SSH免密钥要登录

密钥可以通过客户端生成将私公钥传给服务器，也可以通过服务器生成将私钥传给客户端

本案例由客户端生成

客户端生成密钥对

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 	# 密钥保存位置
Enter passphrase (empty for no passphrase): 	# 密钥的密码（可以不设置）
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.	# 私钥
Your public key has been saved in /root/.ssh/id_rsa.pub.	# 公钥
The key fingerprint is:
SHA256:OVbGgarVvhwklHBGlyCUHOdXOO/ji2YuF8kFGdjbT6A root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|   o==*=o*o      |
|    o*+.Oo..     |
|     ..o.B+.     |
|      +.E++ .    |
|     o =S+ o     |
|    .  .*.o .    |
|       . = .     |
|      . *..      |
|       *o ..     |
+----[SHA256]-----+

将私钥上传到服务器

[root@localhost ~]# ssh-copy-id root@10.1.1.3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.1.1.3 (10.1.1.3)' can't be established.
ECDSA key fingerprint is SHA256:VEAmw1CzclPFubIWotDDrepVKufVem3kr81w+42HXhU.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.1.1.3's password: 		# 此处需要输入服务器的密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.1.1.3'"
and check to make sure that only the key(s) you wanted were added.

这个时候root的公钥文件内容会追加写入到root的 .ssh/authorized_keys 文件中

公钥可以通过其他任意方式写入到服务器authorized_keys文件中

[root@localhost ~]# cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Jn7wnVlCg97hiDbhejB6Xd1Ukc6qmOqyLWjhe9STi6vmsKhKKk6OWqb1TBPoFl9noIQiCDpwMAUYEgiuxUObnHTSx3WaHW9EUHutC6w/y/K1NtEIMDoqSf6cXFab8PuqUoYjVhSoTAJIpC5PFjU4GT1iPR0ONa1EoZLD3lQQGfGDQo9Brap0iL7qBstlLzJ7zaWEYM1CDhGTpeyOhJ6Q13/c5s52mmKVWB+X8jWBKJHvk9OhSwWOtF3daK7O39NF8kmXST/NEkVA1ay00C23ImbWmYcLa3NFsykrBD4t8B3XXH5tHVcL0d/px/IOGiAF2et04f44ym/dajHCwdTR root@localhost.localdomain

注意：.ssh目录的权限为700，其下文件authorized_keys和私钥的权限为600。否则会因为权限问题导致无法免密码登录。

[root@localhost ~]# ssh root@10.1.1.3	# SSH登录不再需要密码
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Thu Nov 12 18:38:03 2020 from 10.1.1.254