注意:在做下面实验的时候需要做root用户在sshd服务中的允许
1、需要一个纯净的实验环境
[root@gj ~]# rm -rf ~/.ssh/
2、生成密钥
[root@gj ~]# ssh-keygen -f /root/.ssh/id_rsa -P "" //-f指定密钥的目录 -P指定密码为空
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa //钥匙的位置(私钥)
Your public key has been saved in /root/.ssh/id_rsa.pub //锁的位置(公钥)
The key fingerprint is:
SHA256:GWtsG26yRNwLyoSOSXuPMMje6kPNeHAUHyth4cEkio4 root@gj
The key's randomart image is:
+---[RSA 3072]----+
| .oBo. |
|o +o+ o |
|o .o o . |
|o. o.. o + |
|EoB . + S |
|+*.* o = + |
|==o.o o = |
|..= o. + |
|.+oo .. |
+----[SHA256]-----+
3、上锁
[root@gj ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.111.120 //本地的公钥复制到远程主机的
~/.ssh/authorized_keys文件中//
-i /root/.ssh/id_rsa.pub:指定要复制的公钥文件。
// root@192.168.111.120:指定目标远程主机的用户名和 IP 地址
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.111.120's password:Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.111.120'"
and check to make sure that only the key(s) you wanted were added.
现在登录192.168.111.120就不需要密码了