当前位置：首页 > article >正文

linux 使用SSH密钥配置免密登录

article 2024/9/20 13:41:21

需求：多台主机SSH免密登录，需要使用同一个密钥对

操作：

在Linux中，使用SSH密钥对来在多台主机之间配置免密登录。以下是配置步骤：

在你的本地机器上生成一个SSH密钥对。如果你已经有一个，你可以跳过这一步。在终端中运行以下命令：

ssh-keygen -t rsa

这将在你的~/.ssh目录下生成两个文件：id_rsa（私钥）和id_rsa.pub（公钥）。

将你的公钥复制到远程主机。你可以使用ssh-copy-id命令来完成这个任务。在终端中运行以下命令，

ssh-copy-id user@host

将user和host替换为你的远程主机的用户名和主机名：
这将会把你的公钥添加到远程主机的~/.ssh/authorized_keys文件中。

现在你应该可以免密登录到远程主机了。在终端中运行以下命令，将user和host替换为你的远程主机的用户名和主机名：

ssh user@host

如果你需要在多台主机之间配置免密登录，你可以重复第2步和第3步，为每台远程主机添加你的公钥。

注意：在进行这些操作时，请确保你有对远程主机的适当访问权限，并且你的SSH服务已经启动。

示例

先使用一台主机生成密钥对，如果root权限被禁止，请使用其他用户

jupiter@installerdev04:/home/hw$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jupiter/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/jupiter/.ssh/id_rsa
Your public key has been saved in /home/jupiter/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:Y19G23GqT+Q/y957zuZPBtvkWirLxk6q0NJW/m9UJeg jupiter@installerdev04
The key's randomart image is:
+---[RSA 3072]----+
|             .   |
|            . . .|
|           .. ..o|
|           .Eo +.|
|        S . + =..|
|       + = o +.* |
|      o + o.o.+ *|
|       +   =+ooX+|
|        ...o==*O&|
+----[SHA256]-----+

## 生成的在此用户的家目录
jupiter@installerdev04:/home/hw$ cd ~/.ssh/
jupiter@installerdev04:~/.ssh$ ls
authorized_keys  id_rsa  id_rsa.pub


##  这一步是为了同样可以连接这台主机
jupiter@installerdev04:~/.ssh$ cat authorized_keys 
jupiter@installerdev04:~/.ssh$ cat id_rsa.pub > authorized_keys

将公钥进行分发，如果没有这个命令，可以手动进行操作，多台主机分别操作

jupiter@installerdev04:~/.ssh$ ssh-copy-id jupiter@10.119.108.42
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/jupiter/.ssh/id_rsa.pub"
The authenticity of host '10.119.108.42 (10.119.108.42)' can't be established.
ED25519 key fingerprint is SHA256:1bu3kHrujNlvFXx2QEHvHSgMJeInfV3f9AFUBRP+iyE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
jupiter@10.119.108.42's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'jupiter@10.119.108.42'"
and check to make sure that only the key(s) you wanted were added.

以上是基本操作，如果想要指定主机名还需要配置hosts

这样免密就配置好了，可以使用同一套密钥对进行连接

注意

如果需要授权

chmod 700 /home/earth/.ssh/

chmod 600 /home/earth/.ssh/authorized_keys

如果配置sshd_config

sudo vi /etc/ssh/sshd_config

约45行，取消注释，删除#
 PubkeyAuthentication yes

重启ssh

sudo systemctl restart sshd

如果用户为earth，scp目的地的所有组是其他或者root

chown earth /data/cqap -R

scp -i config/id_rsa -o stricthostkeychecking=no ./cqap.tar  earth@10.122.177.83:/data/cqap/code

指定私钥进行授权

scp -i id_rsa -o stricthostkeychecking=no ./cqap.tar  qatest@10.122.168.25:/data/cloudqaplatform/code

ssh qatest@10.122.168.25 -i id_rsa "cd /data/cloudqaplatform && sudo sh ./deploy.sh"

查看全文

http://www.kler.cn/news/309839.html