./.ssh目录下的authorized_keys, id_rsa, id_rsa.pub, known_hosts使用方法解读

一.id_rsa, id_rsa.pub 与 authorized_keys
假设 A （10.235.##.A）为客户机器，B（10.235.##.B）为目标机；
要达到的目的：
A机器ssh登录B机器无需输入密码（加密方式选 rsa|dsa均可以我这里选rsa）
步骤
1、登录A机器，尝试ssh登陆B机器，需要输入密码

[root@AP ~]#  ssh root@10.235.##.B
CGS Linux
Authorized uses only. All activity may be monitored and reported.
root@10.235.##.B's password:
CGS Linux
Authorized uses only. All activity may be monitored and reported.
Last login: Fri Jan 22 09:54:44 2021 from 10.235.##.B

2、ssh-keygen -t rsa，将会生成密钥文件和私钥文件 id_rsa,id_rsa.pub

[root@A zyy]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:aaptIZQ/ZL38Pwjt2FdfLrXijC0A0fbl3LgsKs0/+dY root@A
The key's randomart image is:
+---[RSA 3072]----+
|        .        |
|       . o   .   |
|     . .o . + o  |
|    o o... . + . |
|   . + .So  . .  |
|    . +o+... o. o|
|     ..oo*o.o..+o|
|     o...+=+*o.Eo|
|    ... . .=B*.. |
+----[SHA256]-----+
[root@A /]# cd /root/.ssh
[root@A .ssh]# ls
id_rsa  id_rsa.pub  known_hosts

3、将 .pub 文件复制到B机器的 .ssh 目录， 并在B机器上 cat id_dsa.pub >> ~/.ssh/authorized_keys

[root@A .ssh]# scp id_rsa.pub root@10.235.##.B:/root/.ssh
CGS Linux
Authorized uses only. All activity may be monitored and reported.
root@10.235.##.B's password:
id_rsa.pub                                                                                                     100%  561     1.4MB/s   00:00
[root@A .ssh]#[root@B .ssh]# cat id_rsa.pub >> ~/.ssh/authorized_keys
[root@B .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub  known_hosts

4、大功告成，从A机器登录B机器的目标账户，不再需要密码了

[root@A .ssh]# ssh root@10.235.##.B
The authenticity of host '10.235.##.B (10.235.##.B)' can't be established.
ECDSA key fingerprint is SHA256:WH1Fr6fyxWW8NZp/JZg0tSCdiUC9nbhSunlkTJzkbK4.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.235.##.B' (ECDSA) to the list of known hosts.
CGS Linux
Authorized uses only. All activity may be monitored and reported.
CGS Linux
Authorized uses only. All activity may be monitored and reported.
Last login: Fri Jan 22 09:57:06 2021 from 10.235.##.B
[root@B ~]# exit
logout
Connection to 10.235.##.B closed.
[root@A .ssh]# ssh root@10.235.##.B
CGS Linux
Authorized uses only. All activity may be monitored and reported.
CGS Linux
Authorized uses only. All activity may be monitored and reported.
Last login: Fri Jan 22 10:02:53 2021 from 10.235.##.B

当然也可以这么连接

[root@A .ssh]# ssh -i id_rsa root@10.235.##.B
CGS Linux
Authorized uses only. All activity may be monitored and reported.
CGS Linux
Authorized uses only. All activity may be monitored and reported.
Last login: Fri Jan 22 09:13:19 2021 from 10.235.##.A

二.known_hosts
ssh会把你每个你访问过计算机的公钥(publickey)都记录在~/.ssh/known_hosts，从A机器登录B机器的目标账户的第一次操作时写入。这样以后就不用每次提示“Are you sure you want to continue connecting (yes/no/[fingerprint])? yes”了

[root@B .ssh]# cat known_hosts
10.235.##.B ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNefYd6Aj10kwS/EYnjINmuCaiZi72+tEreCyHWlxPTUQYpJ0vk0fJxd8UrQ+XVFV7OVnV+m7vVoa1rAelhG1nE=

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！