环境:从10.0.0.41向10.0.0.31免密码传输数据
原理:使用密钥实现免密码传输数据
步骤一:在10.0.0.41主机生成密钥
[root@localhost ~]# ssh-keygen -t rsa ---一路回车带闪电
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:cPkpwERzMKLMzuxIJxsHn4mtw7i7MbUred++fxx1oUg root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| ..*.. |
| o . + + .E . |
| .+ + o. . . . |
| += o + ...o . |
| ==B S o. . |
|++B. .. |
|=*o . . |
|o+o. . o |
|+=....+o.. |
+----[SHA256]-----+
[root@localhost ~]#
此时在当前用户家目录下生成出现密钥文件
[root@localhost ~]# ll /root/.ssh/
total 8
-rw------- 1 root root 1675 Jan 12 00:16 id_rsa
-rw-r--r-- 1 root root 408 Jan 12 00:16 id_rsa.pub
[root@localhost ~]#
步骤二:在10.0.0.31主机上创建/root/.ssh目录 默认是不存在的
[root@localhost ~]# mkdir .ssh
[root@localhost ~]# ll -a
total 36
dr-xr-x---. 3 root root 188 Jan 12 00:20 .
dr-xr-xr-x. 17 root root 224 Jan 7 08:11 ..
-rw-------. 1 root root 1326 Jan 7 08:12 anaconda-ks.cfg
-rw-------. 1 root root 1069 Jan 7 06:46 .bash_history
-rw-r--r--. 1 root root 18 Dec 28 2013 .bash_logout
-rw-r--r--. 1 root root 176 Dec 28 2013 .bash_profile
-rw-r--r--. 1 root root 176 Dec 28 2013 .bashrc
-rwxr-xr-x. 1 root root 1111 Jan 7 06:26 centos.sh
-rw-r--r--. 1 root root 100 Dec 28 2013 .cshrc
-rwxr-xr-x. 1 root root 651 Jan 7 11:58 modifynetwork.sh
drwxr-xr-x 2 root root 6 Jan 12 00:20 .ssh
-rw-r--r--. 1 root root 129 Dec 28 2013 .tcshrc
[root@localhost ~]#
步骤三:传输本机生成的公钥到10.0.0.31主机的指定目录并且是指定名字
[root@localhost .ssh]# scp id_rsa.pub 10.0.0.31:/root/.ssh/authorized_keys
The authenticity of host '10.0.0.31 (10.0.0.31)' can't be established.
ECDSA key fingerprint is SHA256:m7ABG4m+HEblor9jbpeXJEZJR27uDT6VvqiM3ldEOUA.
ECDSA key fingerprint is MD5:26:0d:d0:c0:ad:0f:c9:b7:34:dc:b3:ed:8e:65:dd:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.31' (ECDSA) to the list of known hosts.
root@10.0.0.31's password: 最后一次输入密码
id_rsa.pub 100% 408 3.7KB/s 00:00
[root@localhost .ssh]#
步骤三:在主机10.0.0.31上查看是否传输过来,并机精心实验验证
查看文件
[root@localhost ~]# cd .ssh/
[root@localhost .ssh]# ll
total 4
-rw-r--r-- 1 root root 408 Jan 12 00:21 authorized_keys
[root@localhost .ssh]#
实验:
主机10.0.0.41
[root@localhost ~]# scp lsy 10.0.0.31:/root/
lsy 100% 0 0.0KB/s 00:00
[root@localhost ~]#
主机10.0.0.31:
[root@localhost ~]# ll
total 12
-rw-------. 1 root root 1326 Jan 7 08:12 anaconda-ks.cfg
-rwxr-xr-x. 1 root root 1111 Jan 7 06:26 centos.sh
-rw-r--r-- 1 root root 0 Jan 12 00:23 lsy
-rwxr-xr-x. 1 root root 651 Jan 7 11:58 modifynetwork.sh
[root@localhost ~]#
总结:注意一点就是传输公钥到主机10.0.0.31上的时指定名字就是为authorized_keys 不可以更改。