ssh免密互信注意点

[root@pg07 ~]# vi /etc/ssh/sshd_config

#       $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

# If you want to change the port on a SELinux system, you have to tell
# SELinux about this change.
# semanage port -a -t ssh_port_t -p tcp #PORTNUMBER
#
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none
KexAlgorithms diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1

# Logging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
MaxSessions 100

PubkeyAuthentication yes

[root@pg07 ~]# systemctl restart sshd

[postgres@pg07 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/postgres/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/postgres/.ssh/id_rsa.
Your public key has been saved in /home/postgres/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3kc2PeLRl3TNnEsjxlnhYRihAOO6MPLJnWkyKwdrO0M postgres@pg07
The key's randomart image is:
+---[RSA 3072]----+
|       o..   o+=.|
|      . . . o.=o+|
|       .   . = *=|
|      .     .o+ =|
| . o .  S   * +o.|
| E+ = +. . + + o |
|. o* *  . . o    |
| * .=      .     |
|..*.             |
+----[SHA256]-----+

[postgres@pg07 ~]$ cat .ssh/id_*.pub |ssh postgres@pg08 'cat >> .ssh/authorized_keys'
postgres@pg08's password: 

[postgres@pg07 ~]$ ssh pg08 date
postgres@pg08's password: 提示需要密码

[postgres@pg07 ~]$ ll -al .ssh
total 16
drwx------ 2 postgres postgres   80 Sep 27 16:02 .
drwx------ 6 postgres postgres  192 Sep 27 15:28 ..
-rw-rw-r-- 1 postgres postgres  567 Sep 27 16:02 authorized_keys
-rw------- 1 postgres postgres 2602 Sep 27 15:57 id_rsa
-rw-r--r-- 1 postgres postgres  567 Sep 27 15:57 id_rsa.pub
-rw-r--r-- 1 postgres postgres  178 Sep 27 15:57 known_hosts
[postgres@pg07 ~]$ ll -al
total 161356
drwx------   6 postgres postgres       192 Sep 27 15:28 .
drwxr-xr-x. 14 root     root           189 May  6 18:12 ..
-rw-------   1 postgres postgres      5652 Sep 27 15:53 .bash_history
-rw-r--r--   1 postgres postgres        18 Aug  3  2017 .bash_logout
-rw-r--r--   1 postgres postgres       208 Jul  8 09:15 .bash_profile
-rw-r--r--   1 postgres postgres       231 Aug  3  2017 .bashrc
drwxrwxr-x   3 postgres postgres        18 Apr 13 14:24 .cache
drwxrwxr-x   3 postgres postgres        18 Apr 13 14:24 .config
-rw-------   1 postgres postgres 165181981 Sep 27 14:02 logfile
drwxr-xr-x   4 postgres postgres        39 Feb 21  2019 .mozilla
-rw-------   1 postgres postgres      9442 Sep  7 16:27 .psql_history
drwx------   2 postgres postgres        80 Sep 27 16:02 .ssh
-rw-rw-r--   1 postgres postgres      5598 Sep 27 15:25 .viminfo

目标节点：

[postgres@pg08 .ssh]$ chmod 600 authorized_keys 
[postgres@pg08 .ssh]$ ll -al
total 16
drwx------ 2 postgres postgres   80 Sep 27 16:02 .
drwx------ 6 postgres postgres  192 Sep 27 16:01 ..
-rw------- 1 postgres postgres  567 Sep 27 16:01 authorized_keys
-rw------- 1 postgres postgres 2602 Sep 27 16:02 id_rsa
-rw-r--r-- 1 postgres postgres  567 Sep 27 16:02 id_rsa.pub
-rw-r--r-- 1 postgres postgres  178 Sep 27 16:02 known_hosts

[postgres@pg07 ~]$ ssh pg08 date
Mon Sep 27 16:05:27 CST 2021  无需密码提示

[postgres@pg07 ~]$ cd .ssh
[postgres@pg07 .ssh]$ ls -al
total 16
drwx------ 2 postgres postgres   80 Sep 27 16:02 .
drwx------ 6 postgres postgres  192 Sep 27 15:28 ..
-rw-rw-r-- 1 postgres postgres  567 Sep 27 16:02 authorized_keys
-rw------- 1 postgres postgres 2602 Sep 27 15:57 id_rsa
-rw-r--r-- 1 postgres postgres  567 Sep 27 15:57 id_rsa.pub
-rw-r--r-- 1 postgres postgres  178 Sep 27 15:57 known_hosts
[postgres@pg07 .ssh]$ chmod 600 authorized_keys 
[postgres@pg07 .ssh]$ 

权限修改正确后，执行正常，如下无需密码提示：

[postgres@pg08 .ssh]$ ssh pg07 date
Mon Sep 27 16:05:50 CST 2021

相关参考：

配置好ssh互信还需要密码登录 - ^老中医^ - 博客园

最后

以上就是勤奋宝贝为你收集整理的ssh免密互信注意点的全部内容，希望文章能够帮你解决ssh免密互信注意点所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错，欢迎将靠谱客网站推荐给程序员好友。