You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71 lines
1.4 KiB
71 lines
1.4 KiB
3 years ago
|
---
|
||
|
title: SSH 免密认证
|
||
|
date: 2020-09-28
|
||
|
categories:
|
||
|
- devops
|
||
|
tags: [linux, ssh]
|
||
|
---
|
||
|
|
||
|
|
||
|
## a. 安装ssh
|
||
|
|
||
|
``` bash
|
||
|
sudo apt-get update
|
||
|
sudo apt-get install openssh-server
|
||
|
sudo apt-get install openssh-client
|
||
|
# 测试是否安装成功
|
||
|
ssh -l anxinyun 10.8.30.179
|
||
|
```
|
||
|
<!--more-->
|
||
|
|
||
|
## b. 修改配置
|
||
|
|
||
|
```
|
||
|
修改 /etc/ssh/sshd_config:
|
||
|
RSAAuthentication yes (启用RSA认证)
|
||
|
PubkeyAuthentication yes (启用公钥私钥配对认证)
|
||
|
AuthorizedKeysFile %h/.ssh/authorized_keys (公钥文件路径)
|
||
|
```
|
||
|
|
||
|
``` bash
|
||
|
# 重启服务
|
||
|
service ssh restart
|
||
|
```
|
||
|
|
||
|
## c. 配置密钥
|
||
|
|
||
|
``` bash
|
||
|
# 生成密钥对
|
||
|
# ssh-keygen -t rsa -P ""
|
||
|
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
|
||
|
# 输出到authorized_keys文件
|
||
|
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
|
||
|
# 设置authorized_keys权限
|
||
|
chmod 600 .ssh/authorized_keys
|
||
|
```
|
||
|
|
||
|
``` bash
|
||
|
# 需要免密登录 哪台主机,就把公钥注册到哪台主机
|
||
|
# 复制 n1 公钥到 m1
|
||
|
scp anxinyun@10.8.30.179:/home/anxinyun/.ssh/id_rsa.pub .
|
||
|
# 追加到 authorized_keys
|
||
|
cat id_rsa.pub >> .ssh/authorized_keys
|
||
|
# 删除 n1 公钥
|
||
|
rm id_rsa.pub
|
||
|
|
||
|
# 在 n1、n2中重复上述命令
|
||
|
```
|
||
|
|
||
|
## M1 远程登录免密
|
||
|
|
||
|
``` basic
|
||
|
用xshell 用户密钥生成工具生成密钥对
|
||
|
把公钥追加到 .ssh/authorized_keys
|
||
|
私钥和密钥自己妥善保存
|
||
|
|
||
|
# 禁用ssh用户密码登录
|
||
|
修改 /etc/ssh/sshd_config:
|
||
|
PasswordAuthentication no
|
||
|
```
|
||
|
|