如何配置虚拟机互相免密ssh登录-伊成个人站

背景

如何让多台虚拟机之间免密互相可登录，接下来我们实战演示一下。

实现准备2台服务器，各自的IP分别为 192.168.191.128 和 192.168.191.129 。

① 查看ssh server状态

[root@jenkins ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since 二 2021-08-31 15:13:37 CST; 23min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 1082 (sshd)
    Tasks: 1
   CGroup: /system.slice/sshd.service
           └─1082 /usr/sbin/sshd -D

8月 31 15:13:37 jenkins systemd[1]: Starting OpenSSH server daemon...
8月 31 15:13:37 jenkins sshd[1082]: Server listening on 0.0.0.0 port 22.
8月 31 15:13:37 jenkins sshd[1082]: Server listening on :: port 22.
8月 31 15:13:37 jenkins systemd[1]: Started OpenSSH server daemon.
8月 31 15:14:48 jenkins sshd[3227]: Accepted password for root from 192.168.191.1 port 53268 ssh2
8月 31 15:33:28 jenkins sshd[27315]: Connection closed by 192.168.191.128 port 35046 [preauth]
8月 31 15:33:28 jenkins sshd[27382]: Connection closed by 192.168.191.128 port 35048 [preauth]

由以上信息得知，这台服务器以及安装了对应ssh server 。

如果没有安装请点击这个连接
安装ssh-server传送门

② 开始配置root用户ssh免密登录

执行 ssh-keygen -t rsa 命令。

[root@jenkins ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mrzfLe+SUFFjuDmXsasdwX173L+j2fgqhI8jJagQ root@jenkins
The key's randomart image is:
+---[RSA 2048]----+
|           o+    |
|          o. .   |
|           + .   |
|  E       * o    |
|   .  .  S. *. . |
|    .+ =. +...o =|
|   .  O ..o+.B .*|
|    .. . o+oo.* =|
|   .. ... .B=o+=o|
+----[SHA256]-----+

接着继续执行 ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.191.128 命令

[root@jenkins ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.191.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.191.128's password: //输入对应的root密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.191.128'"
and check to make sure that only the key(s) you wanted were added.

看到以上提示信息，就成功了。可以使用 ssh 'root@192.168.191.128‘ 免密登录对应服务器了。

1
2
3

[root@jenkins ~]# ssh 'root@192.168.191.128'
Last login: Tue Aug 31 15:34:01 2021 from 192.168.191.1
[root@gitlab ~]#

对应的原理再另外一台服务器也这么操作即可。

这样就实现了这2台服务器互相免密可ssh 登录了！

The end…