ubuntu如何实现免密登录

本博客转载于 https://www.cnblogs.com/vincenshen/p/6274288.html

目前很多服务(ceph,openstack等)都需要用到SSH使用ssh-key进行登录,而不能使用密码进行登录。

下面是配置步骤:

一、在SSH Client生成ssh key pair

root@ceph01:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1e:f1:c6:c5:c4:8e:e0:b3:ed:9f:2c:21:24:ce:8a:0d root@ceph01
The key's randomart image is:
+--[ RSA 2048]----+
|           ..    |
|        .  o.    |
|       ... oo    |
|      . ++...    |
|     o oS++      |
|  E   o.ooo      |
|   + .  .o .     |
|  . o     o. .   |
|           o+    |
+-----------------+

二、复制id_rsa.pub内容到 SSH Server 用户的.ssh/authorized_keys 中

root@ceph01:~# ssh-copy-id ceph02
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@ceph02's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'ceph02'"
and check to make sure that only the key(s) you wanted were added.

查看SSH Server 用户的.ssh/authorized_keys文件内容

root@ceph02:~/.ssh# cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1hXDFOCI0hdsZlvuP9FGLnCd6k6yR51T6WN4+Wr/shJlY6ymcxde2hwBhiGowvKNbhpVA3EHUxtV0W9YH742ymTmUCVBCuGd2zUwB36AR9aiQGFwSd8vulqaybirpsic9iZ4d83cGjdJwSQg5mGhxZpzi4qD8yygdEDkTcczIFj+9zh5BCIlsZXFHU8044wIKBAbp2YvrsCW0L81XvVJZo3OJxggbUYlMhXcws99U7q2JcBUKv9IQYjar9GyYh4DNlllDs56sfR6SDtuT1O6NOtKSCc6jxCpf7EmxgBXIeYQiSUKnwDo3CE4FmvFsmTlkFUkOluJIRGUTbkokw5tJ root@ceph01

三、在SSH Server上修改sshd_config配置文件

Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
.
.
.

四、验证

root@ceph01:~# ssh root@ceph02
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.13.0-24-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  System information as of Wed Jan 11 16:33:23 CST 2017

  System load:  0.0               Processes:           113
  Usage of /:   3.7% of 40.95GB   Users logged in:     2
  Memory usage: 2%                IP address for eth0: 192.168.20.178
  Swap usage:   0%

  Graph this data and manage this system at:
    https://landscape.canonical.com/
packages can be updated.
updates are security updates.

New release '16.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

Last login: Wed Jan 11 16:28:49 2017 from 192.168.20.116
root@ceph02:~#

 

你可能感兴趣的:(linux)