关键词:SSH 免密登录 passwordless 快速配置 免密操作
SSH免密配置无论是在生产环境还是开发环境都是经常会用到的,本文不多讨论SSH协议诸多细节,聚焦在快速达到效果,SSH的免密配置通常有两种常见场景
A机器免密登陆B机器,需要把A机器的公钥(~/.ssh/id_rsa.pub
),放到B机器的信任文件里(~/.ssh/authorized_keys
)
下面分别看下,快速配置
1 在管理机器上执行
ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa; cat ~/.ssh/id_rsa.pub
cat << 'EOF' >> ~/.ssh/authorized_keys
# 这里面的内容是在管理机器上 cat ~/.ssh/id_rsa.pub 得到的
EOF
chmod 0600 ~/.ssh/authorized_keys
2 在其它需要免密登录的机器执行
mkdir -p ~/.ssh && chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys && chmod 0600 ~/.ssh/authorized_keys
cat << 'EOF' >> ~/.ssh/authorized_keys
# 这里面的内容是在管理机器上 cat ~/.ssh/id_rsa.pub 得到的
EOF
正确权限配置参考
[root@192-168-31-106 ~]# ls -l ~/.ssh/
total 16
-rw------- 1 root root 792 Dec 1 17:35 authorized_keys
-rw------- 1 root root 1675 May 25 2020 id_rsa
-rw-r--r-- 1 root root 392 May 25 2020 id_rsa.pub
-rw-r--r-- 1 root root 1427 Dec 1 17:39 known_hosts
[root@192-168-31-106 ~]# ls -ld ~/.ssh/
drwx------ 2 root root 80 May 25 2020 /root/.ssh/
修改 ~/.ssh/authorized_keys 权限为 0600
ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa; cat ~/.ssh/id_rsa.pub
cat << 'EOF' >> ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSWZvMuu9Rfbj+2/wqrIlPxnooxERvnTcqpaWOtwE5hesXfIMTWABWqWWVFz2CNOel3zz6cT/Dw5tnCfh/ZL1mKix5Ky2reN4bSCNbUAWk0GqdmscqDHWLaHmVtdqDsBTDrWufQS0Svg/yq8dQVcD+cBF8YN1aXjqaS8WIQ7ACTPBNDa5lfXWlTQxJAPzLrZs16mVvoOva9A9ww4dvR7+Zr4tSY4EablxU+B/2TiGCxS/ex2I9Uchn5NXnuOTkXHhdxhZJI/VN4kQC9msuynsLqqknW31l/bCHU9WKH4ecuuMEW0Nw2V8MW9SGNoe0vmu1XN3OH6Q7jArtc58Ys9mF root@dpcdh001
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA8JoqQ0mfvtLdhUOMGddGeAOl//PN4u6Tw4hBJ4uisz+rFVFs7vFUfNa42d0uZ40F7P+R0DJkptn7Nchx2MjH/p1TFUIYVp9NZn8aa4eHpSM0EY7GbOStmQTBShWoZf3gCYIclBX2WGaARvhnHqbqqOi3pgkOOs8LZDH20HgJaUItScouH+f6hESfo4EcV54LufWpsvF1qV9+uujCFFvRyOOb6thvGxaE1rrukOI/gfPpIaGmwbXnTn3ttfVMpXGuZJpZfKLH3nLugwITpL9RPnYWZ42Hl8Y3MWQYGr+frBUTGtvN9TFMn3tQnx1X1VKPDokcf26cQtkrEMUyIjL/ root@dpcdh002
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJtKWgS8AuKA2NieNAHCl+SWwIit7P0PoXu5EVBoigDJMaH3dErY9E9Km9hvRdHSNJR2W84xiol+uc9oRJB9sgVwQ3BelGFpOrpUxWMLdZmee7gzFOCnbEKQVrNG9EnKFBGtM0B++B7sYhYueg0l9t0y9zTSFuL/ibs4OUeuUtU9P5LIv5ghRIBnXwDBNLMfT6F0LS6HTBno4i8seP60xzpYSbCaEhCkUq2tkNfX2WvzvgIg55Yhtlbr0fNfvbeQpgZVSBsuYvFEpzQWDAW2VcLHmZIoWWgIOWvp/0t5SlrlXO+XpDuZnkMeDvgenJH8OrrUlx2MGLXGbG+zyPAz// root@dpcdh003
EOF
chmod 0600 ~/.ssh/authorized_keys
sed -i '/node/d' /etc/hosts
echo '192.168.1.1 node1' >> /etc/hosts
echo '192.168.1.2 node2' >> /etc/hosts
echo '192.168.1.3 node3' >> /etc/hosts
cat /etc/hosts
ssh -o StrictHostKeyChecking=no -o ConnectTimeout=3 192.168.31.100 echo hello1
ssh -o StrictHostKeyChecking=no -o ConnectTimeout=3 192.168.31.101 echo hello2
ssh -o StrictHostKeyChecking=no -o ConnectTimeout=3 192.168.31.102 echo hello3
csdn 110442383