参考: http://www.mekau.com/index.php/uncategory/pandy_2671.html
为了管理方便,需要打通管理机器(有些公司叫做跳板机,也有叫做堡垒机)到各个主
机的信任通道,这样会避免每次ssh操作都需要输入密码,机器多的时候会真的疯掉的
打通信任通道 :
1、本地生成一对秘钥文件(公钥和私钥):ssh-keygen -t rsa
$ ssh-keygen
#以上命令等价于 ssh-keygen -t rsa
#-t:指定密钥的类型,默认为SSH-2 的rsa类型;
运行上面的命令后,系统会出现一系列提示,可以一路回车。特别说明,其中有一个问题是,要不要对私钥设置口令(passphrase),如果担心私钥的安全,可以设置一个。运行结束以后,会在 ~/.ssh/ 目录下新生成两个文件:id_rsa.pub和id_rsa。前者公钥,后者是私钥。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
[pandy@localhost .ssh]$ cd [pandy@localhost ~]$ cd .ssh [pandy@localhost .ssh]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/pandy/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/pandy/.ssh/id_rsa. Your public key has been saved in /home/pandy/.ssh/id_rsa.pub. The key fingerprint is: SHA256:fB/iOvh4WmMQCRllGj2dgRXc4ZYsH48XREzIr0sy+lY pandy@localhost.localdomain The key's randomart image is: +---[RSA 2048]----+ | +=o=+*.*+ | | .=+.+o+o. | | . o.. *.. | | o + +.. | | . S =.+ | | .ooE+ . | | o+=... | | o++o. | | o*+. | +----[SHA256]-----+ [pandy@localhost .ssh]$ ls id_rsa id_rsa.pub |
2、将公钥传送到远程主机host上面; ssh-copy-id user@host
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[pandy@localhost .ssh]$ ssh-copy-id pandy@192.168.0.4 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/pandy/.ssh/id_rsa.pub" The authenticity of host '192.168.0.4 (192.168.0.4)' can't be established. ECDSA key fingerprint is SHA256:L5SWr4SK4lrEG4B4qkRqcrcRU0A7NXtze5nCocOpbZU. ECDSA key fingerprint is MD5:b3:83:e5:ba:ed:b4:6b:a8:eb:d8:c2:57:89:66:c6:10. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys pandy@192.168.0.4's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'pandy@192.168.0.4'" and check to make sure that only the key(s) you wanted were added. |
经过以上两步之后,就可以实现无密码远程登录了(远程主机将用户的公钥保存在~/.ssh/authorized_keys文件中)。
3. 远程链接到服务器: ssh root@xxx.xxx.xxx.xxx
1 |
ssh pandy@192.168.0.4 |