项目：ssh免密远程登录搭建（一）

--------------------------------------------------超级用户下，交互式ssh免密登录------------------------------------

环境介绍：

             主机1：ip 192.168.200.142

             主机2：ip 192.168.200.158

用户要求：主机一 对 主机二 进行免密登录。

命        令：ssh scp ,     需要安装包：openssh-clients

免密过程：

（1）ssh-keygen -t rsa （主机1上操作）

 命令解析：用来生成秘钥对。

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
70:58:3f:09:6d:bb:2c:ea:f9:78:2b:05:7a:92:1d:3d root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| o. |
| o oo. |
| o...+. |
| ooE .. |
| + oSo . |
| + o o o |
| o o . |
| oo. |
| .++o. |
+-----------------+

（2）ssh-copy-id -i  ~/.ssh/id_rsa.pub 192.168.200.158     （主机1上操作）

 命令解析： 用ssh-copy-id将公钥复制到远程机器中，ssh-copy-id 将key写到远程机器的 ~/ .ssh/authorized_key.文件中

[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.200.158
The authenticity of host '192.168.200.158 (192.168.200.158)' can't be established.
RSA key fingerprint is f0:4c:31:b9:a6:3c:bc:d8:9b:05:77:62:22:9b:7e:0a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.200.158' (RSA) to the list of known hosts.
root@192.168.200.158's password:
Now try logging into the machine, with "ssh '192.168.200.158'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

 

 （3） ssh 192.168.200.158      （主机1上操作）

ssh 192.168.200.158
Last login: Sat Oct 27 05:34:11 2018 from 192.168.200.1

 

特别注意权限问题：

--------------------------------------主机1 -------------------------------------------------------

 

------------------------------------主机2 -------------------------------------------------------------------------

 

 

 

--------------------------------------------------普通用户下，交互式ssh免密登录------------------------------------

环境介绍：

             主机1：ip 192.168.200.142

             主机2：ip 192.168.200.158        （普通用户：yunjisuan       密码：654321  ）

用户要求：主机一 对 主机二 进行免密登录。

命        令：ssh scp ,     需要安装包：openssh-clients

免密过程：

 （1）ssh-keygen -t rsa -P " "       // 或者    ssh-keygen -t rsa      （主机1上操作）

[root@localhost ~]# ssh-keygen -t rsa -P ""
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
39:28:37:2e:63:e3:20:fe:7a:1b:98:81:c1:a4:e6:83 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| . |
|+ |
|oo |
|=. . . |
|E+ . + S |
| = + . . |
|.o..= . |
|.. =.+ |
| o+oo |
+-----------------+

（2）ssh-copy-id -i  ~/.ssh/id_rsa.pub yunjisuan@192.168.200.158     （主机1上操作）

[root@localhost ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub yunjisuan@192.168.200.158
The authenticity of host '192.168.200.158 (192.168.200.158)' can't be established.
RSA key fingerprint is f0:4c:31:b9:a6:3c:bc:d8:9b:05:77:62:22:9b:7e:0a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.200.158' (RSA) to the list of known hosts.
yunjisuan@192.168.200.158's password:
Now try logging into the machine, with "ssh 'yunjisuan@192.168.200.158'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

 

（3） ssh yunjisuan@192.168.200.158  （主机1上操作）

[root@localhost ~]# ssh yunjisuan@192.168.200.158
[yunjisuan@localhost ~]$ whami
-bash: whami: command not found
[yunjisuan@localhost ~]$ whoami
yunjisuan
[yunjisuan@localhost ~]$ hostname -I
192.168.200.158

 

  

 

----------------------------------------------ssh 超级用户的 免交互全程免密码远程登录----------------------------------------------------

 （1）ssh-keygen -t dsa -f ~/.ssh/id_dsa -P " "

[root@localhost ~]# ssh-keygen -t dsa -f ~/.ssh/id_dsa -P ""
Generating public/private dsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
eb:56:89:48:ef:fc:13:5e:af:d1:c4:66:3c:63:99:f5 root@localhost.localdomain
The key's randomart image is:
+--[ DSA 1024]----+
| |
| |
| .|
| . o +.|
| . oS. . % E|
| . o.+ .* o |
| o.o o... |
| .+ o .. |
| ....... |
+-----------------+

（2）sshpass -p "123123" ssh-copy-id -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@192.168.200.157"

[root@localhost ~]# sshpass -p "123123" ssh-copy-id -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no root@192.168.200.157"
Now try logging into the machine, with "ssh '-o StrictHostKeyChecking=no root@192.168.200.133'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

 

--------------------------------------------------普通用户下，全程免交互式ssh免密登录------------------------------------

环境介绍：

             主机1：ip 192.168.200.142

             主机2：ip 192.168.200.133     用户：haha   密码：987654

用户要求：主机一 对 主机二 进行免密登录。

命        令：ssh scp ,     需要安装包：openssh-clients

免密过程：

   （1）ssh-keygen -t dsa -f ~/.ssh/id_dsa -P " "

   （2）sshpass -p "987654" ssh-copy-id -i ~/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no wei@192.168.200.133"