1. 機器清單
A:192.168.4.4
B:192.168.4.5
實作A免密鑰登陸B
2. A生成密鑰對
[root@A ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xfLhSq92OwFP30kH+K6QAQo1V38dTmjHdULaV66Zq8s root@A
The key's randomart image is:
+---[RSA 2048]----+
| .o ... o=o=|
| . o.. ..=+*+|
| . ...+ +.+o+|
| . .=o. .o=.|
| S+o+ ++o |
| . o= . +. |
| . .o .. |
| ..o... |
| ....oE. |
+----[SHA256]-----+
[root@A ~]# cd .ssh/
[root@A .ssh]# ls
id_rsa id_rsa.pub
id_rsa : 生成的私鑰檔案
id_rsa.pub : 生成的公鑰檔案
know_hosts : 已知的主機公鑰清單
如果希望ssh公鑰生效需滿足至少下面兩個條件:
1) .ssh目錄的權限必須是700
2) .ssh/authorized_keys檔案權限必須是600
3. 将生成的公鑰scp到想要登陸的伺服器 B,B伺服器必須有 .ssh目錄,如果沒有就建立并授予700權限
[root@A .ssh]# scp -p ~/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys
[email protected]'s password:
id_rsa.pub
4. 驗證