linux无密码ssh,scp,rsync
维护中,常常遇到需要ssh,scp,或者rsync,每次都需要输入密码,非常麻烦。特别是在自动化shell脚本中,涉及到scp或者rsync的操作时,就需要无密码执行命令。以下来看一下,如何无密码ssh,scp。
现在有两台主机,主机A和主机B,在同一个网络中,且两台主机都有同一个用户root(也可以是同一个其他用户),下面为同一个用户root添加无密码ssh,scp。
1,在主机A生成密钥和公钥
[root@ecs-7bc6-0001 ssh]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): /home/work/docker/centos/ssh/id_rsaEnter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/work/docker/centos/ssh/id_rsa.Your public key has been saved in /home/work/docker/centos/ssh/id_rsa.pub.The key fingerprint is:SHA256:S3zH48HfguyFctJutqXtP/+lIUUWLTmnCU0myllzCLE root@ecs-7bc6-0001.novalocalThe key's randomart image is:+---[RSA 2048]----+| oo++=o || . =o==.o|| E .o* || . o oo || S . * . || . o = B . || . o O * o|| *o* =.|| o=o+.B|+----[SHA256]----
生成过程中需要输入存储目录,如果不输入默认在执行命令用户根目录中的.ssh目录下,在生成目录下查看生成的密钥id_rsa和公钥id_rsa.pub
[root@ecs-7bc6-0001 ssh]# lsid_rsa id_rsa.pub
内容分别是:
[root@ecs-7bc6-0001 ssh]# cat id_rsa-----BEGIN RSA PRIVATE KEY-----MIIEowIBAAKCAQEAtMy5N9159+9cnaz8rbR1kx0xtKdAU702b/Lfz6pgUtzKF1lenD/2gQykUxpIIvcgGYZzVBPGxXzDDJCu1vmMtKbYvEz8iLY+x4BaQ1K+4Mpat1cGIIAMjmYx8IFvtfR+IqLrH7uWHCq283TlVDe2NvTrppyHzoNOsBlbMl7RTrJpdnMli7H0zuYK+qdj6zFqNq056K1x0WwOWVTz5w4Hyp28g9tFq6Ce2H+9GJNRtkuGRGXFgI7XrkAirQ1QWLItymht1h8WdIw0K8qoZT09SrLWJQPLa5Miu7CVhwRsDTDgXbIYj7nfNZn2F7lPkb/AWK9woXQb5qtvf4Dg9eChBwIDAQABAoIBAQCqGIUU2ug561bN/QaIAeQvsOKnnEZ3weaqMeyAekE/E/uJNgo9pCusw5EBohNF2gu4F/b+ndB+0d7LPn9PPt4yw1na5e8cS6EKnmXNOtbbs2TfYh8ginfFrL3FEHFh1RCqU24zn48dFs6ig1KSBgwG7iuZx2A5WO253VEgNXZjuv8FjoVCWR+VmU2cfouB5RM6DxHkGqyZ0nvbbSuYNb8KLyylVibY0IXBBhiIXsYXDNJji1A1XeqNQUHewDINTYJuUAr68nr0yr8WYbOQJte07dgdGi44A9e0QnzlE5txuV5RrEJlTbEMVO5XAFhgk+mG3YrSKGiKucvrdVtTiGERAoGBAOKNs/jf7iDEgUBW2j0tuTT+3HM8KqfJjGFjw5uc0BpCeIy7VpAKikWOjZrPyHsjWKwCnXycxAOms9v2hJe3j1BilHdQA6XpaBbvwQHLgj9zda0Wn6hV3aIZegeENKHnEP8tEuEZe+rAWgIHR+JZkv7YcI58t2kI0ZO2et2SbD85AoGBAMxMneWfWEAMO8gHcdLp3D/3jcNRfhUAW7bAAs56tPGnsPf6bjJSg2YVQv76WffeobdqfnWBILRWJ4oyCxyLmPDL0ZUp4YlEfvkUDxcTH/93FJUqkL+9MTRJRKM/AmzggSkve10jk0Xf4KIRDgJwRXW4M669IqkhLbBd4DKcE6I/AoGAKBNa97ZdAEzidEgo2NOixH4k7vmArieX/o5QRtGpekux2Ws2N8q1hPJfmDgTRb0N7XeU9jsg7WhqvolQESp2XojhrG1qB8pPEGee47tlMeYxtcmfun5d81PAY13+lXkzZ4BIq6r/YZpfEabKD3864nvVBU+IfjsCH7gS6ekB3vkCgYA9Suc8UtgZLxJoasNdccggcNbZOIPJLThW1biB1hKfRZ40Z6/T7Sl64PoeoWGImgSOkKar/jefoxFtxqHKyJ7z71JLnCsMEb6+X6Q/Wf+Jl2JXdlPDErHGbAzppSfHHnvhrVsnkFrI5efw94jqdmCAdukajafucgPRG/j9dhH15QKBgAiN8f4AN1iUUisB9sCljR3Lebblc1300stkQH3vkIrxIfQ+vgRa9HaNY90BKZ5REqF51ZWUxU7/tR8ZQEigamo4wQe/6Rji/dfBPlVY9JU3f8vLbJ+R0GQRfl1qk9hMvhw1syD1HX0bAbOA1nXjYHCswP5KYReMukVXRdR9B+wl-----END RSA PRIVATE KEY-----[root@ecs-7bc6-0001 ssh]# cat id_rsa.pubssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0zLk33Xn371ydrPyttHWTHTG0p0BTvTZv8t/PqmBS3MoXWV6cP/aBDKRTGkgi9yAZhnNUE8bFfMMMkK7W+Yy0pti8TPyItj7HgFpDUr7gylq3VwYggAyOZjHwgW+19H4iousfu5YcKrbzdOVUN7Y29OumnIfOg06wGVsyXtFOsml2cyWLsfTO5gr6p2PrMWo2rTnorXHRbA5ZVPPnDgfKnbyD20WroJ7Yf70Yk1G2S4ZEZcWAjteuQCKtDVBYsi3KaG3WHxZ0jDQryqhlPT1KstYlA8trkyK7sJWHBGwNMOBdshiPud81mfYXuU+Rv8BYr3ChdBvmq29/gOD14KEH root@ecs-7bc6-0001.novalocal
2,保存密钥,添加公钥
把生成的密钥id_rsa复制到主机A的root用户根目录的.ssh/目录下。
把生成的公钥id_rsa.pub中的内容添加到主机B,相同用户根目录下.ssh目录下的authorized_keys文件中。
通过以上两步,主机B就可以无密码的访问主机A。
3,同样如果主机A需要无密码访问主机B,根据1,2两步。
在主机B上生成密钥和公钥,并把B的公钥添加到A的authorized_keys中,且把B的私钥存放在B的root用户根目录的.ssh目录下。
4,如果有多台机器,只需要保证本机的公钥添加到目标机器./ssh/authorized_keys中,目标机器就可以无密码访问本机。
5,多台机器时,有一个简单的方案。
生成一个密钥对,多台机器共用一个密钥和公钥,authorized_keys中添加多行公钥,每个公钥的最后一列修改IP或者主机名,标记这是登录某个主机时需要携带的公钥即可。如下:
ssh-rsa {xxxxxxkeys} root@master2ssh-rsa {xxxxxsKeys} root@slave3ssh-rsa {xxxxxsKeys} root@slave4
(完)(^_^)
深碍√TFBOYSˉ_
爱被打了一巴掌
亦凉
超、凢脫俗
柔情只为你懂
小鱼儿
还没有评论,来说两句吧...