首页 › Linux服务器论坛 › CentOS 6.5中SSH免密码登录配置教程

向欣 發表於 2023-10-2 00:00:00

CentOS 6.5中SSH免密码登录配置教程

<p><span><strong>0.说明</strong></span></p>
<p>这里为了方便说明问题，假设有A和B两台安装了centos6.5的主机。目标是实现A、B两台主机分别能够通过ssh免密码登录到对方主机。不同主机的配置过程一样，这里介绍A主机的配置过程。</p>
<p>事先在ＡＢ主机分别创建好要免密码登录的用户名，在/etc/hosts文件增加主机名和ip。</p>
<p>创建新用户：useradd linuxidc</p>
<p>设置密码：passwd linuxidc，输入自己想要的密码即可，之后su linuxidc切换用户</p>
<p>修改主机名：vim /etc/sysconfig/network，加入hostname=master，注销系统之后即可看到修改成功</p>
<p>修改hosts文件：</p>
<div class="jb51code">
<div><div id="highlighter_718932" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
</td>
<td class="code"><div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">vim </code><code class="bash plain">/etc/hosts</code>
</div>
<div class="line number2 index1 alt1"><code class="bash plain">192.168.88.101 master </code></div>
<div class="line number3 index2 alt2"><code class="bash plain">192.168.88.102 slave1</code></div>
</div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p><span><strong>1.环境设置</strong></span></p>
<p><strong>1.1 关闭防火墙（root权限）</strong></p>
<p>centos6.5对网络管理相当严格，需要关闭selinux。到/etc/selinux/config下，把SELINUX=enforcing修改为SELINUX=disabled 。需要root权限。</p>
<div class="jb51code">
<div><div id="highlighter_279267" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter"><div class="line number1 index0 alt2">1</div></td>
<td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash comments"># su root</code></div></div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p>Password:</p>
<div class="jb51code">
<div><div id="highlighter_214955" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter"><div class="line number1 index0 alt2">1</div></td>
<td class="code"><div class="container"><div class="line number1 index0 alt2">
<code class="bash plain">$ vim </code><code class="bash plain">/etc/selinux/config</code>
</div></div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p>找到SELINUX并修改为SELINUX=disable</p>
<p><strong>1.2 修改sshd的配置文件（root权限）</strong></p>
<div class="jb51code">
<div><div id="highlighter_477611" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter"><div class="line number1 index0 alt2">1</div></td>
<td class="code"><div class="container"><div class="line number1 index0 alt2">
<code class="bash plain">$ vim </code><code class="bash plain">/etc/ssh/sshd_config</code>
</div></div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p>　　找到以下内容，并去掉注释符“#”</p>
<div class="jb51code">
<div><div id="highlighter_129135" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
<div class="line number3 index2 alt2">3</div>
</td>
<td class="code"><div class="container">
<div class="line number1 index0 alt2">
<code class="bash plain">RSAAuthentication </code><code class="bash functions">yes</code>
</div>
<div class="line number2 index1 alt1">
<code class="bash plain">　　PubkeyAuthentication </code><code class="bash functions">yes</code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain">　　AuthorizedKeysFile .</code><code class="bash functions">ssh</code><code class="bash plain">/authorized_keys</code>
</div>
</div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p><strong>1.3 重启sshd服务（root权限）</strong></p>
<div class="jb51code">
<div><div id="highlighter_336378" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter"><div class="line number1 index0 alt2">1</div></td>
<td class="code"><div class="container"><div class="line number1 index0 alt2">
<code class="bash plain">$ </code><code class="bash plain">/sbin/service</code> <code class="bash plain">sshd restart</code>
</div></div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p><span><strong>2.本机生成公钥和私钥</strong></span></p>
<p>从root切换回要免密码登录的用户linuxidc，执行命令。</p>
<div class="jb51code">
<div><div id="highlighter_939258" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter"><div class="line number1 index0 alt2">1</div></td>
<td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash comments"># ssh-keygen -t rsa</code></div></div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p>默认在用户linuxidc的家目录（~/.ssh/）生成两个文件：</p>
<p>id_rsa: 私钥<br></p>
<p>id_rsa.pub:公钥</p>
<p><span><strong>3.把公钥导入到认证文件</strong></span></p>
<p><strong>3.1 导入到本机</strong></p>
<div class="jb51code">
<div><div id="highlighter_996049" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter"><div class="line number1 index0 alt2">1</div></td>
<td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash comments"># cat ~/.ssh/id_rsa.pub &gt;&gt; ~/.ssh/authorized_keys</code></div></div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p>完成这一步，再按照步骤4修改相关文件权限，可以免密码登录本机。可以输入以下命令验证。</p>
<p>ssh localhost</p>
<p>如果能够登录，即验证成功。</p>
<p><strong>3.2 导入到目标主机</strong></p>
<p><strong>3.2.1在本机操作，传送到目标主机</strong></p>
<div class="jb51code">
<div><div id="highlighter_186283" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter"><div class="line number1 index0 alt2">1</div></td>
<td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash comments"># scp ~/.ssh/id_rsa.pub root@目标主机ip或主机名:/home/id_rsa.pub</code></div></div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p>注意把文件传送到目标主机时，要用root用户，否则会因权限不够而拒绝。输入目标主机密码后，出现OK即传输成功。</p>
<p><strong>3.2.2 登录到目标主机，把公钥导入到认证文件</strong></p>
<p>使用要被免密码登录的用户名linuxidc，登录到目标主机。然后执行以下操作。</p>
<div class="jb51code">
<div><div id="highlighter_423534" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter"><div class="line number1 index0 alt2">1</div></td>
<td class="code"><div class="container"><div class="line number1 index0 alt2"><code class="bash comments"># cat /home/id_rsa.pub &gt;&gt; ~/.ssh/authorized_keys</code></div></div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p>再按照步骤4修改相关文件权限，完成免密码登录设置。</p>
<p><span><strong>4.更改相关文件的权限</strong></span></p>
<div class="jb51code">
<div><div id="highlighter_741196" class="syntaxhighlighterbash">
<div class="toolbar"><span>?</span></div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">1</div>
<div class="line number2 index1 alt1">2</div>
</td>
<td class="code"><div class="container">
<div class="line number1 index0 alt2"><code class="bash comments"># chmod 700 ~/.ssh</code></div>
<div class="line number2 index1 alt1"><code class="bash comments"># chmod 600 ~/.ssh/authorized_keys</code></div>
</div></td>
</tr></tbody></table>
</div></div>
<div class="codetool" id="codetool"><div class="code_n"><textarea></textarea></div></div>
</div>
<p>至此，完成免密码登录设置。</p>
<p><span><strong>5. 测试</strong></span></p>
<p>A主机（linuxidc@master），B主机（linuxidc@slave1）。在A主机，切换为linuxidc用户，执行以下命令测试：</p>
<p>ssh slave1</p>
<p>以上所述是小编给大家介绍的CentOS 6.5中SSH免密码登录配置教程，希望对大家有所帮助，如果大家有任何疑问请给我留言，小编会及时回复大家的。在此也非常感谢大家对服务器之家网站的支持！</p>

查看完整版本: CentOS 6.5中SSH免密码登录配置教程