需求:多台主机SSH免密登录,需要使用同一个密钥对
操作:
在Linux中,使用SSH密钥对来在多台主机之间配置免密登录。以下是配置步骤:
在你的本地机器上生成一个SSH密钥对。如果你已经有一个,你可以跳过这一步。在终端中运行以下命令:
bash
ssh-keygen -t rsa这将在你的~/.ssh目录下生成两个文件:id_rsa(私钥)和id_rsa.pub(公钥)。
将你的公钥复制到远程主机。你可以使用ssh-copy-id命令来完成这个任务。在终端中运行以下命令,
c
ssh-copy-id user@host将user和host替换为你的远程主机的用户名和主机名:
这将会把你的公钥添加到远程主机 的~/.ssh/authorized_keys文件中。
现在你应该可以免密登录到远程主机了。在终端中运行以下命令,将user和host替换为你的远程主机的用户名和主机名:
bash
ssh user@host如果你需要在多台主机之间配置免密登录,你可以重复第2步和第3步,为每台远程主机添加你的公钥。
注意:在进行这些操作时,请确保你有对远程主机的适当访问权限,并且你的SSH服务已经启动。
示例
先使用一台主机生成密钥对,如果root权限被禁止,请使用其他用户
c
jupiter@installerdev04:/home/hw$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/jupiter/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/jupiter/.ssh/id_rsa
Your public key has been saved in /home/jupiter/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:Y19G23GqT+Q/y957zuZPBtvkWirLxk6q0NJW/m9UJeg jupiter@installerdev04
The key's randomart image is:
+---[RSA 3072]----+
| . |
| . . .|
| .. ..o|
| .Eo +.|
| S . + =..|
| + = o +.* |
| o + o.o.+ *|
| + =+ooX+|
| ...o==*O&|
+----[SHA256]-----+
## 生成的在此用户的家目录
jupiter@installerdev04:/home/hw$ cd ~/.ssh/
jupiter@installerdev04:~/.ssh$ ls
authorized_keys id_rsa id_rsa.pub
## 这一步是为了同样可以连接这台主机
jupiter@installerdev04:~/.ssh$ cat authorized_keys
jupiter@installerdev04:~/.ssh$ cat id_rsa.pub > authorized_keys 将公钥进行分发,如果没有这个命令,可以手动进行操作,多台主机分别操作
bash
jupiter@installerdev04:~/.ssh$ ssh-copy-id jupiter@10.119.108.42
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/jupiter/.ssh/id_rsa.pub"
The authenticity of host '10.119.108.42 (10.119.108.42)' can't be established.
ED25519 key fingerprint is SHA256:1bu3kHrujNlvFXx2QEHvHSgMJeInfV3f9AFUBRP+iyE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
jupiter@10.119.108.42's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'jupiter@10.119.108.42'"
and check to make sure that only the key(s) you wanted were added.以上是基本操作,如果想要指定主机名还需要配置hosts
这样免密就配置好了,可以使用同一套密钥对进行连接
注意
如果需要授权
bash
chmod 700 /home/earth/.ssh/
chmod 600 /home/earth/.ssh/authorized_keys 如果配置sshd_config
bash
sudo vi /etc/ssh/sshd_config
约45行,取消注释,删除#
PubkeyAuthentication yes重启ssh
bash
sudo systemctl restart sshd如果用户为earth,scp目的地的所有组是其他或者root
bash
chown earth /data/cqap -R
scp -i config/id_rsa -o stricthostkeychecking=no ./cqap.tar earth@10.122.177.83:/data/cqap/code指定私钥进行授权
bash
scp -i id_rsa -o stricthostkeychecking=no ./cqap.tar qatest@10.122.168.25:/data/cloudqaplatform/code
ssh qatest@10.122.168.25 -i id_rsa "cd /data/cloudqaplatform && sudo sh ./deploy.sh"