测试环境
| 系统 | 计算机名 | IP |
| CentOS 7 | node1 | 192.168.31.100 |
| CentOS 7 | node2 | 192.168.31.107 |
说明:服务器:node1 单向免密登录 node2
1、关闭防火墙
systemctl stop firewalld
2、在服务器:node1 上运行命令:ssh-keygen -t rsa
此命令是生成公钥和私钥
运行命令一路回车就好
[root@node1 ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:EuqTsMEgXqIsP61BCPVlFi7HxTny4r8fb+YMPtqlYwM root@node1 The key's randomart image is: +---[RSA 2048]----+ | . =o.. | | . . *..+ | |+. .o =o . | |*+o +... | |+o= ....S | |.o * ...E | | = = . .o . | | + . .o=Bo | | . o==B+ | +----[SHA256]-----+ [root@node1 ~]#
在没有指定生成路径时,会默认生成到家目录下的.ssh/目录下。使用rsa就会生成id_rsa和id_rsa.pub两个文件,如果使用的是dsa则生成的是id_dsa和id_dsa.pub两个文件。
可以用命令:ls /root/.ssh/ 查看生成好的 id_rsa 和 id_rsa.pub 文件
[root@node1 ~]# ls /root/.ssh/ id_rsa id_rsa.pub
3、将生成好的 id_dsa.pub 公钥文件发到IP为:192.168.31.107 的 node2 服务器上
运行命令:ssh-copy-id -i ~/.ssh/id_rsa.pub -p 22 root@192.168.31.107
测试:在 node1 服务器上登录 node2 服务器
运行命令:ssh root@192.168.31.107
如下图所示
二、双向免密登录说明:
服务器:node1 免密登录 node2
服务器:node2 免密登录 node1
1、在服务器:node2 上运行命令:
ssh-keygen -t rsa
2、在服务器:node2 上运行命令:
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 22 root@192.168.31.100
3、测试 node2 免密登录 node1 命令:
ssh root@192.168.31.100
