ssh免密钥登录其它主机
首先要在本机上面生成密钥,一共有两个文件
加密类型有两种 rsa dsa
id_rsa 相当于生活中的 钥匙
id_rsa.pub 相当于生活中的 锁
[root@demo ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory ‘/root/.ssh‘. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: ae:5c:b6:af:c2:c6:95:86:f4:df:cd:f7:80:20:6f:b0 root@demo The key‘s randomart image is: +--[ RSA 2048]----+ | | | | | | | . | | . oS.. | | ..== . . | | o oE.o..o. | | .=+ o. . o..| | .o.oo. .o| +-----------------+
这里我们建议利用普通用户进行制作密钥对数据 然后再利用sudo 或者 su 来操作命令
相对会安全的多
我们把id_rsa.pub(锁)发送到其它的linux主机
[root@demo ~]# ssh-copy-id -i .ssh/id_rsa.pub root@172.16.30.10 The authenticity of host ‘172.16.30.10 (172.16.30.10)‘ can‘t be established. RSA key fingerprint is b7:1f:51:1f:7e:71:a9:fc:c6:c3:6d:cd:b8:1a:76:8e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ‘172.16.30.10‘ (RSA) to the list of known hosts. root@172.16.30.10‘s password: //输入远程主机的root密码 Now try logging into the machine, with "ssh ‘root@172.16.30.10‘", and check in: .ssh/authorized_keys 看到它 就说明发送成功了 to make sure we haven‘t added extra keys that you weren‘t expecting. [root@demo ~]#
完成上面两步之后 我们就可以进行远程登录linux主机了
[root@demo ~]# ssh -p 22 root@172.16.30.10 Last login: Sun Apr 17 11:31:06 2016 from 172.16.10.200 [root@oldboyLinux ~]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:3E:D0:64 inet addr:172.16.30.10 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe3e:d064/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13767 errors:0 dropped:0 overruns:0 frame:0 TX packets:5419 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5494833 (5.2 MiB) TX bytes:2068168 (1.9 MiB)
也可以执行远程主机的命令
[root@demo ~]# ssh -p 22 root@172.16.30.10 /sbin/ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0C:29:3E:D0:64 inet addr:172.16.30.10 Bcast:172.16.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe3e:d064/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13973 errors:0 dropped:0 overruns:0 frame:0 TX packets:5496 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:5517594 (5.2 MiB) TX bytes:2082557 (1.9 MiB)
原文地址:http://771541213.blog.51cto.com/10810853/1767461