前言:
为了保证Linux 主机的安全,我们在登录每台主机时都设置了非常繁琐的密码来进行登录,但是有时因工作需要,还需要设置SSH免密登录。
以下为详细配置过程:
一、前期准备工作
两台服务器 A和B ,其中
A服务器的ip 地址为192.168.10.155 【静态ip】
B服务器的ip地址为192.168.10.154【静态ip】
二、服务器环境
A服务器系统环境如下:
[root@Backup1 data]#
[root@Backup1 data]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@Backup1 data]#
[root@Backup1 data]# uname -r
3.10.0-327.el7.x86_64
[root@Backup1 data]#
[root@Backup1 data]# uname -a
Linux Backup1 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@Backup1 data]#
[root@Backup1 data]# uname -m
x86_64
[root@Backup1 data]# B服务器系统环境如下:
[root@Backup2 ~]#
[root@Backup2 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@Backup2 ~]#
[root@Backup2 ~]# uname -a
Linux Backup2 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@Backup2 ~]#
[root@Backup2 ~]# uname -r
3.10.0-327.el7.x86_64
[root@Backup2 ~]#
[root@Backup2 ~]# uname -m
x86_64三、开始配置
1、在每台服务器上配置hosts 文件,具体操作如下:
A服务器【ip :192.168.10.155】
[root@Backup1 data]# vim /etc/hosts
#在其中添加A 服务器和B服务器 的IP 和对应的域名
192.168.10.154 Backup2
192.168.10.155 Backup1然后 :wq!保存退出
B服务器【ip:192.168.10.154】:
[root@Backup2 ~]#
[root@Backup2 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.154 Backup2
192.168.10.155 Backup1然后:wq!保存退出
2、配置免密登录,具体操作如下:
A服务器配置:
[root@Backup1 data]#
[root@Backup1 data]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 《==路径确认,直接回车保存默认路径即可
Enter passphrase (empty for no passphrase): 《==直接回车,我们不使用密码进行登陆,用密码太麻烦
Enter same passphrase again: 《==在次要求输入密码 我们直接回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
。。。
The key's randomart image is:
+--[ RSA 2048]----+
| |
| . . |
| + . o |
| o . + . |
| S + = + o|
| o = E =.|
| o o o oo |
| . .o .|
| .+. |
+-----------------+
[root@Backup1 data]#
[root@Backup2 /]# cd ~
[root@Backup2 ~]# cd .ssh
[root@Backup2 .ssh]# ll
total 16
-rw------- 1 root root 791 Nov 2 03:38 authorized_keys
-rw------- 1 root root 1679 Nov 2 06:23 id_rsa
-rw-r--r-- 1 root root 394 Nov 2 06:23 id_rsa.pub
-rw-r--r-- 1 root root 966 Sep 9 08:40 known_hosts
[root@Backup2 .ssh]# 3、复制公钥到其他服务器【B服务器】
[root@Backup1 data]#
[root@Backup1 data]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.10.154
The authenticity of host '192.168.10.154 (192.168.10.154)' can't be established.
。。。
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.10.154's password:
Permission denied, please try again.
root@192.168.10.154's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.10.154'"
and check to make sure that only the key(s) you wanted were added.
[root@Backup1 data]# 注意,在复制过程中会提示输入密码【192.168.10.154服务器的】
4、复制完成,免密登录配置完成
四、测试
1、我们在A服务器上 通过ssh 登录到B服务器,具体操作如下:
[root@Backup1 data]# ip addr | grep enp3s0
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.10.155/24 brd 192.168.10.255 scope global enp3s0
[root@Backup1 data]#
[root@Backup1 data]# ssh 192.168.10.154
Last login: Mon Nov 2 03:43:25 2020 from backup1
[root@Backup2 ~]#
[root@Backup2 ~]# ip addr
2:。。。_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
。。。
inet 192.168.10.154/24 brd 192.168.10.255 scope global ens33
。。。
[root@Backup2 ~]# 2、通过主机名免密登录
[root@Backup1 data]# ssh Backup2
Last login: Mon Nov 2 04:09:04 2020 from backup1扩展知识:
双向免密:
如果是双线免密,除了上述操作外,还需要在B服务器上做相同的操作,然后将B服务器上的公钥 复制到A服务器上,即可。
我是 肥肥运维 码字不易,如果觉得本文能够帮到你,请 关注 点赞 收藏,也许以后能用得到,谢谢。
文:@肥肥运维关注我,定期分享 网络,系统等技术干货 。
本文暂时没有评论,来添加一个吧(●'◡'●)