Linux系统生成免密码登录，保姆级教程

1、节点规划，我们这里为了简单，就直接采用root账号，生产中，需要创建专门的用户组和用户。

节点名称	用户	用户组	密码	ip
node1	root	root	123456	192.168.42.139
node2	root	root	123456	192.168.42.140
node3	root	root	123456	192.168.42.141

2、这里指的node1，node2，node3，是需要在host里面配置的，每台服务器都需要配置相应的

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.42.139 node1
192.168.42.140 node2
192.168.42.141 node3

3、在node1，node2，node3上执行ssh-keygen

ssh-keygen -t rsa

一般不需要修改什么，就可以直接下一步，下一步了

node1

[root@node1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:NPfg+iVBKYZNpmtR9F7NQLKsYNt0jM/ejTXtalPNrRA root@node1
The key's randomart image is:
+---[RSA 2048]----+
|       .= ..o    |
|       B = + +   |
|      * O @ . o  |
|     . X % +E  . |
|      + S * ..o.+|
|     .   o o.+ o=|
|        . o +..o.|
|         . o  +. |
|          .  ... |
+----[SHA256]-----+

node2

[root@node2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:PW1BRDwHsE+BfEFLgEVt3iBebaJGqd8zWnEgT/1X8jc root@node2
The key's randomart image is:
+---[RSA 2048]----+
|         ==@X=   |
|        . B+%o* .|
|         +.@+O +.|
|        ..+++.oE=|
|        Soo.+o  +|
|          .o=    |
|           o o   |
|          .      |
|                 |
+----[SHA256]-----+

node3

[root@node3 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:M6wq0NF3ucbaVzTwsaDVS9hpsQWvJFxWMirsGcoy5wA root@node3
The key's randomart image is:
+---[RSA 2048]----+
|           +B=o  |
|       . .=+B*   |
|  E.    +++*o+.  |
|  .....+++ o*.   |
| . .+.+oS. ...   |
|. .  * .+o  .    |
| .    o+   .     |
|  .  .. . .      |
|   ..    .       |
+----[SHA256]-----+

4、配置服务器的免密登录

在node1服务器上执行ssh-copy-id -i id_rsa.pub root@node1

[root@node1 .ssh]# ssh-copy-id -i id_rsa.pub root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host 'node1 (192.168.42.139)' can't be established.
ECDSA key fingerprint is SHA256:bBP/Xzrrb0p6Akzfvdrg0PVL7jI1b493H40ZC19LSIM.
ECDSA key fingerprint is MD5:19:02:77:cd:b2:64:84:d3:5f:94:04:3e:41:33:de:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.

在node1服务器上执行ssh-copy-id -i id_rsa.pub root@node2

[root@node1 .ssh]# ssh-copy-id -i id_rsa.pub root@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host 'node2 (192.168.42.140)' can't be established.
ECDSA key fingerprint is SHA256:bBP/Xzrrb0p6Akzfvdrg0PVL7jI1b493H40ZC19LSIM.
ECDSA key fingerprint is MD5:19:02:77:cd:b2:64:84:d3:5f:94:04:3e:41:33:de:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node2'"
and check to make sure that only the key(s) you wanted were added.

在node1服务器上执行 ssh-copy-id -i id_rsa.pub root@node3

[root@node1 .ssh]# ssh-copy-id -i id_rsa.pub root@node3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host 'node3 (192.168.42.141)' can't be established.
ECDSA key fingerprint is SHA256:bBP/Xzrrb0p6Akzfvdrg0PVL7jI1b493H40ZC19LSIM.
ECDSA key fingerprint is MD5:19:02:77:cd:b2:64:84:d3:5f:94:04:3e:41:33:de:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node3's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node3'"
and check to make sure that only the key(s) you wanted were added.

这两步成功后，可以测试免密登录

在node1节点执行ssh node1，node2，ssh node3

[root@node1 .ssh]# ssh node1
Last login: Tue Nov  7 23:00:33 2023 from 192.168.42.1
[root@node1 ~]# exit
登出
Connection to node1 closed.

