1. 单向无密钥配置
station213 -> station220:
步骤一:
输入命令: ssh-keygen 一路回车。。
[[email protected] ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists. Overwrite (y/n)?
步骤二:
生成文件: id_rsa id_rsa.pub
[[email protected] ~]# cd ~/.ssh/ [[email protected] .ssh]# ls id_rsa id_rsa.pub known_hosts
步骤三:
拷贝文件:id_rsa.pub 到目标机器 station220,并改名为:authorized_keys
[[email protected] .ssh]# scp id_rsa.pub 192.168.101.220:~/.ssh/authorized_keys
步骤四:
登录验证:没有提示输入密码,无密钥登录配置成功。
[[email protected] .ssh]# ssh 192.168.101.220 Last login: Fri Mar 22 11:18:25 2013 from 192.168.101.213 [[email protected] ~]#
双向无密钥配置同上。。。
2. 多台机器间无密钥配置
举例如:station213 -> station220:
station220 -> station213:
步骤一:
station213 -> station220:
[[email protected] .ssh]# ssh-copy-id -i id_rsa.pub [email protected] 10 Now try logging into the machine, with "ssh ‘[email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. [[email protected] .ssh]# ssh-copy-id -i id_rsa.pub [email protected] 10 [email protected]‘s password: Now try logging into the machine, with "ssh ‘[email protected]‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. [[email protected] .ssh]# ssh 192.168.101.220 Last login: Fri Mar 22 11:30:05 2013 from 192.168.101.213 [[email protected] ~]#
注意:以上设置还是提示密码登录,目标机还要修改下sshd_config
#秘钥登录设置
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
修改文件权限,增强安全性
- chmod 700 /home/username/.ssh
- chmod 600 /home/username/.ssh/*
重启sshd服务,就可以无密码登录了
时候一般是以下两种问题:1. ${HOME}、${HOME}/.ssh、${HOME}/.ssh/authorized_keys的权限不对,可以在/var/log/secure中查看。2. pub key 拷贝不对,如果在/var/log/secure中报error: key_read: uudecode *** failed,一般都是pub key拷贝不对,注意pub key是写在一行的,如果你用鼠标拷贝,容易拷成多行
时间: 2024-08-21 04:49:34