配置ssh远程连接
1.实现两台linux主机之间通过公钥验证能够互相实现免密登陆
1.1交互式
1)客户端(client)生成非对称秘钥
[root@server2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:R+aWcxdDdObp/92kDuGluRpPC6cfdvqH1q50TseYAKc root@server2
The key's randomart image is:
+---[RSA 3072]----+
| .o o|
| . +.|
| + . o..|
| + = .o |
| S E + o. |
| o + B +.|
| o X =oB|
| O Oo*B|
| oo*+=+*|
+----[SHA256]-----+
2.非交互式
ssh-keygen -t rsa -f /root/.ssh/id_rsa -P ' ' -q-t :指定密钥类型-f :指定密钥文件-q :静默方式;即不在前台输出信息-P :指定密钥的密码;一般情况:设置为空 “ ”
(2) 公钥发送到服务器/root/.ssh/authorized_keys
[root@server2 ~]# ssh-copy-id -i root@192.168.180.130/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.180.130 (192.168.180.130)' can't be established.
ED25519 key fingerprint is SHA256:U1j/TH4xOQmidvYC9AGCFEoL8NhcfPkG3Q6MTBhVZRs.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.180.130's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'root@192.168.180.130'"
and check to make sure that only the key(s) you wanted were added.
(3) 等待客户端请求内部通过非对称验证
[root@server2 ~]# ssh root@192.168.180.130Activate the web console with: systemctl enable --now cockpit.socketRegister this system with Red Hat Insights: insights-client --register
Create an account or view all your systems at https://red.ht/insights-dashboard
Last login: Sat Oct 28 13:08:17 2023 from 192.168.180.1
[root@server ~]#
(4)此处已完成server2主机向server主机的远程免密连接,需使两台主机同时相互免密连接,server主机需与server2主机做相同的配置即可(注意:ip地址更换即可)下面是server主机上的配置截图,以及测试结果。
测试结果:
