2.debain11 SSH免密钥登录

1.SSH密钥登录

  • 只需要生成一次密钥
  • 四台主机共用一套密钥
  • 主机之间相互访问都是免密钥登录

1.实验环境

主机名 完全合格域名 角色 系统版本 IP地址
vss vss.skill客户端微信s.com DNS服务器、SSH免密钥 Debi系统运维工资一般多少anv8是什么车11 192.168.1.25/24
vso vso.skills.com DNS客户端、SSH免密钥 Debian11 192.168.1.26/24
vsl vsl.skills.com DNS客户端、SSH免密钥 Debian11 192.168.1.27/24
vsf vsf.skills.com DNS把实力藏得很深的星座客户端客户端已经从游戏服务器连接断开、SSH免密钥 Debian1八省联考成绩查询1 192.168.1.28/24

2.生成密钥

#生成密钥
root@vss:~#  ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):  #回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: #回车
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is: #回车
SHA256:rvdsEJkZAM8l2QNQjyGwQh3trf8d4HvbkUBAUKcnvI0 root@debian
The key's randomart image is:
+---[RSA 4096]----+
| .oo*+**=+ .     |
|.  o =.*= +      |
|. . . = .X o     |
| .   . .= B      |
|      . SE o     |
|     . .o . . .  |
|      . .o . o   |
|       o..+.o .  |
|      ...=+o..   |
+----[SHA256]-----+

3.拷贝密钥ID到客户机

编辑客户机密钥 authorized_keys

#拷贝到客户机vso
root@vss:~# ssh-copy-id root@vso.skills.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@vso's password: 
Number of key(s) added: 1
Now try logging into the machine, with:   "ssh 'root@vso'"
and check to make sure that only the key(s) you wanted were added.
#拷贝密钥文件到客户机
root@vss:~# scp -pr /root/.ssh/ root@vso:/root/
id_rsa.pub                                                                                                   100%  745   319.5KB/s   00:00    
id_rsa                                                                                                           100% 3389     1.2MB/s   00:00    
known_hosts                                                                                              100%  666   384.4KB/s   00:00  
#查看密钥文件
root@vso:~# cd .ssh/
root@vso:~/.ssh# ll
total 16
-rw------- 1 root root 2235 Jan 24 15:22 authorized_keys
-rw------- 1 root root 3389 Jan 24 15:15 id_rsa
-rw-r--r-- 1 root root  745 Jan 24 15:15 id_rsa.pub
-rw-r--r-- 1 root root 1554 Jan 24 15:32 known_hosts
root@vso:~/.ssh# 
root@vso:~/.ssh# vim authorized_keys 
#复制密钥文件然后编辑密钥末尾的 root@vss.skills.com 文件修改主机名为对应的vso、vsl、vsf等
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCi/3jgdCsVKnrsLxLXj53Sfi56CfYfs+6WMhKnepujGQAIDQHqGddYxaXCvfTO3pc1jgwus14QrgcCL3YOHO9wIHPdyGlTdi7/ccJ6BiXEsulvDcPVV6kl3E7J/cnC6q+MD5pprAJboEGDNhcmUP+aHWAehmjQEUonS1uQ5NcRqIF/fgmmjnpOCA+aSAM97N7CGMPHEHVyL8PEwSaggBM5x2hbL0Wa8LVelYcF+Hv8lqkDoMUR6Ljb8MUyKjYsVtEV8mSlHX767ie1cGyRAWJ2Q/BYR0nFuCwlxMqkRtTClsl5L8UVzsXYNUToONYFnt7NgQGnKHX5FznB14JsC29ja448V/E+JU4Vj5xGO6JUQGr7B7lzER1doFZp5Tigdn8bwBscjQ2uAhRWyyNPCxUOcx6BelnduGTQMf/LhWgPTHZQxShVyN6mcBNaUHcHqQ9KPjz9tc70CL0h+NOfdOssAtg6Hf8u33jZYt8oyr/azOoCi1LxEFa8yto7D+FaN0Oql7WrOxGDI2cMHU5qY11Oga1Gs1IzXE4+wLbLF3sP0Kni+6UXIe0EO2F2jI3KMkFnwdbrTW6Tq/Wgea25yC7RXS9TrMpIAnPfS9htnjbWuqLTkrczfBe9vsPNlrcNc0m2Fc2niNbAZMygPGZ881yE3m2wq9yVdXMBarcMlhy3bw== root@vss.skills.com 
#示例:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCi/3jgdCsVKnrsLxLXj53Sfi56CfYfs+6WMhKnepujGQAIDQHqGddYxaXCvfTO3pc1jgwus14QrgcCL3YOHO9wIHPdyGlTdi7/ccJ6BiXEsulvDcPVV6kl3E7J/cnC6q+MD5pprAJboEGDNhcmUP+aHWAehmjQEUonS1uQ5NcRqIF/fgmmjnpOCA+aSAM97N7CGMPHEHVyL8PEwSaggBM5x2hbL0Wa8LVelYcF+Hv8lqkDoMUR6Ljb8MUyKjYsVtEV8mSlHX767ie1cGyRAWJ2Q/BYR0nFuCwlxMqkRtTClsl5L8UVzsXYNUToONYFnt7NgQGnKHX5FznB14JsC29ja448V/E+JU4Vj5xGO6JUQGr7B7lzER1doFZp5Tigdn8bwBscjQ2uAhRWyyNPCxUOcx6BelnduGTQMf/LhWgPTHZQxShVyN6mcBNaUHcHqQ9KPjz9tc70CL0h+NOfdOssAtg6Hf8u33jZYt8oyr/azOoCi1LxEFa8yto7D+FaN0Oql7WrOxGDI2cMHU5qY11Oga1Gs1IzXE4+wLbLF3sP0Kni+6UXIe0EO2F2jI3KMkFnwdbrTW6Tq/Wgea25yC7RXS9TrMpIAnPfS9htnjbWuqLTkrczfBe9vsPNlrcNc0m2Fc2niNbAZMygPGZ881yE3m2wq9yVdXMBarcMlhy3bw== root@vso.skills.com 

4.拷贝&linux必学的60个命令quot;.ssh"文linux系统安装件到所有主机

#拷贝客户机文件夹到其他所有主机
root@vso:~/.ssh# scp -pr /root/.ssh/ root@vsl.skills.com:/root/
The authenticity of host 'vsl.skills.com (192.168.1.27)' can't be established.
ECDSA key fingerprint is SHA256:cvh8/ANBaNrD4AYAdNtHyjcGsoRO5z8lhbYFsYhvo+E.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'vsl.skills.com,192.168.1.27' (ECDSA) to the list of known hosts.
root@vsl.skills.com's password: 
authorized_keys                                                                                              100% 2235   977.6KB/s   00:00    
id_rsa.pub                                                                                                   100%  745   414.0KB/s   00:00    
known_hosts                                                                                                  100% 1554   830.1KB/s   00:00    
id_rsa                                                                                                       100% 3389     1.7MB/s   00:00