首页 > 其他分享 > SSH 无密码验证配置

SSH 无密码验证配置

时间:2023-03-18 15:14:10浏览次数:36  
标签:验证 rsa 192.168 密码 SSH key root id ssh

SSH 无密码验证配置

2.1. 实验目标

完成本实验,您应该能够:

掌握 SSH 无密钥登录配置

2.2. 实验要求

熟悉 SSH 无密钥登录配置

2.3. 实验环境

本实验所需之主要资源环境如表 1-1 所示。 表 1-1 资源环境 服务器集群 3 个以上节点,节点间网络互通,各节点最低配置:双核 CPU、8GB 内存、100G 硬盘
运行环境 CentOS 7.4
服务和组件 完成前面章节的实验,其他服务根据实验需求安装

2.4. 实验过程

2.4.1. 实验任务一:生成 SSH 密钥

2.4.1.1.安装和启动 SSH 协议
实现 SSH 登录需要 openssh 和 rsync 两个服务,一般情况下默认已经安装,可以通过
下面命令查看结果。
[root@client ~]# rpm -qa | grep openssh 
openssh-clients-7.4p1-16.el7.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-server-7.4p1-16.el7.x86_64
[root@client ~]# rpm -qa | grep rsync
rsync-3.0.9-17.el7.x86_64

2.4.1.2. 生成秘钥对
[root@master yum.repos.d]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:a/VU3ZnrscDZNBSBRYajw+0mQZ+vfMpqIQWFGg6x9v8 root@master
The key's randomart image is:
+---[RSA 2048]----+
|     ..   o.  =Bo|
|     ... o . +o.+|
|     oo o + + +=o|
|    . .o   *.=+ o|
|       .S o =+.+ |
|        .+ = oo.o|
|        o.. * .o |
|       .  ...o . |
|          .E.oo  |
+----[SHA256]-----+

[root@client ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1e:d8:5d:fe:c6:21:80:ae:e7:09:68:76:93:67:24:f0 root@client
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|         .       |
|    .   . . .    |
|     o + . +     |
|      E S . o .  |
|     . * .   + . |
|    + * =     +  |
|   o . B .   .   |
|        o        |
+-----------------+
[root@client ~]# 

2.4.1.4. 查看"/home/hadoop/"下是否有".ssh"文件夹,且".ssh"文件下是否有两 个刚生产的无密码密钥对
[root@master yum.repos.d]# cd 
[root@master ~]# cd .ssh/
[root@master .ssh]# ls
id_rsa  id_rsa.pub

2.4.1.5. 将 id_rsa.pub 追加到授权 key 文件中
[root@master .ssh]# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
[root@master .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub

2.4.2. 实验任务二:交换 SSH 密钥

2.4.2.1. 将 Master 节点的公钥 id_rsa.pub 复制到client

[root@master .ssh]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.120.23 (192.168.120.23)' can't be established.
ECDSA key fingerprint is SHA256:r6CLnT1LPWkWxqAqCgR7agXF/L7XU+lXCtwFRx/MSzA.
ECDSA key fingerprint is MD5:05:f2:9e:2d:58:c6:ee:7f:49:d8:a5:22:39:7a:fa:cb.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

[root@master .ssh]# 



将 client节点的公钥 id_rsa.pub 复制到Master

[root@client .ssh]# ssh-copy-id [email protected]
The authenticity of host '192.168.120.22 (192.168.120.22)' can't be established.
ECDSA key fingerprint is 69:35:d1:43:3b:9a:90:7b:27:d1:85:a5:33:0f:d5:3b.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

[root@master .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

[root@client .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

远程登陆成功

[root@master .ssh]# ssh [email protected]
Last login: Fri Feb 24 10:12:52 2023 from 192.168.120.1
[root@client ~]# 

[root@client .ssh]# ssh [email protected]
Last login: Fri Feb 24 10:12:05 2023 from 192.168.120.1
[root@master ~]# 

标签:验证,rsa,192.168,密码,SSH,key,root,id,ssh
From: https://www.cnblogs.com/shuangmu668/p/17230650.html

相关文章