Linux免密登录设置(22端口和非默认端口) Linux免密登录设置(22端口和非默

说明：本演示环境是居于CentOS的
准备
两台机器：192.168.1.218/192.168.1.219
SSH为默认22端口的情况下设置
在没有设置之前，每次登陆都是要询问并且需要输入密码

[root@data-01 ~]# ssh 192.168.1.219 The authenticity of host '192.168.1.219 (192.168.1.219)' can't be established. RSA key fingerprint is 19:62:90:98:e0:6a:9a:5d:64:05:ff:60:e1:7b:ec:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.219' (RSA) to the list of known hosts. root@192.168.1.219's password: Last login: Thu Oct 18 11:13:16 2018 from 192.168.1.66 [root@data-02 ~]#

使用ssh-keygen命令，这个是在默认端口情况下不需要拷贝操作的方式

[root@data-01 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 7d:1c:e4:45:4e:f5:24:a5:e2:fb:3b:4d:ff:93:c2:ce root@data-02 The key's randomart image is: +--[ RSA 2048]----+ |..=o+| |o + +.| |+ o .| |. o o| |S . +| |. ..| |ooo| |.+.oo| |.E+o+| +-----------------+ [root@data-01 ~]# ssh-copy-id 192.168.1.219 The authenticity of host '192.168.1.219 (192.168.1.219)' can't be established. RSA key fingerprint is 19:62:90:98:e0:6a:9a:5d:64:05:ff:60:e1:7b:ec:8b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.219' (RSA) to the list of known hosts. root@192.168.1.219's password: Permission denied, please try again. root@192.168.1.219's password: Now try logging into the machine, with "ssh '192.168.1.219'", and check in:.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting.[root@data-01 ~]# ssh 192.168.1.219 Last login: Thu Oct 18 11:14:46 2018 from data-01

这时候就可以通过直接的ssh连接无需密码，建立完后可以在 ~/.ssh/目录下看到两个文件authorized_keys和authorized_keys
SSH为非默认端口的情况下设置
在很多情况下安全起见会禁止使用默认22远程登录，比如以下使用1122端口进行远程登录(如何更改登录端口这里暂不说明)，同时使用另外建立的用户来进行测试

[appl@data-01 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/appl/.ssh/id_rsa): Created directory '/home/appl/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/appl/.ssh/id_rsa. Your public key has been saved in /home/appl/.ssh/id_rsa.pub. The key fingerprint is: 37:a0:1a:ec:5d:04:40:5a:f7:64:08:40:38:b1:4a:ad appl@data-02 The key's randomart image is: +--[ RSA 2048]----+ |.+oo=oo.o| |o..o ..=| |.o..+| |o ..o .| |.Eo . S o| |. + . . .| |o .| || || +-----------------+ [appl@data-01 ~]$ ssh-copy-id-p 1122appl@192.168.1.219" The authenticity of host '[192.168.1.219]:1122 ([192.168.1.219]:1122)' can't be established. RSA key fingerprint is ca:e1:11:ce:d8:41:1a:85:d6:a1:02:05:b7:65:c7:57. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[192.168.1.219]:1122' (RSA) to the list of known hosts. appl@192.168.1.219's password: Now try logging into the machine, with "ssh '-p 1122 appl@192.168.1.219'", and check in:.ssh/authorized_keysto make sure we haven't added extra keys that you weren't expecting. [appl@data-01 ~]$ ssh -p 1122 192.168.1.219 Last login: Thu Oct 18 11:16:40 2018 from data-01

ssh-keygen说明
ssh-keygen用于为“ssh”生成、管理和转换认证密钥，它支持RSA和DSA两种认证密钥.

【Linux免密登录设置(22端口和非默认端口)】ssh-keygen(选项)
-b：指定密钥长度；
-e：读取openssh的私钥或者公钥文件；
-C：添加注释；
-f：指定用来保存密钥的文件名；
-i：读取未加密的ssh-v2兼容的私钥/公钥文件，然后在标准输出设备上显示openssh兼容的私钥/公钥；
-l：显示公钥文件的指纹数据；
-N：提供一个新密语；
-P：提供（旧）密语；
-q：静默模式；
-t：指定要创建的密钥类型。