station213 -> station220:
输入命令: ssh-keygen 一路回车。。
[root@station213 ~]# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists. Overwrite (y/n)?
生成文件: id_rsa id_rsa.pub
[root@station213 ~]# cd ~/.ssh/ [root@station213 .ssh]# ls id_rsa id_rsa.pub known_hosts
拷贝文件:id_rsa.pub 到目标机器 station220,并改名为:authorized_keys
[root@station213 .ssh]# scp id_rsa.pub 192.168.101.220:~/.ssh/authorized_keys
登录验证:没有提示输入密码,无密钥登录配置成功。
[root@station213 .ssh]# ssh 192.168.101.220 Last login: Fri Mar 22 11:18:25 2013 from 192.168.101.213 [root@station220 ~]#
双向无密钥配置同上。。。
举例如:station213 -> station220:
station220 -> station213:
station213 -> station220:
[root@station213 .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.101.220 10 Now try logging into the machine, with "ssh ‘root@192.168.101.220‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. [root@station213 .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.101.220 10 root@192.168.101.220‘s password: Now try logging into the machine, with "ssh ‘root@192.168.101.220‘", and check in: .ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting. [root@station213 .ssh]# ssh 192.168.101.220 Last login: Fri Mar 22 11:30:05 2013 from 192.168.101.213 [root@station220 ~]#
注意:以上设置还是提示密码登录,目标机还要修改下sshd_config
#秘钥登录设置
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
修改文件权限,增强安全性
chmod 700 /home/username/.ssh
chmod 600 /home/username/.ssh/*
重启sshd服务,就可以无密码登录了
时候一般是以下两种问题:1. ${HOME}、${HOME}/.ssh、${HOME}/.ssh/authorized_keys的权限不对,可以在/var/log/secure中查看。2. pub key 拷贝不对,如果在/var/log/secure中报error: key_read: uudecode *** failed,一般都是pub key拷贝不对,注意pub key是写在一行的,如果你用鼠标拷贝,容易拷成多行
本文出自 “BeingAWhole回忆积木小屋” 博客,请务必保留此出处http://shuaiding.blog.51cto.com/2335463/1651211
原文地址:http://shuaiding.blog.51cto.com/2335463/1651211
