ubuntu ssh免密码登录
2024-09-03 14:58:38
目前很多服务(ceph,openstack等)都需要用到SSH使用ssh-key进行登录,而不能使用密码进行登录。
下面是配置步骤:
一、在SSH Client生成ssh key pair
root@ceph01:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1e:f1:c6:c5:c4:8e:e0:b3:ed:9f:2c:::ce:8a:0d root@ceph01
The key's randomart image is:
+--[ RSA ]----+
| .. |
| . o. |
| ... oo |
| . ++... |
| o oS++ |
| E o.ooo |
| + . .o . |
| . o o. . |
| o+ |
+-----------------+
二、复制id_rsa.pub内容到 SSH Server 用户的.ssh/authorized_keys 中
root@ceph01:~# ssh-copy-id ceph02
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@ceph02's password: Number of key(s) added: Now try logging into the machine, with: "ssh 'ceph02'"
and check to make sure that only the key(s) you wanted were added.
查看SSH Server 用户的.ssh/authorized_keys文件内容
root@ceph02:~/.ssh# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1hXDFOCI0hdsZlvuP9FGLnCd6k6yR51T6WN4+Wr/shJlY6ymcxde2hwBhiGowvKNbhpVA3EHUxtV0W9YH742ymTmUCVBCuGd2zUwB36AR9aiQGFwSd8vulqaybirpsic9iZ4d83cGjdJwSQg5mGhxZpzi4qD8yygdEDkTcczIFj+9zh5BCIlsZXFHU8044wIKBAbp2YvrsCW0L81XvVJZo3OJxggbUYlMhXcws99U7q2JcBUKv9IQYjar9GyYh4DNlllDs56sfR6SDtuT1O6NOtKSCc6jxCpf7EmxgBXIeYQiSUKnwDo3CE4FmvFsmTlkFUkOluJIRGUTbkokw5tJ root@ceph01
三、在SSH Server上修改sshd_config配置文件
Port
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol
# HostKeys for protocol version
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes # Lifetime and size of ephemeral version server key
KeyRegenerationInterval
ServerKeyBits # Logging
SyslogFacility AUTH
LogLevel INFO # Authentication:
LoginGraceTime
PermitRootLogin yes
StrictModes yes RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys # Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version
HostbasedAuthentication no
.
.
.
四、验证
root@ceph01:~# ssh root@ceph02
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.--generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Wed Jan :: CST System load: 0.0 Processes:
Usage of /: 3.7% of .95GB Users logged in:
Memory usage: % IP address for eth0: 192.168.20.178
Swap usage: % Graph this data and manage this system at:
https://landscape.canonical.com/ packages can be updated.
updates are security updates. New release '16.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it. Last login: Wed Jan :: from 192.168.20.116
root@ceph02:~#
最新文章
- php实现文件上传与下载(中)
- magento后台使用POST表单时,要使用必要参数form_key才能正常通讯
- 事件类型: 错误 事件来源: Service Control Manager 事件种类: 无 事件 ID: 7000
- sharepoint 2013 安装配置PowerView
- 简述TVS是的命名和封装
- (hdu step 7.1.5)Maple trees(凸包的最小半径寻找掩护轮)
- 第一百二十五节,JavaScript,XML
- 1)C语言简介(C自考学习)
- java列表数据基本操作
- Jmeter应用-接口测试
- javascript 之 继承
- mysql 计算两点经纬度之间的直线距离(具体sql语句)
- linux系统状态检测命令
- Mysql简单入门
- Codeforces Beta Round #14 (Div. 2) A. Letter 水题
- 第九次CSP第四题 - 压缩编码
- Xcode模拟器的一些快捷键
- SpringAOP 通知(advice)
- atcoder ARC092 D - Two Sequences 二分 & 二进制
- OpenCV代码提取:dft函数的实现