linux下跳板机跟客户端之间无密码登陆

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了linux下跳板机跟客户端之间无密码登陆相关的知识,希望对你有一定的参考价值。

 

创建证书:

[[email protected] src]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory /root/.ssh.
Enter passphrase (empty for no passphrase): #这里设入密码123456
Enter same passphrase again: #再次输入密码123456
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
90:e2:92:f5:73:09:46:d1:30:74:98:68:e1:38:bd:c5 [email protected]
The keys randomart image is:
+--[ RSA 2048]----+
|    .+**.        |
|   +ooo+.        |
|  o.= E          |
|   = * o .       |
|  o o o S        |
|   .   o         |
|                 |
|                 |
|                 |
+-----------------+

这一步里,系统将自动生成一个公钥(public key)并保存在/home/root/.ssh/id_rsa.pub这个文件里。

[[email protected] src]# ls /root/.ssh/id_rsa.pub 
/root/.ssh/id_rsa.pub

看一下里面的内容:

[[email protected] src]# cat /root/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== [email protected]

我们把公钥(public key)复制到远程机器上面去:

[[email protected] src]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]192.168.1.12
The authenticity of host 192.168.1.12 (192.168.1.12) cant be established.
RSA key fingerprint is 5e:5b:d3:54:cd:99:74:40:a1:45:f2:ed:9c:ac:97:57.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 192.168.1.12 (RSA) to the list of known hosts.
[email protected]192.168.1.12s password: #输入192.168.1.12的登录密码
Now try logging into the machine, with "ssh ‘[email protected]", and check in:

  .ssh/authorized_keys

to make sure we havent added extra keys that you werent expecting.

注意ssh-copy-id将key写到远程机器的~/.ssh/authorized_key文件中:

[[email protected] ~]# ls ~/.ssh/authorized_keys 
/root/.ssh/authorized_keys
[[email protected] ~]# cat ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEApcgmdimrk/4Jios2x4lhOuRuP2LWcAcydTOicDqIyRo8jMgH0X8om5nXU/rYan+nZN/9CNsy7OvpRWUDIiaDA3vPluAfdRZjS9mmaDhz4XrvhLU5NLCzCg30oOJj7dHTNSfx5T5cdpIY5fQqAnvDotCxeNXe5L7qf8pW8GQvhl3tjr3NMvQrTHle0MJ3OIn6sW6tH8Szc0T1Ctsny6wQqqrwd+DG+5PW27feM9pPNoKsLKxS8jBM3pYcXbgmlPD0OqCIMl7Up26ELQEfdddj2A1zdJFSXd4bji+I9CTwx2Rqb+d3K0JUs9l12KLDK6vSf4IpUi0ju+/800Fejawhbw== [email protected]

登录远程机器192.168.1.12就不需要密码了。

[[email protected] src]# ssh 192.168.1.12
Enter passphrase for key /root/.ssh/id_rsa: #输入刚才生成公钥的时候,设的密码123456如果当时没设的话就是空!!!
Last login: Sun Sep 11 16:32:41 2016 from 192.168.1.103

=============================================================================

上面的测试还没真正实现无密码登录,下面从新做一边:

删除上面生成的公钥和远程机上的私钥:

[email protected] .ssh]# ls
id_rsa  id_rsa.pub  known_hosts
[[email protected] .ssh]# rm id_rsa
rm: remove regular file `id_rsa? y
删除远程机上的私钥:
[[email protected] .ssh]# ls
authorized_keys  known_hosts  known_hosts.bak
[[email protected] .ssh]# rm authorized_keys 
rm: remove regular file `authorized_keys? y

重新生成公钥:

