概述
说明:本演示环境是居于CentOS的 使用ssh-keygen命令,这个是在默认端口情况下不需要拷贝操作的方式 这时候就可以通过直接的ssh连接无需密码,建立完后可以在 ~/.ssh/目录下看到两个文件authorized_keys和authorized_keys SSH为非默认端口的情况下设置 ssh-keygen说明 ssh-keygen(选项)
准备
两台机器:192.168.1.218/192.168.1.219
SSH为默认22端口的情况下设置
在没有设置之前,每次登陆都是要询问并且需要输入密码[root@data-01 ~]# ssh 192.168.1.219
The authenticity of host '192.168.1.219 (192.168.1.219)' can't be established.
RSA key fingerprint is 19:62:90:98:e0:6a:9a:5d:64:05:ff:60:e1:7b:ec:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.219' (RSA) to the list of known hosts.
root@192.168.1.219's password:
Last login: Thu Oct 18 11:13:16 2018 from 192.168.1.66
[root@data-02 ~]#[root@data-01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7d:1c:e4:45:4e:f5:24:a5:e2:fb:3b:4d:ff:93:c2:ce root@data-02
The key's randomart image is:
+--[ RSA 2048]----+
| ..=o+|
| o + +.|
| + o .|
| . o o |
| S . + |
| . . .|
| o oo|
| .+.oo|
| .E+o+|
+-----------------+
[root@data-01 ~]# ssh-copy-id 192.168.1.219
The authenticity of host '192.168.1.219 (192.168.1.219)' can't be established.
RSA key fingerprint is 19:62:90:98:e0:6a:9a:5d:64:05:ff:60:e1:7b:ec:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.219' (RSA) to the list of known hosts.
root@192.168.1.219's password:
Permission denied, please try again.
root@192.168.1.219's password:
Now try logging into the machine, with "ssh '192.168.1.219'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@data-01 ~]# ssh 192.168.1.219
Last login: Thu Oct 18 11:14:46 2018 from data-01
在很多情况下安全起见会禁止使用默认22远程登录,比如以下使用1122端口进行远程登录(如何更改登录端口这里暂不说明),同时使用另外建立的用户来进行测试[appl@data-01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/appl/.ssh/id_rsa):
Created directory '/home/appl/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/appl/.ssh/id_rsa.
Your public key has been saved in /home/appl/.ssh/id_rsa.pub.
The key fingerprint is:
37:a0:1a:ec:5d:04:40:5a:f7:64:08:40:38:b1:4a:ad appl@data-02
The key's randomart image is:
+--[ RSA 2048]----+
|.+oo=oo.o |
|o..o ..= |
|.o.. + |
|o .. o . |
|.E o . S o |
| . + . . . |
| o . |
| |
| |
+-----------------+
[appl@data-01 ~]$ ssh-copy-id -p 1122 appl@192.168.1.219"
The authenticity of host '[192.168.1.219]:1122 ([192.168.1.219]:1122)' can't be established.
RSA key fingerprint is ca:e1:11:ce:d8:41:1a:85:d6:a1:02:05:b7:65:c7:57.
Are you sure you want to continue
connecting (yes/no)? yes
Warning: Permanently added '[192.168.1.219]:1122' (RSA) to the list of known hosts.
appl@192.168.1.219's password:
Now try logging into the machine, with "ssh '-p 1122 appl@192.168.1.219'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[appl@data-01 ~]$ ssh -p 1122 192.168.1.219
Last login: Thu Oct 18 11:16:40 2018 from data-01
ssh-keygen用于为“ssh”生成、管理和转换认证密钥,它支持RSA和DSA两种认证密钥.
-b:指定密钥长度;
-e:读取openssh的私钥或者公钥文件;
-C:添加注释;
-f:指定用来保存密钥的文件名;
-i:读取未加密的ssh-v2兼容的私钥/公钥文件,然后在标准输出设备上显示openssh兼容的私钥/公钥;
-l:显示公钥文件的指纹数据;
-N:提供一个新密语;
-P:提供(旧)密语;
-q:静默模式;
-t:指定要创建的密钥类型。
最后
以上就是坦率哈密瓜为你收集整理的Linux免密登录设置(22端口和非默认端口)的全部内容,希望文章能够帮你解决Linux免密登录设置(22端口和非默认端口)所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
![xshell无法ping通linux,[Linux]Xshell连接Centos7能Ping通但无法连接问题[ssh(d)+firewall(d)]...](/uploads/reation/bcimg5.png)
发表评论 取消回复