ssh单台/多台免密登录

原理：

• 机器1生成密钥对并将公钥发给机器2，机器2将公钥保存。
• 机器1要登录机器2时，机器2生成随机字符串并用机器1的公钥加密后，发给机器1。
• 机器1用私钥将其解密后发回给机器2，验证成功后登录

  通俗来说：

  验证成功的本质，将57机器的公钥id_rsa.pub的内容传递到 58机器中的authorized_keys文件中。57机器要登录58机器时时，58机器用机器57的公钥加密生成的随机字符串后，发给57机器，57机器用私钥将其解密后发回给58机器，验证成功后登录

普通登录： ssh root@10.80.34.59

[root@kylin236 ~/.ssh 10:54:13]# ssh root@10.80.34.59
root@10.80.34.59's password:
Last login: Mon Dec 21 09:54:21 2020 from 10.80.26.72

1.两台机器互相免密登录

ip: 10.80.34.57
ip: 10.80.34.58

在57机器中输入 sshkey-gen
生成公钥id_rsa.pub 和私钥id_rsa

57免密码登录58：

[root@kylin236 ~ 09:43:58]#  ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Pu76S3gVip7XlTU8dWgE/J5mMpkHOQAgbZJshza71/M root@kylin236
The key's randomart image is:
+---[RSA 2048]----+
|   ..+.... ..o..o|
|    O.+   . ..o..|
|   o *    .. +=  |
|    .  . . .+o.o |
|     ...S . o* . |
|    ...+oo .= *  |
|     .+ *o.  *   |
|       = .E      |
|      .+=.       |
+----[SHA256]-----+
[root@kylin236 ~ 09:45:50]# cd .ssh
[root@kylin236 ~/.ssh 09:46:10]# ls
id_rsa  id_rsa.pub  known_hosts
[root@kylin236 ~/.ssh 09:46:11]# ssh-copy-id 10.80.34.58
[root@kylin236 ~ 09:54:46]# ssh-copy-id 10.80.34.58
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.80.34.58's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '10.80.34.58'"
and check to make sure that only the key(s) you wanted were added.
[root@kylin236 ~ 09:56:52]# ssh 10.80.34.58
Last login: Mon Dec 21 01:52:55 2020 from 10.80.26.72
[root@localhost ~]#  等待输入超时：自动登出
Connection to 10.80.34.58 closed.

58免密码登陆57：

重复一次
ssh-keygen
ssh-copy-id 10.80.34.57

[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pm32k3GZk7Fray0k6KpgoKG0KcN2m+WhxlL7EXtn00s root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|            .    |
|o.   .  S.   *   |
|=oo.  o+. + O    |
|===..=.o++ E +   |
|o+.=* +o+.= * .  |
|  o+o+..  .=.o   |
+----[SHA256]-----+
[root@localhost ~]# ssh-copy-id 10.80.34.57
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa                                                                                                                                                             .pub"
The authenticity of host '10.80.34.57 (10.80.34.57)' can't be established.
ECDSA key fingerprint is SHA256:mx6pcAt7Ux4o5sZqKNnAdTIwQ16P8vke0O2VKkjEFJ0.
ECDSA key fingerprint is MD5:4d:20:6e:a2:55:2f:13:34:4b:09:e9:69:c5:53:06:f2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter                                                                                                                                                              out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompt                                                                                                                                                             ed now it is to install the new keys
root@10.80.34.57's password:
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh '10.80.34.57'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh 10.80.34.57
Last login: Mon Dec 21 09:43:11 2020 from 10.80.26.72
[root@kylin236 ~ 10:53:36]# cd .ssh

此时57和58机器的authorized_keys，id_rsa.pub文件互为对方的文件的内容

58的authorized_keys
[root@localhost .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVs5HvdKM8Ui4kseUz4V3mUquMlCTPfq5xexD8kJmYe4w9CiWtjeuerhMRPEOCPmOwHUBO0k/YGvTNDe6Non0qhWpXo06foRpE/E62p+AsOh2xX46IXrB24QRVFQJWBoo7aYe6fbP27v4KGXH5dSMz0RXnU6Tb8JDmuJB/h7A3ewsbyYt8kHIH1A0g+45UagMppg/nZA0WEy21jKEVCHPnjB0X2cLgz/ERE6P8f0Vy2ClKIdCGCmx70IF7fA/bQfrB+dYQ449kbGfOkVnu2joNJPY7iE8wl1F9VZb9/gJf248Xh4+F60HjBeN5ZWaMpGyujBArVesF0Gic2iAPSNFv root@kylin236
57的id_rsa.pub
[root@kylin236 ~/.ssh 11:05:47]# cat  id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVs5HvdKM8Ui4kseUz4V3mUquMlCTPfq5xexD8kJmYe4w9CiWtjeuerhMRPEOCPmOwHUBO0k/YGvTNDe6Non0qhWpXo06foRpE/E62p+AsOh2xX46IXrB24QRVFQJWBoo7aYe6fbP27v4KGXH5dSMz0RXnU6Tb8JDmuJB/h7A3ewsbyYt8kHIH1A0g+45UagMppg/nZA0WEy21jKEVCHPnjB0X2cLgz/ERE6P8f0Vy2ClKIdCGCmx70IF7fA/bQfrB+dYQ449kbGfOkVnu2joNJPY7iE8wl1F9VZb9/gJf248Xh4+F60HjBeN5ZWaMpGyujBArVesF0Gic2iAPSNFv root@kylin236

