论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2009-11-20 13:22 |只看该作者 |倒序浏览

SSH无需密码登录SSHD服务器

上段时间，需要在将一台主CVS服务器上的文件自动备份到另一台备份CVS服务上，其中需要用到SSH的加密传输，所以，按照我的操作方式整理一下了，供大家参考。此方式在HA、多服务器ssh远程管理等方面都可以用到。

0、引言
两台服务器，分别是服务器A：192.168.3.212，服务器B：192.168.3.213。服务器A ssh到服务器B，通过用户证书，无需输入口令直接登录服务器B的sshd。具体方法如下。

1、采用root用户登录

1.1、在A服务器上用ssh-keygen产生root用户的公钥和私钥。
[root@FC8Server01 /]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
49:3a:87:11:11:15:1f:3d:21:c0:cf:e2:db:3b:d4:48 root@FC8Server01
注意：Enter passphrase (empty for no passphrase):和Enter same passphrase again:提示处直接回车

1.2、进入/root/.ssh/目录，并列举文件
[root@FC8Server01 /]# cd /root/.ssh/;ll
-rw------- 1 root root 1671 11-12 00:15 id_rsa
-rw-r--r-- 1 root root
398 11-12 00:15 id_rsa.pub

1.3、将/root/.ssh/id_rsa.pub文件拷贝为B服务器的/root/.ssh/authorized_keys
[root@FC8Server01 .ssh]# scp id_rsa.pub 192.168.3.213:/root/.ssh/authorized_keys
The authenticity of host '192.168.3.213 (192.168.3.213)' can't be established.
RSA key fingerprint is 73:42:09:61:ec:7a:49:8a:d2:5b:63:c0:70:cf:dd:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.3.213' (RSA) to the list of known hosts.
root@192.168.3.213's password:
id_rsa.pub
100%
398
0.4KB/s
00:00

1.4、测试
[root@FC8Server01 .ssh]# ssh 192.168.3.213
Last login: Tue Nov 10 23:40:50 2009 from 192.168.3.212

如果ssh 192.168.3.213，不再提示输入密码，则表示成功，否则失败。

2、采用非root用户登录
2.1、在A服务器上创建登录用户testuser，并设置密码为testuser
[root@FC8Server01 ~]# useradd -d "/home/testuser" -s "/bin/bash" -c "testuser File Owner" testuser

[root@FC8Server01 ~]# passwd testuser
Changing password for user testuser.
新的 UNIX 口令：
无效的口令：它基于字典单词
重新输入新的 UNIX 口令：
passwd: all authentication tokens updated successfully.

2.2、在B服务器上创建登录用户testuser，并设置密码为testuser
[root@FC8Server02 ~]# useradd -d "/home/testuser" -s "/bin/bash" -c "testuser File Owner" testuser

[root@FC8Server02 ~]# passwd testuser
Changing password for user testuser.
新的 UNIX 口令：
无效的口令：它基于字典单词
重新输入新的 UNIX 口令：
passwd: all authentication tokens updated successfully.

2.3、用testuser用户登录A服务器
[testuser@FC8Server01 ~]$ pwd
/home/testuser
[testuser@FC8Server01 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/testuser/.ssh/id_rsa):
Created directory '/home/testuser/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/testuser/.ssh/id_rsa.
Your public key has been saved in /home/testuser/.ssh/id_rsa.pub.
The key fingerprint is:
36:02:61:f5:a7:9f:c8:d6:99:4f:ed:d1:d1:97:eb:64 testuser@FC8Server01

2.4、用testuser用户登录B服务器
创建.ssh目录
[testuser@FC8Server02 ~]$ ll -a
总计 32
drwx------ 3 testuser testuser 4096 11-11 00:28 .
drwxr-xr-x 5 root
root
4096 11-11 00:28 ..
-rw-r--r-- 1 testuser testuser
33 11-11 00:28 .bash_logout
-rw-r--r-- 1 testuser testuser
176 11-11 00:28 .bash_profile
-rw-r--r-- 1 testuser testuser
124 11-11 00:28 .bashrc
drwxr-xr-x 2 testuser testuser 4096 11-11 00:28 .gnome2
-rw-r--r-- 1 testuser testuser
658 11-11 00:28 .zshrc
[testuser@FC8Server02 ~]$ mkdir .ssh
[testuser@FC8Server02 ~]$ ll -a
总计 36
drwx------ 4 testuser testuser 4096 11-11 00:32 .
drwxr-xr-x 5 root
root
4096 11-11 00:28 ..
-rw-r--r-- 1 testuser testuser
33 11-11 00:28 .bash_logout
-rw-r--r-- 1 testuser testuser
176 11-11 00:28 .bash_profile
-rw-r--r-- 1 testuser testuser
124 11-11 00:28 .bashrc
drwxr-xr-x 2 testuser testuser 4096 11-11 00:28 .gnome2
drwxrwxr-x 2 testuser testuser 4096 11-11 00:32 .ssh
-rw-r--r-- 1 testuser testuser
658 11-11 00:28 .zshrc

2.5、将/home/testuser/.ssh/id_rsa.pub文件拷贝为B服务器的/home/testuser/.ssh/authorized_keys
[testuser@FC8Server01 ~]$ scp .ssh/id_rsa.pub
192.168.3.213:/home/testuser/.ssh/authorized_keys
testuser@192.168.3.213's password:
id_rsa.pub

100%
402
0.4KB/s
00:00

注意此处的密码为testuser的密码

2.6、调整B服务器上的.ssh和authorized_keys权限
[testuser@FC8Server02 ~]$ chmod 0700 .ssh
[testuser@FC8Server02 ~]$ chmod 0600 .ssh/authorized_keys
此处非常重要，如果权限不正确，则ssh时，提示还需要密码

2.7、测试
[testuser@FC8Server01 ~]$ ssh 192.168.3.213
Last login: Wed Nov 11 00:32:49 2009 from 192.168.3.2
如果ssh 192.168.3.213，不再提示输入密码，则表示成功，否则失败

[ 本帖最后由 suky78 于 2009-11-20 13:25 编辑 ]