基于秘钥登录方式部署流程
1)在管理主机上创建秘钥对信息
ssh-keygen -t dsa <<---- 创建秘钥对命令 -t dsa表示确定秘钥对加密类型
Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa): <<-- 确认私钥文件保存路径
Overwrite(y/n)y <<--确认如果存在秘钥对信息,是否进行覆盖
Enter passphrase (empty for no passphrase): <<--确认是否给秘钥设置密码信息(一般为空)
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa. <<--私钥地址
Your public key has been saved in /root/.ssh/id_dsa.pub. <<--公钥地址
The key fingerprint is:
SHA256:VNv//X+GL8J/VyE+C5KCugmfjyHTDc1dciluM3DNsf4 root@nfs01
The key‘s randomart image is:
+---[DSA 1024]----+
| .. |
| o.+o |
| . +.B. . |
| o =.* o . |
| . o.*S.. . o .|
| . o...oo.. o .o|
| + o.. . .E. o.+|
| =.= o.o *|
| *o. o.=B|
+----[SHA256]-----+
2).j将管理主机上的公钥信息发送给被管理的主机
ssh-copy-id -i /root/.ssh/id_dsa.pub 172.16.1.31
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
The authenticity of host ‘172.16.1.31 (172.16.1.31)‘ can‘t be established.
ECDSA key fingerprint is SHA256:YCp8YoyYHMdeP9hlikze2pjPvUmdh0/obsL36cLdq70.
ECDSA key fingerprint is MD5:0e:30:bb:cf:a5:19:2f:0c:9d:ba:89:88:b9:49:5d:9f.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.31‘s password:
Permission denied, please try again.
root@172.16.1.31‘s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh ‘172.16.1.31‘"
and check to make sure that only the key(s) you wanted were added.
3).进行远程管理测试(基于秘钥的方式进行远程管理)
ssh <<---直接使用命令登录(免密登录)
ssh x.x.x.x ls <<--可以直接使用远程主机命令
原文:https://www.cnblogs.com/LELEBIAO/p/14651301.html