ssh 免密码登入
2024-08-25 03:11:58
1、普通免密码登入
(1) 生成秘钥
[root@vick ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
67:c6:ca:04:ff:52:d7:e0:f2:14:f1:ae:55:cc:39:6b root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| o o.|
| . o .o+|
| o . . = .o|
| S B + +E |
| o B = o. |
| + . o |
| . |
| |
+-----------------+
执行完后 本地会生成公钥和私钥
[root@vick ~]# ls -l /root/.ssh/
-rw-------. 1 root root 1675 Aug 12 17:33 id_rsa
-rw-r--r--. 1 root root 408 Aug 12 17:33 id_rsa.pub
(2) 将公钥复制到远程主机
[root@vick ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.88.180
(3) 启用认证代理
[root@vick ~]# ssh-agent bash
(4) 测试
远程主机上面会出现/root/.ssh/authorized_keys
OK 现在就实现免密码登入了
2、秘钥加密
(1) 同样先生成公钥和私钥
[root@vick ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): #输入密码
Enter same passphrase again: #再次输入密码
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
34:a7:99:96:7d:83:69:9a:53:df:82:ff:e4:a5:52:94 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| o . . |
| . O o E |
| S * o. |
| . = + o. |
| + . o.o .|
| . ..+ o |
| .o+ |
+-----------------+
执行完后会生成两个秘钥
[root@vick ~]# ls -l /root/.ssh/
-rw-------. 1 root root 1743 Aug 13 00:47 id_rsa
-rw-r--r--. 1 root root 408 Aug 13 00:47 id_rsa.pub
(2) 将公钥复制到远程主机
[root@vick ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.88.180
(3) 启用认证代理
[root@vick ~]# ssh-agent bash
(4) 将私钥密码加入认证代理
[root@vick ~]# ssh-add
Enter passphrase for /root/.ssh/id_rsa: #在这里输入加密密码
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
(5)测试
秘钥加密和不加密的区别:
第一种方法秘钥不加密,将生成的秘钥放在任何台设备上都,都可以实现免密登入,秘钥被盗取后 其他人一样能用改秘钥登入
第二种方法秘钥加密,只有本机生成的秘钥在本机才能实现免密码登入,就算秘钥被盗取,其他人也无法通过该秘钥登入 除非有加密密码
最新文章
- spring自动扫描、DispatcherServlet初始化流程、spring控制器Controller 过程剖析
- Bzoj2850 巧克力王国
- Memcache 内存分配策略和性能(使用)状态检查
- php curl 实例+详解
- 使用Memcached Session Manager扩展Session管理
- File类的常用方法
- WebService学习笔记一
- 如何通过apt-get获得安装包的源码
- hdu 4669 动态规划
- asp.net连接mysql数据库
- JS生成二维码,支持中文字符
- Unity扩展 自定义事件Send组件
- 系统分层 manager层意义
- dispatch_once认识分析
- 算法笔记_017:递归执行顺序的探讨(Java)
- 配置ssh免密登录服务器
- Spring教程笔记(3)
- 《Head First 设计模式》[02] 观察者模式
- centos7 设置tomcat自启动
- kepware http接口 c语言 ruby