Linux服务器 ~/.ssh 目录结构如下

image.png

生成公密钥步骤

  • 若没有则创建.ssh文件,则创建并设置权限:$ chmod 700 ~/.ssh
  • 在 .ssh 目录下生成公钥私钥:通过命令 $ ssh-keygen -t rsa,其中 id_rsa 是私钥,id_rsa.pub是公钥
  • authorized_keys 文件存放其他主机的公钥,其他主机即可ssh登录该机,此文件的权限:$ chmod 644 ~/.ssh/authorized_keys
  • know_hosts 记录主机登陆过的其他主机的公钥信息

示例

node01和node02免密登录node03
  • 分别在node01和node02下生成私钥密钥对,执行命令$ ssh-keygen -t rsa,生成 id_rsa 和 id_rsa.pub
  • 分别将生成的node01的id_rsa.pub和node02的id_rsa.pub内容追加到node03主机的authorized_keys中
    node01和node02可以通过$ ssh node03 登录,exit 退出。
  1. $ cat authorized_keys
  2. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzYbmD7F9XYKoxkhE7fshHo/+H74edxYwCX7tbEWyrXkSUsbOrBAkR8jRL3RLqAAmKhkja0hGVjWGYrJGsV3Jn5dHdSdLAwaCWDMpwqqVheuBWU8vosv1Vq5QwJI6YEh0YHOVYpaR9a1mSpivk/tqL+8+8dE3cbSIgRFDVj2zIx7qyG3nze7JfvdCiumjyLDQknQVZ9ynJCPhdC20loQL9I/pmwMP7s+8bfeU3Ur1eB3DFjx2whUr8yAaYdgWcl7fYf4Zo2mcKBBE2Y0HBmYISha0ZW4D+OZaipwp3z2AVaN7so7y/6C2RcTT6pLMmiYpTorDrOsGdrg3LSAmqvszd root@node01
  3. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCshHCQDH+aAD6iVmhu5skFZk7v5OLVYaVPSTHVvblYaV1Imu1EOAYSudyEDtWKg58t2mMAtFtfj+DNHyLpctL/veMWMBcBBQNb2X4w1qlo3/S5z7QjyXwxgyfIpFpsk7L6cY+Y4j2J3EeMqMnYwyXBRFWeO3RhZtbi9w0q80zKKxy45vs3GeduWe2e5bI/tU8tBb1xjGvdr6PmrAWOXNwbXyBnfperFV3hhlQQlt2cD5D0MYLfg8GMMuAfjwIspttBKSjVF8upDTIkIIcmQwnPxV6l7pSGTIqOjEnFZv78sC09JzycK6AlUXp+kUmV+M4TamsodiA30Q9BUi2N+DMJ root@node02
  4. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXI3P17x30MIVkXIz11xuC4ysUB0QspK7gBCEOEJVR2GvzJVKIo0ctaIOfelRV6rLWS9oRdM3Ee1xPAP0mpbqUXjeQgAW5vKz6sUoKbjUGj+PXWPWDFOcBvMbA/u8O7RMK8aIfdU7bMFNAqSz/o6NO72AwgmtOyNJP3zBXX5grU5JZOAtBYP1GMeRD+K0Bzs0YNjDrfNd50kPXy7pUDwnfi/SF3mVNfHphQNVg8gR081dcMql30TfoqBaEt791EHh+a9VlOzPBrE9BfS2Uza9ufwg3hRqX7JktSVCY/HfqgwhWlMB8ZCcjkb0Px7liqESM2VmIiWrbGb3bd42TlXZ9 root@node03
  5. ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDL7mgNLTE35b7rHVZVpP31/p6+SQR338m2b2J6iK6ct2I3/5fVvM1NWt9LMBQ1eBKWP4CElvUaIOm0xLT6RimJhZ/U+kFLgnCINH6PCHdZqTSVM+KpzVc1zwSWrSavAbKkT5RNOs09pBrQZYtcMAkz6Ovrdh5BPTGROsrC6wQzQa+dg2y/gzZJVHOoMp+s4I2BzfSbAUGvrJCQ+lo8d5jU18xcVwQ7+vCWIVmmxngMI8iWB3PbAME3qeobjRL4D4pT+hhXPkG1fs957Xky9+wuYLmuhLQU2vX2dE63wF8v10F6rerIEcCF3eRCK+9bMDQZC1zQ44in0OaN6nu6PUIr root@node04

使自己可以免密登录自己
  • 将服务器自己本身的id_rsa.pub也增加到authorized_keys文件