服务器间通过ssh使用密钥对实现无密码登录

脚本如下：

#该脚本为生成SSH密码对
rm -rf .ssh
mkdir .ssh
echo "创建证书,默认回车即可"
ssh-keygen -t rsa
chmod 600 ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa.pub
chmod 644 ~/.ssh/known_hosts
chmod 755 ~/.ssh
chmod g-x ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
chmod o-x ~/.ssh/id_rsa ~/.ssh/id_rsa.pub
echo "创建远端服务器tt_ff@172.18.114.111的证书发布目录.输入密码"
ssh tt_ff@172.18.114.111 'mkdir .ssh'
echo "发布证书到服务器tt_ff@172.18.114.111.输入密码"
scp .ssh/id_rsa.pub tt_ff@172.18.114.111:~/.ssh/authorized_keys_1
echo "增加证书到服务器公共证书文件中.输入密码"
ssh tt_ff@172.18.114.111 'cat ~/.ssh/authorized_keys_1>>~/.ssh/authorized_keys'
echo "发布证书成功"

参考：
发信人: hutu (难得糊涂·霜林孤雁), 信区: UNIX
标题: 服务器间通过ssh使用密钥对实现无密码登录（转载）
发信站: 烟雨漓江BBS站 (Fri May 9 15:00:32 2008), 站内

From: yuhuohu@CU

关键词：ssh 密钥无密码登录信任关系

以下做法在solaris 10,redhat as 5.0上测试通过。

hosta和hostb都必须同步完成以下操作,以hosta为例
================================================================
1、创建密钥对
[root@hosta /]# who am i
root pts/1 2008-04-30 12:08 (172.16.10.220)
[root@hosta /]# cd ~/.ssh
[root@hosta .ssh]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
0a:13:25:19:a2:59:2c:b1:49:e6:62:90:57:07:e5:f7 root@hosta

passphrase(密钥保护) 保留为空，否则使用ssh时将要求输入passphrase(密钥保护)

2、发布公钥和获取公钥
[root@hosta .ssh]# scp id_dsa.pub hostb:/root/.ssh/hosta.key.pub
root@hostb's password:
id_dsa.pub 100% 600 0.6KB/s 00:00
[root@hosta .ssh]# scp hostb:/root/.ssh/id_dsa.pub /root/.ssh/hostb.key.pub
root@hostb's password:
id_dsa.pub 100% 600 0.6KB/s 00:00

3、对公钥授权
[root@hosta .ssh]# cat id_dsa.pub >>authorized_keys2
[root@hosta .ssh]# cat hostb.key.pub >>authorized_keys2
如果是ssh v1版本，比如solaris 9，就使用authorized_keys文件

4、使用密钥对登录
[root@hosta .ssh]# ssh hostb
Last login: Sun Apr 27 00:04:49 2008 from 172.16.10.220

已经不用输入密码lol

[root@hostb ~]# exit
logout
Connection to hostb closed.

5、查看日志
[root@hosta .ssh]# more /var/log/secure
Apr 27 10:26:47 hosta sshd[9309]: Accepted password for root from 172.16.10.220 port 239
5 ssh2
Apr 27 10:26:47 hosta sshd[9309]: pam_unix(sshd:session): session opened for user root b
y (uid=0)
Apr 27 10:41:51 hosta sshd[12195]: Accepted password for root from 172.16.10.220 port 24
08 ssh2
Apr 27 10:41:51 hosta sshd[12195]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 12:42:15 hosta sshd[3331]: pam_unix(sshd:session): session closed for user root
Apr 27 13:08:32 hosta sshd[26563]: Accepted password for root from 172.16.10.2 port 4324
7 ssh2
Apr 27 13:08:32 hosta sshd[26563]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:08:33 hosta sshd[26563]: pam_unix(sshd:session): session closed for user root
Apr 27 13:08:52 hosta sshd[26607]: Accepted password for root from 172.16.10.2 port 4324
8 ssh2
Apr 27 13:08:52 hosta sshd[26607]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:08:52 hosta sshd[26607]: pam_unix(sshd:session): session closed for user root
Apr 27 13:09:15 hosta sshd[26658]: Accepted password for root from 172.16.10.2 port 4324
9 ssh2
Apr 27 13:09:15 hosta sshd[26658]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:09:15 hosta sshd[26658]: pam_unix(sshd:session): session closed for user root
Apr 27 13:09:25 hosta sshd[26689]: Accepted password for root from 172.16.10.2 port 4325
0 ssh2
Apr 27 13:09:25 hosta sshd[26689]: pam_unix(sshd:session): session opened for user root
by (uid=0)
Apr 27 13:09:25 hosta sshd[26689]: pam_unix(sshd:session): session closed for user root
Apr 27 13:51:27 hosta sshd[29770]: Accepted password for root from 172.16.10.220 port 4248 ssh2
Apr 27 13:51:27 hosta sshd[29770]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 27 13:53:54 hosta sshd[29770]: pam_unix(sshd:session): session closed for user root
Apr 27 15:13:48 hosta sshd[9309]: pam_unix(sshd:session): session closed for user root
Apr 27 15:22:20 hosta sshd[12195]: pam_unix(sshd:session): session closed for user root
Apr 27 23:37:48 hosta sshd[7798]: Accepted password for root from 172.16.10.220 port 4948 ssh2
Apr 27 23:37:48 hosta sshd[7798]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 28 04:30:58 hosta sshd[7798]: pam_unix(sshd:session): session closed for user root
Apr 30 12:08:32 hosta sshd[15039]: Accepted password for root from 172.16.10.220 port 1637 ssh2
Apr 30 12:08:32 hosta sshd[15039]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 30 12:11:05 hosta useradd[15282]: new group: name=mysql, GID=503
Apr 30 12:11:05 hosta useradd[15282]: new user: name=mysql, UID=503, GID=503, home=/home/mysql, shell=/bin/bash
Apr 30 12:22:18 hosta sshd[16164]: Accepted password for root from 172.16.10.2 port 47224 ssh2
Apr 30 12:22:18 hosta sshd[16164]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 30 12:22:18 hosta sshd[16164]: pam_unix(sshd:session): session closed for user root

