说明:本演示环境是居于CentOS的
准备
两台机器:192.168.1.218/192.168.1.219
SSH为默认22端口的情况下设置
在没有设置之前,每次登陆都是要询问并且需要输入密码
复制代码
1
2
3
4
5
6
7
8[root@data-01 ~]# ssh 192.168.1.219 The authenticity of host '192.168.1.219 (192.168.1.219)' can't be established. RSA key fingerprint is 19:62:90:98:e0:6a:9a:5d:64:05:ff:60:e1:7b:ec:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.219' (RSA) to the list of known hosts. root@192.168.1.219's password: Last login: Thu Oct 18 11:13:16 2018 from 192.168.1.66 [root@data-02 ~]#
使用ssh-keygen命令,这个是在默认端口情况下不需要拷贝操作的方式
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37[root@data-01 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 7d:1c:e4:45:4e:f5:24:a5:e2:fb:3b:4d:ff:93:c2:ce root@data-02 The key's randomart image is: +--[ RSA 2048]----+ | ..=o+| | o + +.| | + o .| | . o o | | S . + | | . . .| | o oo| | .+.oo| | .E+o+| +-----------------+ [root@data-01 ~]# ssh-copy-id 192.168.1.219 The authenticity of host '192.168.1.219 (192.168.1.219)' can't be established. RSA key fingerprint is 19:62:90:98:e0:6a:9a:5d:64:05:ff:60:e1:7b:ec:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.219' (RSA) to the list of known hosts. root@192.168.1.219's password: Permission denied, please try again. root@192.168.1.219's password: Now try logging into the machine, with "ssh '192.168.1.219'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [root@data-01 ~]# ssh 192.168.1.219 Last login: Thu Oct 18 11:14:46 2018 from data-01
这时候就可以通过直接的ssh连接无需密码,建立完后可以在 ~/.ssh/目录下看到两个文件authorized_keys和authorized_keys
SSH为非默认端口的情况下设置
在很多情况下安全起见会禁止使用默认22远程登录,比如以下使用1122端口进行远程登录(如何更改登录端口这里暂不说明),同时使用另外建立的用户来进行测试
复制代码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36[appl@data-01 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/appl/.ssh/id_rsa): Created directory '/home/appl/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/appl/.ssh/id_rsa. Your public key has been saved in /home/appl/.ssh/id_rsa.pub. The key fingerprint is: 37:a0:1a:ec:5d:04:40:5a:f7:64:08:40:38:b1:4a:ad appl@data-02 The key's randomart image is: +--[ RSA 2048]----+ |.+oo=oo.o | |o..o ..= | |.o.. + | |o .. o . | |.E o . S o | | . + . . . | | o . | | | | | +-----------------+ [appl@data-01 ~]$ ssh-copy-id -p 1122 appl@192.168.1.219" The authenticity of host '[192.168.1.219]:1122 ([192.168.1.219]:1122)' can't be established. RSA key fingerprint is ca:e1:11:ce:d8:41:1a:85:d6:a1:02:05:b7:65:c7:57. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[192.168.1.219]:1122' (RSA) to the list of known hosts. appl@192.168.1.219's password: Now try logging into the machine, with "ssh '-p 1122 appl@192.168.1.219'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [appl@data-01 ~]$ ssh -p 1122 192.168.1.219 Last login: Thu Oct 18 11:16:40 2018 from data-01
ssh-keygen说明
ssh-keygen用于为“ssh”生成、管理和转换认证密钥,它支持RSA和DSA两种认证密钥.
ssh-keygen(选项)
-b:指定密钥长度;
-e:读取openssh的私钥或者公钥文件;
-C:添加注释;
-f:指定用来保存密钥的文件名;
-i:读取未加密的ssh-v2兼容的私钥/公钥文件,然后在标准输出设备上显示openssh兼容的私钥/公钥;
-l:显示公钥文件的指纹数据;
-N:提供一个新密语;
-P:提供(旧)密语;
-q:静默模式;
-t:指定要创建的密钥类型。
最后
以上就是坦率哈密瓜最近收集整理的关于Linux免密登录设置(22端口和非默认端口)的全部内容,更多相关Linux免密登录设置(22端口和非默认端口)内容请搜索靠谱客的其他文章。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
![xshell无法ping通linux,[Linux]Xshell连接Centos7能Ping通但无法连接问题[ssh(d)+firewall(d)]...](/uploads/reation/bcimg5.png)
发表评论 取消回复