輸入yes 後生成know_hosts 檔案(如果檔案已存在,則追加)
避免輸入yes:
開啟/etc/ssh/ssh_config檔案:
找到:
# stricthostkeychecking ask
修改為
stricthostkeychecking no
(所以也不用生成know_hosts 檔案了)
5、生成know_hosts 檔案
在伺服器a上,對所有的伺服器(包括a)執行:
ssh host_name
有第4步提示時輸入yes,之後就會追加know_hosts 檔案,並切換到相應的伺服器。在執行下乙個ssh host_name 時,記得要先執行exit,退出到a伺服器上。
6、把know_hosts 檔案傳到其它伺服器~/.ssh/ 目錄下,以後再使用ssh ,scp 命令可以直接使用了。
注:id_rsa : 生成的私鑰檔案
id_rsa.pub : 生成的公鑰檔案
authorized_keys:存放遠端免密登入的公鑰,主要通過這個檔案記錄多台機器的公鑰
know_hosts : 已知的主機公鑰清單
1) .ssh目錄的許可權是700
2) .ssh/authorized_keys檔案許可權是600
ssh 切換伺服器慢:
檢視ssh 切換的資訊
[jamin@localhost .ssh]$ ssh -v 192.168.77.129
openssh_5.3p1, openssl 1.0.1e-fips 11 feb 2013
debug1: reading configuration data /etc/ssh/ssh_config
debug1: connecting to 192.168.77.129 [192.168.77.129] port 22.
debug1: connection established.
debug1: identity file /home/jamin/.ssh/identity type -1
debug1: identity file /home/jamin/.ssh/identity-cert type -1
debug1: identity file /home/jamin/.ssh/id_rsa type 1
debug1: identity file /home/jamin/.ssh/id_rsa-cert type -1
debug1: identity file /home/jamin/.ssh/id_dsa type -1
debug1: identity file /home/jamin/.ssh/id_dsa-cert type -1
debug1: identity file /home/jamin/.ssh/id_ecdsa type -1
debug1: identity file /home/jamin/.ssh/id_ecdsa-cert type -1
debug1: remote protocol version 2.0, remote software version openssh_5.3
debug1: match: openssh_5.3 pat openssh*
debug1: enabling compatibility mode for protocol 2.0
debug1: local version string ssh-2.0-openssh_5.3
debug1: ssh2_msg_kexinit sent
debug1: ssh2_msg_kexinit received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: ssh2_msg_kex_dh_gex_request(1024<1024<8192) sent
debug1: expecting ssh2_msg_kex_dh_gex_group
debug1: ssh2_msg_kex_dh_gex_init sent
debug1: expecting ssh2_msg_kex_dh_gex_reply
debug1: host '192.168.77.129' is known and matches the rsa host key.
debug1: found key in /home/jamin/.ssh/known_hosts:2
debug1: ssh_rsa_verify: signature correct
debug1: ssh2_msg_newkeys sent
debug1: expecting ssh2_msg_newkeys
debug1: ssh2_msg_newkeys received
debug1: ssh2_msg_service_request sent
debug1: ssh2_msg_service_accept received
debug1: authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: next authentication method: gssapi-keyex
debug1: no valid key exchange context
debug1: next authentication method: gssapi-with-mic
debug1: unspecified gss failure. minor code may provide more information
cannot determine realm for numeric host address
debug1: unspecified gss failure. minor code may provide more information
cannot determine realm for numeric host address
debug1: unspecified gss failure. minor code may provide more information
debug1: unspecified gss failure. minor code may provide more information
cannot determine realm for numeric host address
debug1: next authentication method: publickey
debug1: trying private key: /home/jamin/.ssh/identity
debug1: offering public key: /home/jamin/.ssh/id_rsa
debug1: server accepts key: pkalg ssh-rsa blen 277
debug1: read pem private key done: type rsa
debug1: authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: requesting [email protected]
debug1: entering interactive session.
debug1: sending environment.
debug1: sending env lang = en_us.utf-8
last login: tue apr 25 14:28:23 2017 from 192.168.77.130
debug1: next authentication method: gssapi-with-mic
debug1: unspecified gss failure.
關閉 gssapi-with-mic
修改:/etc/ssh/ssh_config 把 gssapiauthentication 修改為no。再檢視除錯資訊,就少了上面的失敗資訊。
還有乙個命令:
ssh-copy-id ip
linux伺服器之間實現ssh免密碼登入的方法
1.驗證ssh遠端登入,未作免密處理的兩台機器,登入時,是需要輸入密碼的 2.本地系統執行 ssh keygen t rsa 命令,生成金鑰檔案 一直按回車鍵,會出現如上圖,也會有你的公私鑰檔案的路徑,比如我的 home lx yf ssh id rsa.pub 3.在相應的目錄下 home lx ...
ssh免密碼登入遠端伺服器
實驗背景 在我們的實際生產中,我們很多時候需要配製成可信賴的無密碼登入環境,ssh自身的公鑰私鑰 是我們常用的選擇。實驗環境 虛擬機器vmware workstation 12 player條件下 客戶端 centos6.4的系統,系統自帶的ssh軟體,ip 192.168.0.24 netmask...
linux伺服器配置ssh免密碼登入
公司裡有n臺伺服器,伺服器之間經常需要scp檔案或使用跳板機由一台伺服器登入其它伺服器,這時候伺服器會讓輸入密碼,比較麻煩。這時候可以配置ssh免密碼登陸,生成公鑰和金鑰檔案,直接完成訪問。配置方法如下 假設有兩台互相訪問的伺服器 192.168.21.11 和 192.168.21.12 由11直...