Linux免密登录设置(22端口和非默认端口)

说明：本演示环境是居于CentOS的

• 准备
  两台机器：192.168.1.218/192.168.1.219
• SSH为默认22端口的情况下设置
  在没有设置之前，每次登陆都是要询问并且需要输入密码

[root@data-01 ~]# ssh 192.168.1.219
The authenticity of host '192.168.1.219 (192.168.1.219)' can't be established.
RSA key fingerprint is 19:62:90:98:e0:6a:9a:5d:64:05:ff:60:e1:7b:ec:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.219' (RSA) to the list of known hosts.
[email protected]'s password: 
Last login: Thu Oct 18 11:13:16 2018 from 192.168.1.66
[root@data-02 ~]# 

使用ssh-keygen命令，这个是在默认端口情况下不需要拷贝操作的方式

[root@data-01 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
7d:1c:e4:45:4e:f5:24:a5:e2:fb:3b:4d:ff:93:c2:ce root@data-02
The key's randomart image is:
+--[ RSA 2048]----+
|            ..=o+|
|           o + +.|
|            + o .|
|         . o o   |
|        S . +    |
|           . .  .|
|            o  oo|
|            .+.oo|
|            .E+o+|
+-----------------+
[root@data-01 ~]# ssh-copy-id 192.168.1.219
The authenticity of host '192.168.1.219 (192.168.1.219)' can't be established.
RSA key fingerprint is 19:62:90:98:e0:6a:9a:5d:64:05:ff:60:e1:7b:ec:8b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.219' (RSA) to the list of known hosts.
[email protected]'s password: 
Permission denied, please try again.
[email protected]'s password: 
Now try logging into the machine, with "ssh '192.168.1.219'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[root@data-01 ~]# ssh 192.168.1.219
Last login: Thu Oct 18 11:14:46 2018 from data-01
[root@data-02 ~]# 

这时候就可以通过直接的ssh连接无需密码，建立完后可以在 ~/.ssh/目录下看到两个文件authorized_keys和authorized_keys

• SSH为非默认端口的情况下设置
  在很多情况下安全起见会禁止使用默认22远程登录，比如以下使用1122端口进行远程登录(如何更改登录端口这里暂不说明)，同时使用另外建立的用户来进行测试

[appl@data-01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/appl/.ssh/id_rsa): 
Created directory '/home/appl/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/appl/.ssh/id_rsa.
Your public key has been saved in /home/appl/.ssh/id_rsa.pub.
The key fingerprint is:
37:a0:1a:ec:5d:04:40:5a:f7:64:08:40:38:b1:4a:ad appl@data-02
The key's randomart image is:
+--[ RSA 2048]----+
|.+oo=oo.o        |
|o..o ..=         |
|.o..    +        |
|o ..   o .       |
|.E  o . S o      |
|   . + . . .     |
|    o .          |
|                 |
|                 |
+-----------------+
[appl@data-01 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub "-p 1122 [email protected]"
The authenticity of host '[192.168.1.219]:1122 ([192.168.1.219]:1122)' can't be established.
RSA key fingerprint is ca:e1:11:ce:d8:41:1a:85:d6:a1:02:05:b7:65:c7:57.
Are you sure you want to continue
 connecting (yes/no)? yes
Warning: Permanently added '[192.168.1.219]:1122' (RSA) to the list of known hosts.
[email protected]'s password: 
Now try logging into the machine, with "ssh '-p 1122 [email protected]'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.
[appl@data-01 ~]$ ssh -p 1122 192.168.1.219
Last login: Thu Oct 18 11:16:40 2018 from data-01
[root@data-02 ~]# 

• ssh-keygen说明
  ssh-keygen用于为“ssh”生成、管理和转换认证密钥，它支持RSA和DSA两种认证密钥.

ssh-keygen(选项)
-b：指定密钥长度； 
-e：读取openssh的私钥或者公钥文件； 
-C：添加注释； 
-f：指定用来保存密钥的文件名； 
-i：读取未加密的ssh-v2兼容的私钥/公钥文件，然后在标准输出设备上显示openssh兼容的私钥/公钥； 
-l：显示公钥文件的指纹数据； 
-N：提供一个新密语； 
-P：提供（旧）密语；
-q：静默模式； 
-t：指定要创建的密钥类型。