ssh 無密碼登錄要使用公鑰與私鑰。通過andy128.com(192.168.12.128)linu主機(jī)使用root用戶登陸andy129.com(192.168.12.129)linu主機(jī)的時(shí)候無需輸入密碼直接登陸。
1、 服務(wù)器環(huán)境
網(wǎng)絡(luò)環(huán)境:
系統(tǒng)環(huán)境: CentOS 6.5 2.6.32x86_64
2、 生成密鑰對
在andy128.com機(jī)器上建立dsa key,生存public key與private key。
private key和public key僅需要建立一次就可以了。
[root@andy128 ~]# ssh-keygen -t dsa
#ssh-keygen 是生成密鑰的工具,-t參數(shù)指建立密鑰的類型,這里建議dsa類型密鑰。
#也可以執(zhí)行ssh-keygen -t rsa 來建立rsa類型密鑰。
#RSA與DSA加密算法的區(qū)別。
#RSA,是一種加密算法(PS: RSA也可以進(jìn)行數(shù)字簽名的),簡寫來由是Ron Rivest、Adi Shamir 和Leonard Adleman這三個(gè)人名字的第一個(gè)字母連接起來就是RSA。
#DSA就是數(shù)字簽名算法的英文全稱的簡寫,即Digital Signature Algorithm,RSA可以進(jìn)行加密,也可以進(jìn)行數(shù)字簽名實(shí)現(xiàn)認(rèn)證,而DSA只能用于數(shù)字簽名從而使用認(rèn)證
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): #設(shè)置密鑰保存路徑,默認(rèn)一路回車
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.#這是private key的路徑
Your public key has been saved in /root/.ssh/id_dsa.pub.#這是public key的路徑
The key fingerprint is:
26:e5:df:de:4b:14:86:d2:cf:8c:7e:e2:f4:fe:a8:c3 root@andy128.com
[root@andy128 ~]# ll .ssh/
total 8
-rw-------. 1 root root 668 Feb 18 20:30 id_dsa
-rw-r--r--. 1 root root 606 Feb 18 20:30 id_dsa.pub
#.ssh目錄權(quán)限為700,.ssh/id_dsa權(quán)限為600,.ssh/id_dsa.pub權(quán)限為644
3、 分發(fā)密鑰
[root@andy128 ~]# cd .ssh/
[root@andy128 .ssh]# ssh-copy-id -i id_dsa.pub root@192.168.12.129
#把id_dsa.pub拷貝到192.168.9.128的wiki家目錄下的.ssh目錄即可(需要改名,因?yàn)樵?/span>sshd_config里面定義了“#AuthorizedKeysFile .ssh/authorized_keys”),ssh-copy-id為系統(tǒng)自帶的shell腳本,可以用來分發(fā)公鑰。
The authenticity of host '192.168.12.129 (192.168.12.129)' can't be established.
RSA key fingerprint is fe:50:93:33:6c:71:93:3e:3e:fd:23:b0:90:2c:a8:53.
Are you sure you want to continue connecting (yes/no)? yes#輸入yes在本地添加ssh公鑰信息。該信息默認(rèn)會被添加到本地的~/.ssh/known_hosts文件中。
Warning: Permanently added '192.168.12.129' (RSA) to the list of known hosts.
root@192.168.12.129's password: #輸入密碼
Now try logging into the machine, with "ssh 'root@192.168.12.129'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
4、 遠(yuǎn)程登陸測試
[root@andy128 .ssh]# ssh root@192.168.12.129
Last login: Thu Feb 18 20:07:27 2016 from 192.168.12.1
[root@andy129 ~]# ifconfig | grep "inet addr"
inet addr:192.168.12.129 Bcast:192.168.12.255 Mask:255.255.255.0
inet addr:127.0.0.1 Mask:255.0.0.0
[root@andy129 ~]# hostname
andy129.com