Linux实现免密登录的配置方法

需求描述：

192.168.31.10服务器的yunwei账号，想要免密登陆到192.168.31.15服务器上。

直接ssh root@192.168.31.15这样登陆，不用输入密码。

实现：

1、在10机器上，创建运维账号。[root@docker01 ~]# id yunwei 检查yunwei账号是否存在 id: yunwei: no such user [root@docker01 ~]# useradd yunwei 创建yunwei账号 [root@docker01 ~]# su – yunwei 切换到yunwei账号 [yunwei@docker01 ~]$ pwd /home/yunwei

2、在yunwei账号下创建密钥

[yunwei@docker01 ~]$ ssh-keygen 创建密钥，一路回车 Generating public/private rsa key pair. Enter file in which to save the key (/home/yunwei/.ssh/id_rsa): Created directory /home/yunwei/.ssh. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/yunwei/.ssh/id_rsa. Your public key has been saved in /home/yunwei/.ssh/id_rsa.pub. The key fingerprint is: SHA256:kLXaRvzgGOqF62RyGWKGUekspD39l0pudQBt1MQp3NU yunwei@docker01 The keys randomart image is: +—[RSA 2048]—-+ | .. +o=.o.. | | o. .+=.= E | |++ . +o=. | |oo= .o O.o | |..+.+.+ So. | | o o =o.+ . | | . Bo + . | | * + | | .. | +—-[SHA256]—–+ 检查密钥是否创建成功 [yunwei@docker01 ~]$ pwd /home/yunwei [yunwei@docker01 ~]$ ll -a total 12 drwx——. 5 yunwei yunwei 103 Mar 25 23:18 . drwxr-xr-x. 16 root root 177 Mar 25 23:17 .. -rw-r–r–. 1 yunwei yunwei 18 Mar 31 2020 .bash_logout -rw-r–r–. 1 yunwei yunwei 193 Mar 31 2020 .bash_profile -rw-r–r–. 1 yunwei yunwei 231 Mar 31 2020 .bashrc drwxrwxr-x. 3 yunwei yunwei 18 Mar 25 23:17 .cache drwxrwxr-x. 3 yunwei yunwei 18 Mar 25 23:17 .config drwx——. 2 yunwei yunwei 38 Mar 25 23:18 .ssh [yunwei@docker01 ~]$ cd .ssh/ [yunwei@docker01 .ssh]$ ls id_rsa id_rsa.pub

3、复制密钥到15服务器

[yunwei@docker01 .ssh]$ ssh-copy-id root@192.168.31.15 复制密钥到15机器 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/home/yunwei/.ssh/id_rsa.pub” The authenticity of host 192.168.31.15 (192.168.31.15) cant be established. ECDSA key fingerprint is SHA256:v3zhW/rvSt+T7QfAnIDIiHhbALRLNiLzl8Hg3TAZQCA. ECDSA key fingerprint is MD5:cf:b8:e1:f6:a5:61:60:f0:77:aa:f3:76:ab:d2:ce:9b. Are you sure you want to continue connecting (yes/no)? yes /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys root@192.168.31.15s password: Number of key(s) added: 1 Now try logging into the machine, with: “ssh root@192.168.31.15” and check to make sure that only the key(s) you wanted were added.

4、验证免密登陆

[yunwei@docker01 .ssh]$ ssh root@192.168.31.15 Last login: Sun Mar 26 11:21:02 2023 from 192.168.31.1

补充：优化密钥创建方式，免交互创建密钥

[yunwei@docker01 .ssh]$ ssh-keygen -P -f id_rsa 免交互方式，创建密钥 Generating public/private rsa key pair. Your identification has been saved in id_rsa. Your public key has been saved in id_rsa.pub. The key fingerprint is: SHA256:hXuSBtV1o1D1PfIyG/+iC1IFnZh8Q3NGf5eiuQ8IExQ yunwei@docker01 The keys randomart image is: +—[RSA 2048]—-+ | EoooB=+B | | .. .=o=* +o| | … ..o+ o*| | ..+ .o + +| | oS oo + . | | .o+. . * | | …o . . | | . .o . .| | o+ ..| +—-[SHA256]—–+ [yunwei@docker01 .ssh]$ ls id_rsa id_rsa.pub known_hosts

参数说明：

-t 指定要创建的密钥类型

dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | RSA

可能的值为“dsa”、“ecdsa”、“ecdsa-sk”、“ed25519”、“ed25519-sk”或“rsa”。

当使用 RSA CA 密钥签署证书时，此标志还可用于指定所需的签名类型。可用的 RSA 签名变体是“ssh-rsa”（SHA1 签名，不推荐）、“rsa-sha2-256”和“rsa-sha2-512”（默认值）

-P 密码

提供（旧）密码。

这里的密码，是密钥的密码，不是远程主机的密码，随便设置。但是，这就失去了免密登陆的意义。因为，设置了这个后，登陆远程主机时，就必须输入密钥密码。

所以，一般这个指指定为空即可。

-f 文件名

指定密钥文件的文件名

这里的文件名，必须指定为id_rsa，不然，把密钥推送到目标机器，依然无法实现免密登陆。

总结：

就三个命令

cd 进入当前账号家目录 ssh-keygen 连续三次回车 ssh-copy-id 192.168.31.15 复制公钥到hadoop104服务器，这样，就可以免密访问hadoop104服务器

这里用户账号省略，则使用当前账号进行免密登陆

比如，当前账号是test ssh-copy-id 192.168.31.15 等价与 ssh-copy-id test@192.168.31.15

实现的效果是，当前服务器的test账号可以免密登陆15服务器的test账号

参考资料：https://www.cnblogs.com/dirigent/p/16636545.html