6、查看ssh的详细操作记录(ssh -v, scp -v or sftp -v ...)
[root@hosta .ssh]# scp -v /root/install.log hostb:/root
Executing: program /usr/bin/ssh host hostb, user (unspecified), command scp -v -t /root
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to hostb [172.16.10.2] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'hostb' is known and matches the RSA host key.
debug1: Found key in /root/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Unspecified GSS failure. Minor code may provide more information
No credentials cache found

debug1: Next authentication method: publickey
debug1: Trying private key: /root/.ssh/identity
debug1: Trying private key: /root/.ssh/id_rsa
debug1: Offering public key: /root/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = zh_CN.GB18030
debug1: Sending command: scp -v -t /root
Sending file modes: C0644 35582 install.log
Sink: C0644 35582 install.log
install.log 100% 35KB 34.8KB/s 00:00
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.2 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0

服务器间通过ssh使用密钥对实现无密码登录相关推荐

远程服务器的url怎么配置文件,Linux常用命令(5)--SSH访问远程服务器、SCP服务器间文件拷贝...
一.使用"ssh"命令,登录访问远程服务器 Linux是一个支持多用户操作的系统,在同一时刻允许多个用户同时访问系统,共享系统提供的服务.那么用户如何从不同的机器上访问同一台Lin ...
linux服务器无密码登录不了,设置ssh无密码登录linux服务器的方法
每次登录测试服务器,ssh登录总是需要输入密码.登录的少还行,登录的多了,多一行命令都是多余的. rsa认证登录方式制作密钥对在客户端(本地机器)终端下输入以下命令 ssh-keygen -t [ ...
linux主机之间使用密钥对无密码登录/SCP无密码拷贝服务器文件
一.使用密钥对无密码登录Linux服务器 1. 用ssh-keygen生成密钥对为了减少文件移动操作,建议在客户端操作. ssh-keygen -t rsa 建议不要输入密码passphrase, ...
linux集群无密码访问,Linux服务器集群通过SSH无密码登录
SSH 无密码授权访问slave集群机器 1. 安装SSH,所有集群机器,都要安装SSH 环境介绍: Master : CNT06BIG01 192.168.3.61 SLAVE 1: CNT06BI ...
登录文件传输服务器,生信小技巧之：在本地与服务器间快速传输文件，无密码登录远端服务器...
今天是五一节,首先祝各位粉丝节日快乐,虽然是假期,但是我们推文还是不会停,但相信大家都不愿意看太过难太过复杂的推文,没问题.今天和大家分享一些简单但很实用的干货,保证每个生信小白都会获益,嘿嘿嘿. 作 ...
修改密码后服务器断开连接,SSH无需密码登录服务器且保持连接不断开的方法
SSH无需密码登录服务器 Mac 无密码 SSH 登录服务器,只需要简单三步,不再需要记住账号密码,快速进入服务器测试H1 dfsdfsf 测试H2 dfsdfsf 测试H3 dfsdfsf 测试H ...
ssh无密码登录设置（centos6系统下实现）
如以下操作还不能实现无密码登录的效果.可以从.ssh目录的所有者和所属组,和authorized_keys权限这两点上进行思考. 主机信息:192.168.116.132(客户端A)和 192.168 ...
ubuntu ssh密钥_生成SSH密钥以在Ubuntu中进行无密码登录
ubuntu ssh密钥 SSH (Secure Shell) is a cryptographic network protocol which is used for establishing s ...
Linux下不同服务器间数据传输
因为工作原因,需要经常在不同的服务器见进行文件传输,特别是大文件的传输,因此对linux下不同服务器间数据传输命令和工具进行了研究和总结.主要是rcp,scp,rsync,ftp,sftp,lftp, ...

服务器间通过ssh使用密钥对实现无密码登录

服务器间通过ssh使用密钥对实现无密码登录相关推荐

最新文章

热门文章