ssh免密登录
目录
1. 通过ssh-keygen -t rsa命令生成ssh密钥
2. 通过 “ssh-copy-id -i .ssh/id_rsa.pub 指定服务主机名”命令复制公钥到指定服务器
3. 验证
1. 通过ssh-keygen -t rsa命令生成ssh密钥
[root@k8s-master-02 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ANkYjRXxfME91AVMRUt4q9MQzxgXEVyVIXXpR77X+r8 root@k8s-master-02
The key's randomart image is:
+---[RSA 2048]----+
| oO+o ..o.=*%^|
| +.oo ..o+=*+|
| . o . .X+.|
| . . o =o|
| S + +|
| o oo|
| ...|
| . |
| E=|
+----[SHA256]-----+
会生成/root/.ssh目录,其下有如下文件:
[root@k8s-master-02 .ssh]# pwd
/root/.ssh
[root@k8s-master-02 .ssh]# ll
total 16
-rw------- 1 root root 400 Mar 21 21:18 authorized_keys
-rw------- 1 root root 1679 Mar 21 21:13 id_rsa
-rw-r--r-- 1 root root 400 Mar 21 21:13 id_rsa.pub
-rw-r--r-- 1 root root 951 Mar 21 21:18 known_hosts
2. 通过 “ssh-copy-id -i .ssh/id_rsa.pub 指定服务主机名”命令复制公钥到指定服务器
通过ssh-cppy-id命令实现把id_rsa.pub复制到其他服务器的/root/.ssh/authorized_keys文件
[root@k8s-master-02 ~]# for i in k8s-master-02 k8s-master-03 k8s-master-04 k8s-node-01 k8s-node-02;do ssh-copy-id -i .ssh/id_rsa.pub $i;done
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'k8s-master-02 (192.168.198.129)' can't be established.
ECDSA key fingerprint is SHA256:3xBkf83ah/FGRMunp7+7kxvfUpL3zezL3PKobnSO2ik.
ECDSA key fingerprint is MD5:76:99:d2:b9:45:78:45:c8:1d:eb:98:76:84:9b:6d:5d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@k8s-master-02's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'k8s-master-02'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'k8s-master-03 (192.168.198.130)' can't be established.
ECDSA key fingerprint is SHA256:3xBkf83ah/FGRMunp7+7kxvfUpL3zezL3PKobnSO2ik.
ECDSA key fingerprint is MD5:76:99:d2:b9:45:78:45:c8:1d:eb:98:76:84:9b:6d:5d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@k8s-master-03's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'k8s-master-03'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'k8s-master-04 (192.168.198.131)' can't be established.
ECDSA key fingerprint is SHA256:3xBkf83ah/FGRMunp7+7kxvfUpL3zezL3PKobnSO2ik.
ECDSA key fingerprint is MD5:76:99:d2:b9:45:78:45:c8:1d:eb:98:76:84:9b:6d:5d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@k8s-master-04's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'k8s-master-04'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'k8s-node-01 (192.168.198.132)' can't be established.
ECDSA key fingerprint is SHA256:3xBkf83ah/FGRMunp7+7kxvfUpL3zezL3PKobnSO2ik.
ECDSA key fingerprint is MD5:76:99:d2:b9:45:78:45:c8:1d:eb:98:76:84:9b:6d:5d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@k8s-node-01's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'k8s-node-01'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host 'k8s-node-02 (192.168.198.133)' can't be established.
ECDSA key fingerprint is SHA256:3xBkf83ah/FGRMunp7+7kxvfUpL3zezL3PKobnSO2ik.
ECDSA key fingerprint is MD5:76:99:d2:b9:45:78:45:c8:1d:eb:98:76:84:9b:6d:5d.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@k8s-node-02's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'k8s-node-02'"
and check to make sure that only the key(s) you wanted were added.
到其他服务器查看authorized_keys文件:
[root@k8s-master-03 .ssh]# pwd
/root/.ssh
[root@k8s-master-03 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCk7I8TiPKJppFfXZI0G8DODMuX5HyxIHlHvP4yVN2FPmXfAD3qk6kH1eUsTVEk3juc3fGKaDeMug7HrMtM9pWe8yURzd7rehq1gngZC7AxoirCtz/fUDmyMztngxulsZR1ci4rIUOJhCjv5tBqxXYdisI5w0R4f7bTJE0XenWAAa03/iKUg2lDFyCWVimvLR4MvJ2OOzZSsx0cDEfaC8znWQUpskeQke+E/eRQbt3Clb4bBy0q79CzEy0IwRqZ9inmXjhrKlWaX4YCFwgZNjzeKorFi1nfdfMZ0dZqldRd0+HDH3KxeBFQrb0I6ANPwAOYqZCUBOkcdMLvTAZH0OEB root@k8s-master-02
[root@k8s-master-03 .ssh]#
3. 验证
[root@k8s-master-02 .ssh]# ssh k8s-master-03
Last login: Tue Mar 21 21:19:36 2023 from 192.168.198.129
[root@k8s-master-03 ~]# exit
logout
Connection to k8s-master-03 closed.
[root@k8s-master-02 .ssh]#
浙公网安备 33010602011771号