SSH Key的生成和使用
<h1>ssh普通用户(非root用户)免密钥登录</h1>
<p>假设:
主机A:172.16.6.198
主机B:172.16.6.199</p>
<p>以普通用户,如:easytong登录主机A,主机B上都执行1-4步</p>
<h3>1.修改sshd_config配置文件</h3>
<p>打开文件/etc/ssh/sshd_config</p>
<pre><code class="language-bash">sudo vim /etc/ssh/sshd_config</code></pre>
<p>确保以下配置已经添加(如果被"#“注释了就把”#"删除),正确如下:</p>
<pre><code class="language-bash">AuthorizedKeysFile .ssh/authorized_keys
PubkeyAuthentication yes</code></pre>
<h3>2.重启sshd服务</h3>
<pre><code class="language-bash">sudo systemctl restart sshd</code></pre>
<h3>3.生成密钥对(key pair)</h3>
<p>以easytong用户登录Linux系统,执行如下命令,一路回车即可。</p>
<pre><code class="language-bash">ssh-keygen</code></pre>
<h3>4.添加公钥到 authorized_keys 文件</h3>
<p>cat /home/easytong/.ssh/id_rsa.pub >> /home/easytong/.ssh/authorized_keys</p>
<h3>5.把主机B的公钥文件复制到主机A上</h3>
<p>用户easytong登录主机A</p>
<pre><code class="language-bash">scp easytong@172.16.6.199:/home/easytong/.ssh/id_rsa.pub /home/easytong/.ssh/199.id_rsa.pub</code></pre>
<p>此时需要输入主机B的easytong用户密码。</p>
<h3>6.把主机B的公钥导入到本地(主机A)的authorized_keys文件中</h3>
<pre><code class="language-bash">cat 199.id_rsa_pub >> /home/easytong/.ssh/authorized_keys</code></pre>
<h3>7.修改权限</h3>
<pre><code class="language-bash">chmod 700 /home/easytong/.ssh
chmod 600 /home/easytong/.ssh/authorized_keys</code></pre>
<h3>8.登录主机B执行步骤5-7</h3>
<p>注意登录至主机B后,执行命令中IP的变化,命令中IP需修改。</p>
<h1>二、root用户免密钥登录</h1>
<h3>1.检查是否已经存在ssh key</h3>
<p>假设:</p>
<pre><code class="language-bash">A主机为:172.16.6.198
B主机为:172.16.6.199
以下操作均为root操作。</code></pre>
<p>通常sshkey会默认生成在用户家目录下,所以查看家目录下是否存在.ssh 文件夹,以及是否存在相关目录就行。(~/.ssh/id_rsa)</p>
<h3>2.生成key</h3>
<p>在控制台输入: </p>
<pre><code class="language-bash">ssh-keygen</code></pre>
<p>Note: -t 的意思是选择kye的type。分别有 RSA 和 DSA 两种。具体请自行百度
控制台输出如下: </p>
<pre><code class="language-bash">Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub. </code></pre>
<p>(为了避免每次进行ssh连接时都需要输入passphrase,这里可以不用输入passphrase。)</p>
<p>现在你的私钥被放在了~/.ssh/id_rsa 这个文件里,而公钥被放在了 ~/.ssh/id_rsa.pub 这个文件里。</p>
<h3>3.使用ssh key</h3>
<p>使用ssh key的目的是使得两台机器之间建立互信,从其中一台登陆到另一台时不需要密码。具体方式如下:</p>
<h4>3.1.先在主机A上创建密钥对</h4>
<pre><code class="language-bash">ssh-keygen</code></pre>
<p>这时可以在主机A上看到生成的秘钥~/.ssh/id_rsa 和公钥 ~/.ssh/ id_rsa.pub</p>
<h4>3.2把主机A的公钥放在主机B上</h4>
<pre><code class="language-bash">scp -r /root/.ssh/id_rsa.pub 172.16.6.198:/root/.ssh/authorized_keys</code></pre>
<h4>3.3.此时用A登陆B就不需要密码了</h4>
<pre><code class="language-bash">ssh B_ip</code></pre>
<p>同理可应用于B 登陆A</p>