【Linux】Linux服务器实现主机互信免密ssh通信

生成公钥私钥

[root@host-172-16-32-45 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mMx9swOgqJVe/nKoeq3KlLLdnac+NNl0zO9n6uAQwug root@host-172-16-32-45
The key's randomart image is:
+---[RSA 3072]----+
|
|
|
|
|
.
o
|
|
o * =. +
|
|
+ + B+S.o.
|
| +.+
+..+ o.
|
|oo..Eo .. +.
|
|+o..+oo..o o. o
|
|+=+o.+*+
..o+
|
+----[SHA256]-----+

派发公钥（包括本机互信）

[root@host-172-16-32-45 ~]$ for id in {35,37,38,43,44,45}; do ssh-copy-id -i .ssh/id_rsa.pub root@172.16.32.$id; done
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '172.16.32.35 (172.16.32.35)' can't be established.
ECDSA key fingerprint is SHA256:+57Uc/8xO9x32Ixatmcuk8rZXY5IJSJFFP9CKboWQ7k.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.32.35's password:
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh 'root@172.16.32.35'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '172.16.32.37 (172.16.32.37)' can't be established.
ECDSA key fingerprint is SHA256:+57Uc/8xO9x32Ixatmcuk8rZXY5IJSJFFP9CKboWQ7k.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.32.37's password:
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh 'root@172.16.32.37'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '172.16.32.38 (172.16.32.38)' can't be established.
ECDSA key fingerprint is SHA256:+57Uc/8xO9x32Ixatmcuk8rZXY5IJSJFFP9CKboWQ7k.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.32.38's password:
Received disconnect from 172.16.32.38 port 22:2: Too many authentication failures
Disconnected from 172.16.32.38 port 22
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '172.16.32.43 (172.16.32.43)' can't be established.
ECDSA key fingerprint is SHA256:+57Uc/8xO9x32Ixatmcuk8rZXY5IJSJFFP9CKboWQ7k.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.32.43's password:
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh 'root@172.16.32.43'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '172.16.32.44 (172.16.32.44)' can't be established.
ECDSA key fingerprint is SHA256:+57Uc/8xO9x32Ixatmcuk8rZXY5IJSJFFP9CKboWQ7k.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.32.44's password:
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh 'root@172.16.32.44'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '172.16.32.45 (172.16.32.45)' can't be established.
ECDSA key fingerprint is SHA256:+57Uc/8xO9x32Ixatmcuk8rZXY5IJSJFFP9CKboWQ7k.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.32.45's password:
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh 'root@172.16.32.45'"
and check to make sure that only the key(s) you wanted were added.

多主机免密登录派发公钥（包括本机互信）

在主机数量少的情况下，每次输入密码感觉还是可以接受的。但一旦主机数量在以数量级增加后，这种方法就显得不实际了。此时要借助Linux中的sshpass工具。

#安装sshpass工具
[root@host-172-16-32-38 ~]$ yum install -y sshpass
#设定好初始登录密码，借助工具进行公钥派发
[root@host-172-16-32-38 ~]# for id in {35,37,38,43,44,45};do sshpass -p "Digitalgd@123" ssh-copy-id -o StrictHostKeyChecking=no root@172.16.32.$id; done
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' 'root@172.16.32.35'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' 'root@172.16.32.37'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' 'root@172.16.32.38'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' 'root@172.16.32.43'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' 'root@172.16.32.44'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh -o 'StrictHostKeyChecking=no' 'root@172.16.32.45'"
and check to make sure that only the key(s) you wanted were added.

最后

以上就是雪白小蜜蜂为你收集整理的【Linux】Linux服务器实现主机互信免密ssh通信的全部内容，希望文章能够帮你解决【Linux】Linux服务器实现主机互信免密ssh通信所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错，欢迎将靠谱客网站推荐给程序员好友。