[[email protected] .ssh]# rm id_rsa
rm: remove regular file `id_rsa? y
[[email protected] .ssh]# cd
[[email protected] ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): #这里是空的话,就真正实现了,无需输入密码,登录远程主机
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c9:fe:64:6a:7c:e1:2a:ba:aa:6e:2c:f0:ee:83:7d:af [email protected]
The keys randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|       . .       |
|        S        |
|.      .  .      |
|o+     ...o.     |
|oo+ . . o=o      |
|==++E=.ooo.      |
+-----------------+
[[email protected] ~]# ls ~/.ssh/
id_rsa       id_rsa.pub   known_hosts  
[[email protected] ~]# ls ~/.ssh/id_rsa
/root/.ssh/id_rsa
[[email protected] ~]# cat ~/.ssh/id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEoQIBAAKCAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vt
gPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspU
Ir5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJ
I2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+Lh
C6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/U
MduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQIBIwKCAQBr8lzU9JeTA/4bRS1m
/5okO0DbGtnOJqc6DLCArrs1V9I9bykov9VKHDHLIk5fAncmw/+T8bE7nOqgOj8I
g8sCMny7aImQDlXxD9EYDk/7GS/g1DxNYAlGvDBMfTHkLAt1vhlqAoWPAvxzAAvz
Po4x9cowDxaBOvix1omSYwe3O2xBQ9c7W4RXMdArzFQluC16gqtjt7DZnloNSbex
gXDAsKCn62NFuiUTRz2+3B5j4/ryE7vljmZbx482yAsVMAg9ZpvfRfoFqafJ9+IG
YUySna/hD5SfZJPd3W4anmuLsRqUiA7RTv9OEvddVYDFn5yL0uo53qoYuLwicxQr
+qwLAoGBAPm2cvvsKXXl8S2jL0AXMJ27lHmgeVhcOwYW0d0Iw5wRkUt2UNcj3fqd
OLjb5Ee8ZQbFPMqAUOHexgaTziPZ4kYTqckVUymLM3nX+rcDjdzHb6P+UGyrZdB9
kYQ7O6VZz2egnHY93zYCt4+Ooy6XipCWjtr9C32OjEzUppd5lAHZAoGBAMvbHBGT
/TRa3xmYCzKHRPKUPz7jNngZ2F9nh8FOdXJ3SU4ancG/RXfLYhjuZzmQrDLpjzWu
lrA9l8Ey/EJEJtFbk9JqdGUi+rYhjNIsp/plEzycDGYcvcD/tGy7auoWycv9+0Ko
T901vXAEuq4t+XDUYz+Z552atbmoISo/XG6xAoGBAORPCgrmjE6JFwUne6hPt2uk
L/osUa/fS+hPYMoWpDbrfYbSkw3XpmF5zXXQW69NKSrC9cB1UUOJ2Z+dFD4JCWSk
Q3YE3lHeWvMOnBUKkFTTmUV6zTAnrYtrfbq50CImOfhYVIldI9mcFYqRCjk6GEmu
OXfCyK1PITBNZRzG7biLAoGAaNcVv+W1a2HvFHoUYyD+4yerf22JuhvrnseHpT5L
B6sPwcSLpXhPnLG9a+hSWB6EcfR1iVJ5YfPKY1wMtF2QTmmcetepkxlNvMDMFFF6
9c2U3VeRWRYYceKXTdy6pEY75UDKXMuWyYlaHFo0HxBUZemSILWNDzmfSYmqqANU
G6sCgYAr/Fom3TlFZ9RzYtMLVYeS0U0OZ7Lerrv/3hOtXgEc7frp3MFPEdCwvVI2
zSDPMx7Ts44OalQdIbDi9tdJJeCLCWY3TvLoi1O0blPhwi+uKwtDsPACfIZ+3MLi
zCUhHxkwjKxrvI6BmYPzOAazob10HWfLhppKtotiwH3BfudICg==
-----END RSA PRIVATE KEY-----

用ssh-copy-id将公钥复制到远程机器中:

[[email protected] ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]192.168.1.12
[email protected]192.168.1.12s password: 
Now try logging into the machine, with "ssh ‘[email protected]", and check in:

  .ssh/authorized_keys

to make sure we havent added extra keys that you werent expecting.

查看远程主机上生成的私钥:

[[email protected] ~]# cat ~/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxtlnozvT2OxoTS6XARo25G0moRaDvx7IQoMqMGpLYkN1z3vtgPWWYBj9aLh1a6Y5ziWuYV7oKnHmGa6qAjYlHv6v3/Z2qwzvJ9nEiqEaEesHWspUIr5h7hdLf21b569zbRrQf+myqSByuOUjfLaaJiMWIqKHxaKGwNwK5T0pKR5kkIVJI2N1nhEXi+i8yP67qsRtfr7S3ofwbmgmnjT5Ly1wq09dOymAz3xeeriQ3Ke3G+LhC6qEj4oFfIu95r/jPqnIGxKRJGa15tbmLn1JSBEkl0OhMSA2FfjJQqH3PAfd2J/UMduLNBEzCWcoTIGbDjNDUmTbO9mx5Kk3uRyFCQ== [email protected]

成功实现无密码登录:

[[email protected] ~]# ssh 192.168.1.12
Last login: Sun Sep 11 22:38:43 2016 from 192.168.1.105

 

以上是关于linux下跳板机跟客户端之间无密码登陆的主要内容,如果未能解决你的问题,请参考以下文章

登录跳板机包含MAC登录方法

linux下建立ssh无密码登陆

Linux无密码登录SFTP

mac下iterm2配置安装,通过expact实现保存账号,及通过跳板登陆配置

如何通过跳板机连接mysql-Linux系统管理

Linux下trap+shell三层目录专业规范跳板机脚本