server1 主机名:centos6 IP:192.168.2.105 操作系统:centos6.5
server2 主机名:rhel6 IP:192.168.2.110 操作系统:rhel6.5
为了实现server1对server2能够实现无密码登陆,可以在server1主机上使用ssh-keygen工具生成一对密钥,server1保留私钥,将公钥上传至server2主机相应用户的主目录下的.ssh/文件夹下,并重命名为authorized_keys
步骤如下:
1、在server1上生成密钥对
[[email protected] .ssh]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is:
43:5a:4c:00:e6:93:88:ef:92:87:1b:6b:ed:91:c9:33 [email protected] The key‘s randomart image is: +--[ RSA 2048]----+ | o.... | | . + . o | |. . + + | | . . + | | . . S | | +. o . | |= +E | | B .+ | |+ .. | +-----------------+
[[email protected] .ssh]#pwd /root/.ssh [[email protected] .ssh]#ls id_rsa id_rsa.pub
需要注意的是 Enter passphrase (empty for no passphrase):
Enter same passphrase again:
这两项提示输入密码,必须留空,直接按回车键跳过,这样就能避免server1远程登录server2时所要口令了。
这时候生成了两个文件,id_rsa id_rsa.pub
2、将公钥文件id_rsa.pub上传至server2主机上
[[email protected] .ssh]# ssh [email protected] "cat >> /root/.ssh/authorized_keys" < id_rsa.pub [email protected]‘s password:
3、修改server2中sshd的配置文件
[[email protected] .ssh]#vim /etc/ssh/sshd_config
启用两项
RSAAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
在server2上重启sshd服务
[[email protected] .ssh]/etc/init.d/sshd restart
此时从server1使用ssh登录server2则无需登录密码,如果还需要密码或者报错,则是由于selinux的原因
[[email protected] .ssh]setenforce 0 ###立即生效
强制关闭selinux
或者修改相关配置文件
[[email protected] .ssh]vim /etc/selinux/config
修改:
SELINUX=disabled ###修改配置文件重启后才可生效
此时就可以实现server1对server2的无密码登陆了
注:看见网上说鉴于文件的安全性应将两台主机的.ssh/目录以及目录下的所有文件的权限改为600
chmod -R 600 .ssh/
不过个人认为,由于.ssh/目录位于用户的家目录中,其他普通用户根本无法cd进来,所以这一步貌似可以略去。
Linux主机间ssh实现无密码登陆,布布扣,bubuko.com