採用證書的方法可以解決ssh不需要輸入密碼的問題。
本文采用CentOS的作業系統,建立SSH的key,並在兩臺或多臺機器間實現信任。從而實現SSH登入不需要輸入密碼的功能。
首先,在一臺機器上建立SSH Key:
[root@mysql-ha2 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e1:9b:9a:b8:4d:ea:2c:e7:0c:49:bd:a7:47:fa:b4:4b root@mysql-ha2
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . . . |
| . . S |
| . . .. o |
| o .oE o |
| .+oX.+ |
| =X+B. |
+-----------------+
此時可以在/root/.ssh目錄下看到兩個檔案:
-rw-------. 1 root root 1675 Dec 5 05:02 id_rsa
-rw-r--r--. 1 root root 396 Dec 5 05:02 id_rsa.pub
複製Key到另外一臺機器上,使登入這臺機器不輸入密碼:
[root@mysql-ha2 .ssh]# ssh-copy-id -i id_rsa.pub root@10.1.1.4
測試,發現登入ssh 10.1.1.4不需要密碼。
把id_rsa和id_rsa.pub複製到10.1.1.4上,在10.1.1.4上做同樣的ssh-copy-id的動作,可以使雙向ssh登入不需要密碼。
且採用的是相同的ssh key。