Liunx下ssh免密登录

演示从172.16.10.172免密登录到172.16.101.73
两台服务器的hostname

• 172.16.10.172 master
• 172.16.10.173 node1

1. 在172.16.10.172 生成rsa公私钥
   必须在用户目录下的.ssh目录下生成公私钥
   如果用root用户登录的话，那么目录应用为/root/.ssh

[root@docker01 /]# cd /root/.ssh/
[root@docker01 .ssh]#

执行以下命令， 一直按Enter直到生成完成

sh-keygen -t rsa

生成完成后，/root/.ssh目录下会有两个文件id_rsa、id_rsa.pub

• id_rsa 私钥
• id_rsa.pub 公钥

[root@docker01 .ssh]# ls
id_rsa  id_rsa.pub  known_hosts

2. 把公钥复制到需要免密登录的服务器上172.16.10.173
   在/root.ssh目录下复制id_rsa.pub

[root@docker01 .ssh]# scp ./id_rsa.pub root@172.16.10.173:/root/.ssh/auth_key_master.pub
The authenticity of host '172.16.10.173 (172.16.10.173)' can't be established.
ECDSA key fingerprint is 85:5b:d9:7e:01:b3:fa:1c:72:80:6b:c8:15:73:82:b6.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.10.173' (ECDSA) to the list of known hosts.
root@172.16.10.173's password:
id_rsa.pub                                                         100%  405     0.4KB/s   00:00
[root@docker01 .ssh]#

id_rsa.pub 传过去后改了一个名字 auth_key_master.pub

3. 在172.16.10.173服务器上把auth_key_master.pub公钥内容进行公钥合并
   查看公钥

[root@docker01 ~]# cd /root/.ssh/
[root@docker01 .ssh]# ls
auth_key_master.pub  id_rsa  id_rsa.pub  known_hosts

执行合并

[root@docker01 .ssh]# cat auth_key_master.pub >> authorized_keys
# 说明：如果authorized_keys不存在就会自动创建，如果存在就会追加

4. 验证免密登录
   在172.16.10.172上输入ssh root@172.16.10.173

[root@docker01 .ssh]# ssh root@172.16.10.173
Last login: Tue Nov  6 14:27:44 2018 from 192.168.10.103

登录成功