本文主要是介绍ssh服务建立免密通道，对大家解决编程问题具有一定的参考价值，需要的程序猿们随着小编来一起学习吧！

（注意：在建立免密通道之前要把防火墙关闭）

关闭防火墙：
​[root@nginx-filebeat-01 ~]# systemctl stop firewalld
[root@nginx-filebeat-01 ~]# getenforce
Disabled

​设置开机禁止启动：
​[root@nginx-filebeat-01 ~]# systemctl disable firewalld

一、信任关系

单向信任关系：A机器可以通过密钥认证以后，可以免密登陆B机器

多向信任关系：A与B两台机器通过密钥认证以后，可以实现双向免密互通登陆

单向信任关系

二、使用步骤

1.创建密钥 

ssh-keygen  #创建密钥对

 此时已生成密钥，以及密钥文件 id_rsa，文件路径在/root/.ssh/id_rsa

[root@nginx-filebeat-01 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:XeqD2KzZcHlnqwiLeZU1/e9+uXqJ511p+jJcojStYQg root@nginx-filebeat-01
The key's randomart image is:
+---[RSA 3072]----+
|                 |
|                 |
|           ..    |
|       E .oo.    |
|        So+...   |
|       +o= = o...|
|      +.* * O +++|
|     o.O o * *o==|
|    o.+ o ...oO**|

2、查看生成密钥的文件以及文件权限

进入目录 cd /root/.ssh/

查看生成的文件

id_rsa  私钥

id_rsa.pub  公钥

[root@nginx-filebeat-01 ~]# cd /root/.ssh/
[root@nginx-filebeat-01 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts
[root@nginx-filebeat-01 .ssh]# ll
总用量 16
-rw-------  1 root root 1146 6月  27 11:33 authorized_keys
-rw-------  1 root root 2610 7月   1 21:50 id_rsa
-rw-r--r--  1 root root  576 7月   1 21:50 id_rsa.pub
-rw-r--r--. 1 root root  525 6月  26 15:40 known_hosts

3、上传公钥到服务器下的root用户的家目录下的.ssh/authorized_keys文件

ssh-copy-id -i id_rsa.pub root@192.168.8.129   # ip填写自己这台机器

ssh-copy-id 用来上传公钥
-i 指定公钥的位置

（第一次建立的时候需要输入本机密码）

[root@nginx-filebeat-01 .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.8.129
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"  
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.8.129's password: 
Permission denied, please try again.
root@192.168.8.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.8.129'"
and check to make sure that only the key(s) you wanted were added.

4、验证是否成功

ssh 'root@192.168.8.129'    

[root@nginx-filebeat-01 .ssh]# ssh 'root@192.168.8.129'
Last failed login: Thu Jul  1 22:04:17 CST 2021 from 192.168.8.129 on ssh:nott
There was 1 failed login attempt since the last successful login.
Last login: Thu Jul  1 12:00:34 2021 from 192.168.8.1

多向信任关系

操作创建密钥步骤一样，在两台机器上进行相同操作，但是上传公钥时要保存到对方ip

第三步：上传公钥到对方服务器下的root用户的家目录下的.ssh/authorized_keys文件

[root@nginx-filebeat-01 .ssh]# ssh-copy-id -i id_rsa.pub root@192.168.8.138
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host '192.168.8.138 (192.168.8.138)' can't be established.
ECDSA key fingerprint is SHA256:o30ZT0YP3U7TkDFaXxk6R436uWMlO6oEDzPeEurebLU.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.8.138's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.8.138'"
and check to make sure that only the key(s) you wanted were added.

第四步：验证

[root@nginx-filebeat-01 .ssh]# ssh 'root@192.168.8.138'
Last login: Thu Jul  1 22:40:42 2021 from 192.168.8.1
[root@kafka-01 ~]#  # 此时已经成功建立双向免密通道

这篇关于ssh服务建立免密通道的文章就介绍到这儿，希望我们推荐的文章对大家有所帮助，也希望大家多多支持为之网！