詳解SSH如何配置key免密碼登錄

2024-09-01 13:51:15

字體：大中小

來源：轉載

供稿：網友

如何使用

直接指定ip然后-i 指定key文件，然后指定用戶

ssh 1.1.1.1 -i Test1 -l userxxx

不指定用戶實際上就是使用當前的本機登陸的用戶名去登陸遠端主機，比如本地用戶是AAA，那么：

ssh 1.1.1.1 -i Test1

等同于

ssh 1.1.1.1 -i Test1 -l AAA

這里要注意，生成的key是和一對用戶綁定的，生成key的用戶以及存儲這個key的公鑰的遠端主機的用戶。ssh的原理就是，公鑰給人家，自己留秘鑰，遠端主機的其他用戶也是無法看到這個指定的用戶的接受到的公鑰的，所以用戶是一對一的。

比如我在test-server 下面的azuo1228生成key，然后拷貝到遠端主機dest-server去使用，那么放在遠端主機的哪個用戶home目錄下面，對應的遠端主機的這個用戶才可以被無密碼登陸，并不等于對遠端主機的其他用戶也能免密碼登陸。

開始操作

1.生成key：

[azuo1228@test-server ~]$ ssh-keygen

這里一直敲回車就好

Generating public/private rsa key pair.Enter file in which to save the key (/home/azuo1228/.ssh/id_rsa):Created directory '/home/azuo1228/.ssh'.Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/azuo1228/.ssh/id_rsa.Your public key has been saved in /home/azuo1228/.ssh/id_rsa.pub.The key fingerprint is:d2:33:66:86:0a:b4:27:a9:86:92:24:ff:13:63:96:15 azuo1228@test-serverThe key's randomart image is:+--[ RSA 2048]----+|   || E  || . .  || . o .o  ||..= .oo S ||++ +*. = o ||=..o.o  ||o ..  || ..  |+-----------------+[azuo1228@test-server ~]$ cd .ssh/[azuo1228@test-server .ssh]$ dirid_rsa id_rsa.pub

查看生產結果

[azuo1228@test-server .ssh]$ lltotal 8-rw------- 1 azuo1228 administrator 1675 Dec 21 18:11 id_rsa-rw------- 1 azuo1228 administrator 403 Dec 21 18:11 id_rsa.pub[azuo1228@test-server .ssh]$ cat id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server

2.拷貝到遠端主機指定用戶的home下面

可以看到這次還是要輸密碼的

[azuo1228@test-server .ssh]$ scp id_rsa.pub azuo1228@10.148.167.106:/home/azuo1228Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.azuo1228@10.148.167.106's password:id_rsa.pub 100% 403 0.4KB/s 00:00

在此測試登錄 -- 需要密碼，還沒免密碼

[azuo1228@test-server .ssh]$ ssh azuo1228@10.148.167.106Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.azuo1228@10.148.167.106's password:Last login: Wed Dec 21 18:07:21 2016 from shang1lu4gnl.ads.autodesk.comAuthorized uses only. All activity may be monitored and reported.[azuo1228@dest-server ~]$

不存在.ssh的話需要創建

[azuo1228@dest-server ~]$ mkdir .ssh[azuo1228@dest-server ~]$ cd .ssh/[azuo1228@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server[azuo1228@dest-server .ssh]$ lltotal 4-rw-r--r-- 1 azuo1228 administrator 403 Dec 21 20:33 authorized_keys

需要權限為600

[azuo1228@dest-server .ssh]$ chmod 600 authorized_keys[azuo1228@test-server .ssh]$ ssh azuo1228@10.148.167.106Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.Last login: Wed Dec 21 20:32:08 2016 from c72Authorized uses only. All activity may be monitored and reported.[azuo1228@dest-server ~]$[azuo1228@dest-server ~]$[azuo1228@dest-server ~]$ exitlogoutConnection to 10.148.167.106 closed.

再次登陸，就已經免密了

[azuo1228@test-server .ssh]$ ssh 10.148.167.106Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.Last login: Wed Dec 21 20:33:34 2016 from c72Authorized uses only. All activity may be monitored and reported.

在嘗試登陸zhour用戶，依舊要密碼，可見免密過程是一對一的。

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhourAccess and Authorization to this server is controlled by Active Directory. Please login with your admin account.zhour@10.148.167.106's password:

拷貝公鑰到另一個用戶zhour

[azuo1228@test-server .ssh]$ scp id_rsa.pub zhour@10.148.167.106:/home/zhourAccess and Authorization to this server is controlled by Active Directory. Please login with your admin account.zhour@10.148.167.106's password:id_rsa.pub  100% 403 0.4KB/s 00:00

登陸依舊需要密碼

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhourAccess and Authorization to this server is controlled by Active Directory. Please login with your admin account.zhour@10.148.167.106's password:Last login: Wed Dec 21 17:55:32 2016 from shang1lu4gnl.ads.autodesk.comAuthorized uses only. All activity may be monitored and reported.

添加公鑰給zhour

[zhour@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keysssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server

這樣就免密了

[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhourAccess and Authorization to this server is controlled by Active Directory. Please login with your admin account.Last login: Wed Dec 21 20:34:49 2016 from c72Authorized uses only. All activity may be monitored and reported.

注意

需要注意兩點，如下：

免密之后，scp這種走ssh 通道的都會免密；

key拷貝到遠程主機的指定用戶home目錄下，最后，免輸入密碼的時候是遠端主機的指定用戶，非本地主機的用戶

總結

以上就是這篇文章的全部內容了，希望本文的內容對大家的學習或者工作能帶來一定的幫助，如果有疑問大家可以留言交流，謝謝大家對VEVB武林網的支持。

上一篇：Windows下安裝Redis及使用Python操作Redis的方法

下一篇：基于Docker的MongoDB實現授權訪問的方法