您的足迹:首页 > linux知识 >多台Linux服务器之间互相免密登陆,脚本同步免密

多台Linux服务器之间互相免密登陆,脚本同步免密

多台Linux服务器之间互相免密登陆,脚本同步免密
环境:
三台Linux 服务器????
?IP????????????????????????? Release??????????????????????????? Hostname??????????????????????????????????????????

192.168.200.131????????????? centos7??????????????????????????? api1

192.168.200.130????????????? centos7??????????????????????????? api2

192.168.200.136????????????? centos7??????????????????????????? api3

配置api1无密码连接api2和api3:

[root@api1 ~]# ssh-keygen -t rsa 
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): ##回车代表无需密码登陆
Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): ##回车
Enter same passphrase again:  ##回车
Your identification has been saved in /root/.ssh/id_rsa.    ##私钥
Your public key has been saved in /root/.ssh/id_rsa.pub. ##公钥
The key fingerprint is:
SHA256:FGrYUe6qiaKaRXz4sp/HLWJJvDeUsGaV+++EKe9fKwc root@api1复制
复制api1的公钥到api2:


[root@api1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.200.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.200.130's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.200.130'"
and check to make sure that only the key(s) you wanted were added.


在服务器的/root目录下就是出现 .ssh文件夹,下面是对应的authorized_keys文件。

[root@api2 .ssh]# cd /root/.ssh/
[root@api2 .ssh]# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCu0Zd4U031Bh4GVSl6EaHTIRGqeOQ+NGVZBoyuFjEE9S8XccZzA07Y15xwqy9t6bwxNte8QqegDZ64G/OnnzJvvq3HZK/jT46+IgkgtoVg5x5hTStAJz4uOOezydCZOy/DHgK6c9o8ys/lk1QTnxYf/xgnyWakXWCt/UwstGfx9lbxQb4ZsNOTw01U1eO228nczhUOIcORGgVTqaO0HrFz9ueWOHFuuipcdKxGlkEMQ0P/cOX+3FoJb4yVSRik1sfk3Qo+liSftesPjx4ZiXLxHFCnzcL7ubU2v5tHozJTUZDRU5E6IpSjSA7tofn/mthWJv0VLnLChIjH8bmwuBYn root@iZ2zeigu1bbi645u8lt83sZ
[root@api2 .ssh]# 


在api1上ssh到api2,这样就能实现无密码访问了,api3同api2复制即可;

在api1机器上访问api2用ssh即可:ssh api

拓展:ssh-keygen 基本用法
ssh-keygen命令用于为"ssh"生成、管理和转换认证密钥,它支持RSA和DSA两种认证密钥.
ssh-keygen(选项)

-b:指定密钥长度; 
-e:读取openssh的私钥或者公钥文件; 
-C:添加注释; 
-f:指定用来保存密钥的文件名; 
-i:读取未加密的ssh-v2兼容的私钥/公钥文件,然后在标准输出设备上显示openssh兼容的私钥/公钥; 
-l:显示公钥文件的指纹数据; 
-N:提供一个新密语; 
-P:提供(旧)密语;
-q:静默模式; 
-t:指定要创建的密钥类型。

生成ssh key的时候,可以通过 -f 选项指定生成文件的文件名,如下:
ssh-keygen -f test   -C "test key"
               ~~文件名   ~~~~ 备注


输入完后,会提示输入密码和确认密码。
文件最终会保存在当前目录下。


注意事项:

1、文件和目录的权限千万别设置成chmod 777.这个权限太大了,不安全,数字签名也不支持,一般设置成600即可;
2、生成的rsa/dsa签名的公钥是给对方机器使用的。这个公钥内容还要拷贝到authorized_keys
3、linux之间的访问直接 ssh 机器ip
4、某个机器生成自己的RSA或者DSA的数字签名,将公钥给目标机器,然后目标机器接收后设定相关权限(公钥和authorized_keys权限),这个目标机就能被生成数字签名的机器无密码访问了

相关推荐

网友评论(0)