SSH实现基于密钥连接的部署

一、管理创建密钥对信息

  1. 客户端(管理端) 执行命令创建秘钥对
 [root@ m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:iw141Q+/CVyoPq3PzUHxmsitehgtmiMT/DkxDs0DQhU root@m01
The key's randomart image is:
+---[DSA 1024]----+
|   .E.           |
|  .      . .     |
| .      . + o    |
|  . .. . o = o   |
|   o.+o S.o + .  |
|    +.*=o+.= =   |
|     =.B=++ B    |
|    o O .+.+ .   |
|     o oo++ o    |
+----[SHA256]-----+

二、分发公钥(管理端)

 [root@ m01 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.168.3.41
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host '172.168.3.41 (172.168.3.41)' can't be established.
ECDSA key fingerprint is SHA256:DpvwreEmpTRoiae313P9vEn7bYRjFxDi8QvNoQWgPHk.
ECDSA key fingerprint is MD5:e2:c7:25:de:4f:08:13:14:a9:10:20:46:8c:c2:11:5b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.168.3.41's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@172.168.3.41'"
and check to make sure that only the key(s) you wanted were added.




比对信息

[root@ backup ~]# cat /root/.ssh/authorized_keys 
ssh-dss AAAAB3NzaC1kc3MAAACBAP+d8Cm7UegOvzYFiraSD52gxIg/UWqml6mnphdSw7emCLLVxxJXJzrRwlM38A4Nev67svd1i5GKCxE32m58DCuo7m6OC/I8MrOvwD98B4omtCUmUm1dsZvZM4ETwj77ipVDSYPSbt6YQrZ7QXb8wj3AcGYdUe/LsMGNgUeSQlxTAAAAFQCBEk4+Ndg4GNVzvRr2FXNyP534wwAAAIEA8zZYFzSObDWq9TIbg6nt/Oz33ZLz0+845y1ykwWu/Z/aI088yTKLx04CkHO4qBeBe0K8m2d5znPaRaGAmVfzFQf+KkfQKPheC5/OY6IyXpNmr04wBZdLqMMXHLtffHAxEhCnvtnWSWCd0cDYS3cDMBmIulw4fj5RbAnHPBqQLBMAAACBANA5VLMj0sFxOlgWnYRP9GbKRbuwQXHmZ6RHRRzWSTO+7GkVucTRTF1KKhQcOffCEjkGD7Hsvln/rrrfWQ5gsPjb+3WtCBerscjv/3rErS+wIfA3RHEQ5v39ccAMszG7Y6FYVglrBAK36Ox0roz6jRXUcGaWkOZxp4VOQyR9WjcW root@m01
================================================================
[root@ m01 ~]# cat /root/.ssh/id_dsa.pub 
ssh-dss AAAAB3NzaC1kc3MAAACBAP+d8Cm7UegOvzYFiraSD52gxIg/UWqml6mnphdSw7emCLLVxxJXJzrRwlM38A4Nev67svd1i5GKCxE32m58DCuo7m6OC/I8MrOvwD98B4omtCUmUm1dsZvZM4ETwj77ipVDSYPSbt6YQrZ7QXb8wj3AcGYdUe/LsMGNgUeSQlxTAAAAFQCBEk4+Ndg4GNVzvRr2FXNyP534wwAAAIEA8zZYFzSObDWq9TIbg6nt/Oz33ZLz0+845y1ykwWu/Z/aI088yTKLx04CkHO4qBeBe0K8m2d5znPaRaGAmVfzFQf+KkfQKPheC5/OY6IyXpNmr04wBZdLqMMXHLtffHAxEhCnvtnWSWCd0cDYS3cDMBmIulw4fj5RbAnHPBqQLBMAAACBANA5VLMj0sFxOlgWnYRP9GbKRbuwQXHmZ6RHRRzWSTO+7GkVucTRTF1KKhQcOffCEjkGD7Hsvln/rrrfWQ5gsPjb+3WtCBerscjv/3rErS+wIfA3RHEQ5v39ccAMszG7Y6FYVglrBAK36Ox0roz6jRXUcGaWkOZxp4VOQyR9WjcW root@m01



信息完全一致

三、进行远程连接测试(不用输入密码,可以直接连接)

[root@ m01 ~]# ssh 172.168.3.41
Last login: Mon May  3 22:45:48 2021 from 192.168.149.1
#遵守员工准则
#部分权限有需要时报告申请
#一份工作一份责任
#不要动网卡,不要乱使用rm命令
 [root@ backup ~]# ssh 172.168.3.61
The authenticity of host '172.168.3.61 (172.168.3.61)' can't be established.
ECDSA key fingerprint is SHA256:DpvwreEmpTRoiae313P9vEn7bYRjFxDi8QvNoQWgPHk.
ECDSA key fingerprint is MD5:e2:c7:25:de:4f:08:13:14:a9:10:20:46:8c:c2:11:5b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.168.3.61' (ECDSA) to the list of known hosts.
root@172.168.3.61's password: 
Last login: Mon May  3 14:30:31 2021 from 192.168.149.1
#遵守员工准则
#部分权限有需要时报告申请
#一份工作一份责任
#不要动网卡,不要乱使用rm命令

上一篇:ssh免密登录


下一篇:SSH