Linux上实现ssh免密码登陆
远程服务器
0。指示
通常使用ssh登录虚拟服务器时,必须输入支付密码,期望在不输入支付密码的情况下按键登录,为大批量全自动部署服务器做好充分准备。
以下自然环境:
IP地址
计算机 *** 作系统
服务器
手机客户端
10.0.0.129/24
Ubuntu16.04x86
1。移动电话客户端形成密钥对
形成密钥对:
xpleaf@leaf:~$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/xpleaf/.ssh/id_rsa):
Created directory '/home/xpleaf/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xpleaf/.ssh/id_rsa.
Your public key has been saved in /home/xpleaf/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:eLssyXJLzUCfSN5mu6nqNH9dB/gOyXSvWBwQdNssIYE xpleaf@leaf
The key's randomart p_w_picpath is:
---[RSA 2048]----
| o=oo |
| E .o = |
| o oo o |
| = .o . |
| = So = |
| B o = o |
| o...=. * o |
| ..=..o o |
| .o== |
----[SHA256]-----
查询形成的密钥对:
xpleaf@leaf:~$ ls .ssh
id_rsa id_rsa.pub
# id_rsa为公钥,这一一般必须保密性;id_rsa.pub为公钥,这一能够公布。
2。将公钥提交给服务器
应用scp命令的实际 *** 作:
xpleaf@leaf:~$ scp .ssh/id_rsa.pub root@10.0.0.128:/root
The authenticity of host '10.0.0.128 (10.0.0.128)' can't be established.
RSA key fingerprint is SHA256:0Tpm12wruaQXyvOfEB1maIkEwxmjT2AklWb198Vrln0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.128' (RSA) to the list of known hosts.
root@10.0.0.128's password:
id_rsa.pub 100% 393 0.4k高清B/s 00:00
3。服务器的实际 *** 作
将移动客户端的公钥添加到。ssh/authorized_keys:
[root@leaf ~]# cat id_rsa.pub >> .ssh/authorized_keys
[root@leaf ~]# chmod 600 .ssh/authorized_keys
# authorized_keys的管理权限必须为600
更改ssh配置文档/etc/ssh/sshd_config,并查找以下行:
PubkeyAuthentication no
已更改为:
PubkeyAuthentication yes
4。检测
在移动客户端上应用密钥以登录网络服务器:
xpleaf@leaf:~$ ssh -i .ssh/id_rsa root@10.0.0.128
Last login: Tue May 9 15:14:01 2017 from 10.0.0.129
[root@leaf ~]#
5。常见问题
服务器端必须关闭Selinux,否则密钥无法用于远程登录。
手机客户端应用scp命令时,服务器上也必须安装ssh手机客户端,否则将无法上传公钥到服务器。另外,ssh-copy-idroot@10.0.0.128可以用来代替scp的实际 *** 作(那样的话,就不需要建立的目录了。服务器上的ssh文件,相当于这个命令可以帮助你一步完成密钥的提交和准备);
微信扫一扫
支付宝扫一扫
评论列表(0条)