Linux CentOS7 两台机器之间免输入密码相互登录(密钥对认证)
两台机器为:
主机名:fxq-1,IP:192.168.42.181
主机名:fxq-2, IP:192.168.42.182
w命令可以查看当前登录用户的信息
[[email protected] ~]# w 23:59:42 up 12 min, 1 user, load average: 0.00, 0.07, 0.11USER TTY FROM [email protected] IDLE JCPU PCPU WHAT root pts/0 192.168.42.2 23:48 6.00s 0.13s 0.07s w
[[email protected] ~]# w 00:00:18 up 12 min, 2 users, load average: 0.00, 0.06, 0.11USER TTY FROM [email protected] IDLE JCPU PCPU WHAT root pts/0 192.168.42.2 23:48 2.00s 0.08s 0.02s w root pts/1 192.168.42.181 00:00 5.00s 0.07s 0.07s -bash
whoami ##查看当前登录用户 ssh -p 22 [email protected] ##指定端口和用户进行登录
1.关闭SELINUX(每台机器都要关闭)
- 临时关闭SELINUX
setenforce 0 ##临时关闭SELINUX
getenforce 0 ##查看SELINUX设置
- 永久关闭SELINUX
vi /etc/selinux/conf
改其中第六行为: SELINUX=disabled 保存退出
在fxq-1机器上:
ssh-keygen生成密钥对
[[email protected] ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 68:6a:c4:24:60:3d:dc:2a:cc:4b:04:58:0a:a8:3f:a9 [email protected] key‘s randomart image is: +--[ RSA 2048]----+ |Bo+ . | |=+ + . | |* . + | |.= = . | |..o.o o S | | .+. o | | . .o | |E . | | | +-----------------+ [[email protected] ~]#
[[email protected] ~]# ls /root/.ssh/id_rsa id_rsa.pub known_hosts [[email protected] ~]#
在fxq-1机器上输入,下面命令,按提示输入fxq-2的root用户的密码:
scp /root/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys
此步骤是把fxq-1机器的公钥写入到fxq-2的authorized_keys文件中,如果fxq-2之前已有authorized_keys文件,那么需要手工把公钥内容粘贴到fxq-2的authorized_keys文件中。否则会把原有的其他机器的公钥覆盖。
在fxq-2机器上操作如下:
[[email protected] ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 68:6a:c4:24:60:3d:dc:2a:cc:4b:04:58:0a:a8:3f:a9 [email protected] key‘s randomart image is: +--[ RSA 2048]----+ |Bo+ . | |=+ + . | |* . + | |.= = . | |..o.o o S | | .+. o | | . .o | |E . | | | +-----------------+ [[email protected] ~]# [[email protected] ~]#
[[email protected] ~]# ls /root/.ssh/id_rsa id_rsa.pub known_hosts [[email protected] ~]#
在fxq-2机器上输入,下面命令,按提示输入fxq-1的root用户的密码:
scp /root/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys
此步骤是把fxq-2机器的公钥写入到fxq-1的authorized_keys文件中,如果fxq-1之前已有authorized_keys文件,那么需要手工把公钥内容粘贴到fxq-1的authorized_keys文件中。否则会把原有的其他机器的公钥覆盖。
完成后可以在fxq-1上测试,不用输入密码就能登录fxq-2成功:
[[email protected] ~]# ssh 192.168.42.182 Last login: Thu Aug 3 17:28:57 2017 [[email protected] ~]#
时间: 2024-08-02 11:01:25