57的authorized_keys
[root@kylin236 ~/.ssh 11:18:12]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAEVilSZN3YsDzDsmX3RVM/UuRfRPzFrYTrFu2kBcrz7XemorYEuhgEEEaQwKmaNTIWNEv5bfLx9ICHQXbhnm7kuN6kK2jOozgn4ibxzlP4a5i7PqitbxkSc0lZNhZ4OFJNOW8iL2aNVvlI+2eYjyDEdeXnFI8ocw525GRMMwQKsCHwtdtmyTGH8CNoXffw0CMM8JgWQ9xhaHNY0Iy2cFc5J39D1f+gbCHfc6GHdKXGVZBM8nuIDmM1Selpc+YRzX2zNkmPTdCdRacO7UhD2rAOWksE+SRx4Ay9RvKLrOYPKotx/Pw53ieIIRmUry0LQlRKAKKIsd5SYUqVI38fk7V root@localhost.localdomain
58的id_rsa.pub
[root@localhost .ssh]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAEVilSZN3YsDzDsmX3RVM/UuRfRPzFrYTrFu2kBcrz7XemorYEuhgEEEaQwKmaNTIWNEv5bfLx9ICHQXbhnm7kuN6kK2jOozgn4ibxzlP4a5i7PqitbxkSc0lZNhZ4OFJNOW8iL2aNVvlI+2eYjyDEdeXnFI8ocw525GRMMwQKsCHwtdtmyTGH8CNoXffw0CMM8JgWQ9xhaHNY0Iy2cFc5J39D1f+gbCHfc6GHdKXGVZBM8nuIDmM1Selpc+YRzX2zNkmPTdCdRacO7UhD2rAOWksE+SRx4Ay9RvKLrOYPKotx/Pw53ieIIRmUry0LQlRKAKKIsd5SYUqVI38fk7V root@localhost.localdomain

此时58,58机器可以互相免密登录，互相有了对方的公钥内容。

2.一对多台机器免密登录：

机器IP
192.168.145.235 10.80.34.58
192.168.145.236 10.80.34.57
192.168.145.237 10.80.34.59
192.168.145.239 10.80.34.55
192.168.145.238 10.80.34.54
以一台机器(57机器)为固定机器形成一对多的免密登录的模式
1. 编辑57机器中的hosts文件，保存后不用重启

[root@kylin236 ~ 14:49:35]# cat /etc/hosts
10.80.34.58  h58
10.80.34.57  h57
10.80.34.59  h59
10.80.34.55  h55

2.在四台机器都执行 ssh-keygen
3.在57机器上执行 ，把自己的公钥内容都复制到其他机器上
ssh-copy-id h58
ssh-copy-id h59
ssh-copy-id h55
4.此时可以看到另外三台机器的authorized_keys都是236的id_rsa.pub的内容

[root@kylin237 .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVs5HvdKM8Ui4kseUz4V3mUquMlCTPfq5xexD8kJmYe4w9CiWtjeuerhMRPEOCPmOwHUBO0k/YGvTNDe6Non0qhWpXo06foRpE/E62p+AsOh2xX46IXrB24QRVFQJWBoo7aYe6fbP27v4KGXH5dSMz0RXnU6Tb8JDmuJB/h7A3ewsbyYt8kHIH1A0g+45UagMppg/nZA0WEy21jKEVCHPnjB0X2cLgz/ERE6P8f0Vy2ClKIdCGCmx70IF7fA/bQfrB+dYQ449kbGfOkVnu2joNJPY7iE8wl1F9VZb9/gJf248Xh4+F60HjBeN5ZWaMpGyujBArVesF0Gic2iAPSNFv root@kylin236
[root@kylin236 ~/.ssh 15:56:58]# cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVs5HvdKM8Ui4kseUz4V3mUquMlCTPfq5xexD8kJmYe4w9CiWtjeuerhMRPEOCPmOwHUBO0k/YGvTNDe6Non0qhWpXo06foRpE/E62p+AsOh2xX46IXrB24QRVFQJWBoo7aYe6fbP27v4KGXH5dSMz0RXnU6Tb8JDmuJB/h7A3ewsbyYt8kHIH1A0g+45UagMppg/nZA0WEy21jKEVCHPnjB0X2cLgz/ERE6P8f0Vy2ClKIdCGCmx70IF7fA/bQfrB+dYQ449kbGfOkVnu2joNJPY7iE8wl1F9VZb9/gJf248Xh4+F60HjBeN5ZWaMpGyujBArVesF0Gic2iAPSNFv root@kylin236

此时57可以免密登录55,58,59的机器了。
如果需要互相登录的话，再重复操作把自己的公钥的内容放进别人的authorized_keys中就可以了。
但如果机器台数多的话，这个办法不是好办法。