssh [root@Backup2 .ssh]# ll total 16 -rw------- 1 root root 791 Nov 2 03:38 authorized_keys -rw------- 1 root root 1679 Nov 2 06:23 id_rsa -rw-r--r-- 1 root root 394 Nov 2 06:23 id_rsa.pub -rw-r--r-- 1 root root 966 Sep 9 08:40 known_hosts [root@Backup2 .ssh]#
3、复制公钥到其他服务器【B服务器】
[root@Backup1 data]# [root@Backup1 data]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.10.154 The authenticity of host '192.168.10.154 (192.168.10.154)' can't be established. 。。。 Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@192.168.10.154's password: Permission denied, please try again. root@192.168.10.154's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@192.168.10.154'" and check to make sure that only the key(s) you wanted were added. [root@Backup1 data]#
注意,在复制过程中会提示输入密码【192.168.10.154服务器的】
4、复制完成,免密登录配置完成
四、测试
1、我们在A服务器上 通过ssh 登录到B服务器,具体操作如下:
[root@Backup1 data]# ip addr | grep enp3s0 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 inet 192.168.10.155/24 brd 192.168.10.255 scope global enp3s0 [root@Backup1 data]# [root@Backup1 data]# ssh 192.168.10.154 Last login: Mon Nov 2 03:43:25 2020 from backup1 [root@Backup2 ~]# [root@Backup2 ~]# ip addr 2:。。。_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 。。。 inet 192.168.10.154/24 brd 192.168.10.255 scope global ens33 。。。 [root@Backup2 ~]#
2、通过主机名免密登录
[root@Backup1 data]# ssh Backup2 Last login: Mon Nov 2 04:09:04 2020 from backup1
扩展知识:
双向免密:
如果是双线免密,除了上述操作外,还需要在B服务器上做相同的操作,然后将B服务器上的公钥 复制到A服务器上,即可。
我是 肥肥运维 码字不易,如果觉得本文能够帮到你,请 关注 点赞 收藏,也许以后能用得到,谢谢。
文:@肥肥运维关注我,定期分享 网络,系统等技术干货 。
还没有评论,来说两句吧...