服务器之间，相同账号，实现免密钥登陆

使用场景

一、Client端机器：10.108.0.1

二、Server端机器：10.108.0.二、10.108.0.三、10.108.0.一、10.108.0.四、10.108.0.5

目的：在Client端机器上，SSH 到 Server端机器上，实现相同账号，免密钥登陆。

解决办法：

一、Client端生成公钥和私钥

执行 ssh-keygen -t rsa

[xxx@sdktest01v ~/.ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/xxx/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/xxx/.ssh/id_rsa.
Your public key has been saved in /home/xxx/.ssh/id_rsa.pub.
The key fingerprint is:
b0:b0:77:9a:01:b6:c0:bc:08:05:a2:a1:f4:6d:f9:77 xxx@server-host-1

此时在当前用户的Home目录下 .ssh 子目录里，生成了两个文件

• 私钥：id_rsa

• 公钥：id_rsa.pub

二、将生成的公钥给Server端机器

[xxx@sdktest01v ~/.ssh]$ ssh-copy-id  -i /home/xxx/.ssh/id_rsa.pub xxx@10.108.0.2
27
xxx@10.108.0.2's password: 
Now try logging into the machine, with "ssh 'xxx@10.108.0.2'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

ssh-copy-id：将公钥发到目标服务器上，并生成文件 /home/xxx/.ssh/authorized_keys

三、测试免密钥登陆

ssh 10.108.0.2

[xxx@10.108.0.2 ~]$

显示登陆成功。

四、没法登陆的缘由

• 客户端的私钥和公钥文件位置必须位于 ~/.ssh 下

• 确保双方 ~/.ssh 目录，父目录，公钥私钥，authorized_keys 文件，对当前用户至少要有执行权限，对其余用户最多只能有执行权限

• authorized_keys 文件名确保正确

五、文件目录权限

Client端：

[xxx@10.108.0.1 ~/.ssh]$ ll
总用量 12
-rwx------ 1 xxx xxx 1675 10月 27 17:04 id_rsa
-rwx------ 1 xxx xxx  413 10月 27 17:04 id_rsa.pub
-rwx------ 1 xxx xxx  396 9月  23 10:53 known_hosts

Server端：

[xxx@10.108.0.2 ~/.ssh]$ ll
total 16
-rw------- 1 xxx xxx  413 Oct 27 18:54 authorized_keys
-rw------- 1 xxx xxx 1675 Oct 27 18:54 id_rsa
-rw-r--r-- 1 xxx xxx  413 Oct 27 18:54 id_rsa.pub
-rwx------ 1 xxx xxx  792 Oct 27 18:54 known_hosts

六、BUG

能够和Server机器通讯，可是还须要密码登陆（CentOS 6系统中复现，涉及ssh-copy-id和SELinux）

摘录一段E文的缘由和解决办法：

When ssh-copy-id creates the authorized keys files it creates it with the proper permissions, but with the wrong SELinux label. 
The fix for this is restoring the labels to their policy defaults using this command:

restorecon -R ~/.ssh