被連接服務器:
生成秘鑰:
- authorized_keys: 存放遠程免密登錄的公鑰,主要通過這個文件記錄多台機器的公鑰
- id_rsa: 生成的私鑰文件
- id_rsa.pub: 生成的公鑰文件
- know_hosts: 已知的主機公鑰清單
[op@k8s-slave2 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/op/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/op/.ssh/id_rsa.
Your public key has been saved in /home/op/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:LmZz2AOAPJIuqa8lsLNktOECRSGZfL9ZafC8tMS5TuQ op@k8s-slave2
The key's randomart image is:
+---[RSA 2048]----+
|ooo. |
|o* o . |
|o * o = o |
|.+ . o % |
|=+ @ S |
|B.o o E |
|*=. O = |
|+* o = . |
|o.. |
+----[SHA256]-----+
[op@k8s-slave2 ~]$ ll .ssh/
total 16
-rw-rw-r-- 1 op op 395 Jan 24 16:00 authorized_keys
-rw------- 1 op op 1675 Jan 24 15:52 id_rsa
-rw-r--r-- 1 op op 395 Jan 24 15:52 id_rsa.pub
-rw-r--r-- 1 op op 174 Jan 24 15:54 known_hosts
配置生成的公鑰:
cd .ssh/
cat id_rsa.pub >> authorized_keys
配置文件修改:
vim /etc/ssh/sshd_config
# 免密碼登錄
StrictModes no
# 開啟rsa驗證
RSAAuthentication yes
# 是否使用公鑰
PubkeyAuthentication yes
# 公鑰保存位置
AuthorizedKeysFile .ssh/authorized_keys
# 禁止使用密碼登錄
PasswordAuthentication no
重啟服務:
[root@k8s-slave2 ~]# systemctl restart sshd
客戶端服務器:
配置被連接服務器的私鑰:
根據指定私鑰連接服務器:
[root@k8s-master /root]$ chmod 600 ./id_rsa
[root@k8s-master /root]$ ssh -i ./id_rsa op@10.10.80.176
Last login: Mon Jan 24 16:25:20 2022 from 10.10.80.178
[op@k8s-slave2 ~]$