如何实现两台Linux虚拟机ssh免密登录
实验开始前
1.准备好两台虚拟机(下载好镜像文件的)
2.实验步骤
公钥验证:(免密登陆验证方式)
(1)生成非对称秘钥
[root@client ~]# ssh-keygen ?-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):?
Enter passphrase (empty for no passphrase):?
Enter same passphrase again:?
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:i8wSE5j8P2yxx8tsfkgkG+VBCDBfuW4Y5UdDpMq9cd4 root@client
The key's randomart image is:
+---[RSA 3072]----+
| ?o....*+ ? ? ? ?|
| . = .+.= ? ? ? ?|
| ?+ oo.= o ? ? ? |
| ? o.+= + ? ? ? ?|
| ? ?*++*S ? ? ? ?|
| ? ?.B+X.o ? ? ? |
| ? ?..@.=.E ? ? ?|
| ? ? o =o.. ? ? ?|
| ? ? ? o=. ? ? ? |
+----[SHA256]-----+
(2) 公钥发送到服务器/root/.ssh/authorized_keys
[root@client ~]# ssh-copy-id -i root@192.168.10.129
(3) 等待客户端请求内部通过非对称验证
[root@client ~]# ssh root@192.168.10.129
?以上是实验步骤,下面是具体操作:
可以在VMware里面操作,也可以用Xshell,我这里用的是MobaXterm
?
1. 我这里先将虚拟机名字改了(方便看是否连接上)
这里客户端IP为192.168.168.129
服务器的IP为192.168.168.128
2. 生成非对称秘钥
ssh-keygen? -t rsa
3. 公钥发送到服务器/root/.ssh/authorized_keys
[root@client ~]# ssh-copy-id ?192.168.10.129
4.? 等待客户端请求内部通过非对称验证
[root@client ~]# ssh 192.168.10.129
[root@client ~]# #先改名虚拟机名字,方便查看是否连接上(必须永久保存名字,不然没用)
[root@client ~]# hostnamectl set-hostname client
[root@client ~]# #再生成非对称密钥
[root@client ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:NHG9KayVObJloLgIlK+urlFYJkYzTUJ7BcBd1rs1lhw root@client
The key's randomart image is:
+---[RSA 3072]----+
|oB*oo+. . .. |
|.+=oo ..E . |
|oo+. . .=ooo o |
|o=... .o.BX o |
|..o. . SB.o |
| o. . .o |
|o |
| o |
|*. |
+----[SHA256]-----+
?然后再将公钥发送给服务器(IP地址):
注意这里输完:[root@client ~]# ssh-copy-id ?192.168.10.129这个命令后,会让你输入yes还是no
[root@client ~]# #然后再将公钥发送给另外一个虚拟机(服务器)
[root@client ~]# ssh-copy-id 192.168.168.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.168.12 (192.168.168.12)' can't be established.
ED25519 key fingerprint is SHA256:t9VyyGfB3e3ltZhQPNA27vzQt4OVzyYielt8R9SI8Ho.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.168.128's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.168.128'"
and check to make sure that only the key(s) you wanted were added.
然后服务器配置也是一样的操作:
[root@server ~]# hostnamectl set-hostname server
[root@server ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:t7DsCVsPfihjwFagBdeqWxLXIXUp+pzwMAWs+muSnzI root@server
The key's randomart image is:
+---[RSA 3072]----+
| .oo+. .. |
| .= =.. |
| + B o |
| + B o |
| . = O .S . |
|. o = =. + . |
| o = .. =.. |
|E +. +*.+. |
| *+. ..o+.. |
+----[SHA256]-----+
[root@server ~]# ssh-copy-id 192.168.168.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.168.129 (192.168.168.129)' can't be established.
ED25519 key fingerprint is SHA256:t9VyyGfB3e3ltZhQPNA27vzQt4OVzyYielt8R9SI8Ho.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.168.129's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.168.129'"
and check to make sure that only the key(s) you wanted were added.
最后验证:
直接输入ssh? +? IP地址
客户端到服务器:
?服务器到客户端:
?可以看到输完ssh后,直接登录进去了,免密登录,实验就完成了
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!