一、管理创建密钥对信息
- 客户端(管理端) 执行命令创建秘钥对
[root@ m01 ~]# ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:iw141Q+/CVyoPq3PzUHxmsitehgtmiMT/DkxDs0DQhU root@m01
The key's randomart image is:
+---[DSA 1024]----+
| .E. |
| . . . |
| . . + o |
| . .. . o = o |
| o.+o S.o + . |
| +.*=o+.= = |
| =.B=++ B |
| o O .+.+ . |
| o oo++ o |
+----[SHA256]-----+
二、分发公钥(管理端)
[root@ m01 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub root@172.168.3.41
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host '172.168.3.41 (172.168.3.41)' can't be established.
ECDSA key fingerprint is SHA256:DpvwreEmpTRoiae313P9vEn7bYRjFxDi8QvNoQWgPHk.
ECDSA key fingerprint is MD5:e2:c7:25:de:4f:08:13:14:a9:10:20:46:8c:c2:11:5b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.168.3.41's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@172.168.3.41'"
and check to make sure that only the key(s) you wanted were added.
比对信息
[root@ backup ~]# cat /root/.ssh/authorized_keys
ssh-dss AAAAB3NzaC1kc3MAAACBAP+d8Cm7UegOvzYFiraSD52gxIg/UWqml6mnphdSw7emCLLVxxJXJzrRwlM38A4Nev67svd1i5GKCxE32m58DCuo7m6OC/I8MrOvwD98B4omtCUmUm1dsZvZM4ETwj77ipVDSYPSbt6YQrZ7QXb8wj3AcGYdUe/LsMGNgUeSQlxTAAAAFQCBEk4+Ndg4GNVzvRr2FXNyP534wwAAAIEA8zZYFzSObDWq9TIbg6nt/Oz33ZLz0+845y1ykwWu/Z/aI088yTKLx04CkHO4qBeBe0K8m2d5znPaRaGAmVfzFQf+KkfQKPheC5/OY6IyXpNmr04wBZdLqMMXHLtffHAxEhCnvtnWSWCd0cDYS3cDMBmIulw4fj5RbAnHPBqQLBMAAACBANA5VLMj0sFxOlgWnYRP9GbKRbuwQXHmZ6RHRRzWSTO+7GkVucTRTF1KKhQcOffCEjkGD7Hsvln/rrrfWQ5gsPjb+3WtCBerscjv/3rErS+wIfA3RHEQ5v39ccAMszG7Y6FYVglrBAK36Ox0roz6jRXUcGaWkOZxp4VOQyR9WjcW root@m01
================================================================
[root@ m01 ~]# cat /root/.ssh/id_dsa.pub
ssh-dss AAAAB3NzaC1kc3MAAACBAP+d8Cm7UegOvzYFiraSD52gxIg/UWqml6mnphdSw7emCLLVxxJXJzrRwlM38A4Nev67svd1i5GKCxE32m58DCuo7m6OC/I8MrOvwD98B4omtCUmUm1dsZvZM4ETwj77ipVDSYPSbt6YQrZ7QXb8wj3AcGYdUe/LsMGNgUeSQlxTAAAAFQCBEk4+Ndg4GNVzvRr2FXNyP534wwAAAIEA8zZYFzSObDWq9TIbg6nt/Oz33ZLz0+845y1ykwWu/Z/aI088yTKLx04CkHO4qBeBe0K8m2d5znPaRaGAmVfzFQf+KkfQKPheC5/OY6IyXpNmr04wBZdLqMMXHLtffHAxEhCnvtnWSWCd0cDYS3cDMBmIulw4fj5RbAnHPBqQLBMAAACBANA5VLMj0sFxOlgWnYRP9GbKRbuwQXHmZ6RHRRzWSTO+7GkVucTRTF1KKhQcOffCEjkGD7Hsvln/rrrfWQ5gsPjb+3WtCBerscjv/3rErS+wIfA3RHEQ5v39ccAMszG7Y6FYVglrBAK36Ox0roz6jRXUcGaWkOZxp4VOQyR9WjcW root@m01
信息完全一致
三、进行远程连接测试(不用输入密码,可以直接连接)
[root@ m01 ~]# ssh 172.168.3.41
Last login: Mon May 3 22:45:48 2021 from 192.168.149.1
#遵守员工准则
#部分权限有需要时报告申请
#一份工作一份责任
#不要动网卡,不要乱使用rm命令
[root@ backup ~]# ssh 172.168.3.61
The authenticity of host '172.168.3.61 (172.168.3.61)' can't be established.
ECDSA key fingerprint is SHA256:DpvwreEmpTRoiae313P9vEn7bYRjFxDi8QvNoQWgPHk.
ECDSA key fingerprint is MD5:e2:c7:25:de:4f:08:13:14:a9:10:20:46:8c:c2:11:5b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.168.3.61' (ECDSA) to the list of known hosts.
root@172.168.3.61's password:
Last login: Mon May 3 14:30:31 2021 from 192.168.149.1
#遵守员工准则
#部分权限有需要时报告申请
#一份工作一份责任
#不要动网卡,不要乱使用rm命令