详解SSH如何配置key免密码登录

技术  /  管理员 发布于 8年前   232

如何使用

直接指定ip然后-i 指定key文件，然后指定用户

ssh 1.1.1.1 -i Test1 -l userxxx

不指定用户实际上就是使用当前的本机登陆的用户名去登陆远端主机，比如本地用户是AAA，那么：

ssh 1.1.1.1 -i Test1

等同于

ssh 1.1.1.1 -i Test1 -l AAA

这里要注意，生成的key是和一对用户绑定的，生成key的用户以及存储这个key的公钥的远端主机的用户。ssh的原理就是，公钥给人家，自己留秘钥，远端主机的其他用户也是无法看到这个指定的用户的接受到的公钥的，所以用户是一对一的。

比如我在test-server 下面的azuo1228生成key，然后拷贝到远端主机dest-server去使用，那么放在远端主机的哪个 用户home目录下面，对应的远端主机的这个用户才可以被无密码登陆，并不等于对远端主机的其他用户也能免密码登陆。

开始操作

1.生成key：

[azuo1228@test-server ~]$ ssh-keygen

这里一直敲回车就好

Generating public/private rsa key pair.Enter file in which to save the key (/home/azuo1228/.ssh/id_rsa):Created directory '/home/azuo1228/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/azuo1228/.ssh/id_rsa.Your public key has been saved in /home/azuo1228/.ssh/id_rsa.pub.The key fingerprint is:d2:33:66:86:0a:b4:27:a9:86:92:24:ff:13:63:96:15 azuo1228@test-serverThe key's randomart image is:+--[ RSA 2048]----+|   || E  || . .  || . o .o  ||..= .oo S ||++ +*. = o ||=..o.o  ||o ..  || ..  |+-----------------+[azuo1228@test-server ~]$ cd .ssh/[azuo1228@test-server .ssh]$ dirid_rsa id_rsa.pub

查看生产结果

[azuo1228@test-server .ssh]$ lltotal 8-rw------- 1 azuo1228 administrator 1675 Dec 21 18:11 id_rsa-rw------- 1 azuo1228 administrator 403 Dec 21 18:11 id_rsa.pub[azuo1228@test-server .ssh]$ cat id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server

2.拷贝到远端主机指定用户的home下面

可以看到这次还是要输密码的

[azuo1228@test-server .ssh]$ scp id_rsa.pub [email protected]:/home/azuo1228Access and Authorization to this server is controlled by Active Directory. Please login with your admin [email protected]'s password:id_rsa.pub 100% 403 0.4KB/s 00:00

在此测试登录 -- 需要密码，还没免密码

[azuo1228@test-server .ssh]$ ssh [email protected] and Authorization to this server is controlled by Active Directory. Please login with your admin [email protected]'s password:Last login: Wed Dec 21 18:07:21 2016 from shang1lu4gnl.ads.autodesk.comAuthorized uses only. All activity may be monitored and reported.[azuo1228@dest-server ~]$

不存在.ssh的话需要创建

[azuo1228@dest-server ~]$ mkdir .ssh[azuo1228@dest-server ~]$ cd .ssh/[azuo1228@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server[azuo1228@dest-server .ssh]$ lltotal 4-rw-r--r-- 1 azuo1228 administrator 403 Dec 21 20:33 authorized_keys

需要权限为600

[azuo1228@dest-server .ssh]$ chmod 600 authorized_keys[azuo1228@test-server .ssh]$ ssh [email protected] and Authorization to this server is controlled by Active Directory. Please login with your admin account.Last login: Wed Dec 21 20:32:08 2016 from c72Authorized uses only. All activity may be monitored and reported.[azuo1228@dest-server ~]$[azuo1228@dest-server ~]$[azuo1228@dest-server ~]$ exitlogoutConnection to 10.148.167.106 closed.

再次登陆，就已经免密了

[azuo1228@test-server .ssh]$ ssh 10.148.167.106Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.Last login: Wed Dec 21 20:33:34 2016 from c72Authorized uses only. All activity may be monitored and reported.

在尝试登陆zhour用户，依旧要密码，可见免密过程是一对一的。

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhourAccess and Authorization to this server is controlled by Active Directory. Please login with your admin [email protected]'s password:

拷贝公钥到另一个用户zhour

[azuo1228@test-server .ssh]$ scp id_rsa.pub [email protected]:/home/zhourAccess and Authorization to this server is controlled by Active Directory. Please login with your admin [email protected]'s password:id_rsa.pub  100% 403 0.4KB/s 00:00

登陆依旧需要密码

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhourAccess and Authorization to this server is controlled by Active Directory. Please login with your admin [email protected]'s password:Last login: Wed Dec 21 17:55:32 2016 from shang1lu4gnl.ads.autodesk.comAuthorized uses only. All activity may be monitored and reported.

添加公钥给zhour

[zhour@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server

这样就免密了

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhourAccess and Authorization to this server is controlled by Active Directory. Please login with your admin account.Last login: Wed Dec 21 20:34:49 2016 from c72Authorized uses only. All activity may be monitored and reported.

注意

需要注意两点，如下：

免密之后，scp这种走ssh 通道的都会免密；

key拷贝到远程主机的指定用户home目录下，最后，免输入密码的时候是远端主机的指定用户，非本地主机的用户

总结

以上就是这篇文章的全部内容了，希望本文的内容对大家的学习或者工作能带来一定的帮助，如果有疑问大家可以留言交流，谢谢大家对的支持。