[root@node1 .ssh]# ssh node2
Last login: Tue Nov  7 23:21:37 2023 from node1
[root@node2 ~]#

[root@node1 .ssh]# ssh node3
Last login: Tue Nov  7 23:22:22 2023 from node1
[root@node3 ~]#

这里就配置成了，node1可以免密登录node1，node2，node3

同理，在node2，node3，也可以配置免密登录node1，node2，node3.这里按照上面的步骤，在相应的node节点重新拷贝ssh-copy-id -i id_rsa.pub root@节点，就可以了。

在node2上的执行过程

[root@node2 .ssh]#  ssh-copy-id -i id_rsa.pub root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.[root@node2 .ssh]# ssh node1
Last failed login: Tue Nov  7 23:27:55 CST 2023 from node2 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Tue Nov  7 23:27:47 2023 from node2
[root@node1 ~]# exit
登出
Connection to node1 closed.
[root@node2 .ssh]#  ssh-copy-id -i id_rsa.pub root@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host 'node2 (192.168.42.140)' can't be established.
ECDSA key fingerprint is SHA256:bBP/Xzrrb0p6Akzfvdrg0PVL7jI1b493H40ZC19LSIM.
ECDSA key fingerprint is MD5:19:02:77:cd:b2:64:84:d3:5f:94:04:3e:41:33:de:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node2'"
and check to make sure that only the key(s) you wanted were added.[root@node2 .ssh]# exit
登出连接断开
连接主机...
连接主机成功
Last login: Tue Nov  7 23:27:57 2023 from 192.168.42.1
[root@node2 ~]# cd .ssh/
[root@node2 .ssh]# exit^C
[root@node2 .ssh]#  ssh-copy-id -i id_rsa.pub root@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.(if you think this is a mistake, you may want to use -f option)[root@node2 .ssh]#  ssh-copy-id -i id_rsa.pub root@node3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host 'node3 (192.168.42.141)' can't be established.
ECDSA key fingerprint is SHA256:bBP/Xzrrb0p6Akzfvdrg0PVL7jI1b493H40ZC19LSIM.
ECDSA key fingerprint is MD5:19:02:77:cd:b2:64:84:d3:5f:94:04:3e:41:33:de:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node3's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node3'"
and check to make sure that only the key(s) you wanted were added.[root@node2 .ssh]# ssh node3
Last login: Tue Nov  7 23:24:12 2023 from node1
[root@node3 ~]# exit
登出
Connection to node3 closed.

在node3上执行过程

[root@node3 .ssh]# ssh-copy-id -i id_rsa.pub root@node3
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host 'node3 (192.168.42.141)' can't be established.
ECDSA key fingerprint is SHA256:bBP/Xzrrb0p6Akzfvdrg0PVL7jI1b493H40ZC19LSIM.
ECDSA key fingerprint is MD5:19:02:77:cd:b2:64:84:d3:5f:94:04:3e:41:33:de:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node3's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node3'"
and check to make sure that only the key(s) you wanted were added.[root@node3 .ssh]# ssh-copy-id -i id_rsa.pub root@node1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host 'node1 (192.168.42.139)' can't be established.
ECDSA key fingerprint is SHA256:bBP/Xzrrb0p6Akzfvdrg0PVL7jI1b493H40ZC19LSIM.
ECDSA key fingerprint is MD5:19:02:77:cd:b2:64:84:d3:5f:94:04:3e:41:33:de:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node1's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node1'"
and check to make sure that only the key(s) you wanted were added.[root@node3 .ssh]# ssh-copy-id -i id_rsa.pub root@node2
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "id_rsa.pub"
The authenticity of host 'node2 (192.168.42.140)' can't be established.
ECDSA key fingerprint is SHA256:bBP/Xzrrb0p6Akzfvdrg0PVL7jI1b493H40ZC19LSIM.
ECDSA key fingerprint is MD5:19:02:77:cd:b2:64:84:d3:5f:94:04:3e:41:33:de:e2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@node2's password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@node2'"
and check to make sure that only the key(s) you wanted were added.[root@node3 .ssh]# ssh node1
Last login: Tue Nov  7 23:28:18 2023 from node2
[root@node1 ~]# exit
登出
Connection to node1 closed.
[root@node3 .ssh]# ssh node2
Last login: Tue Nov  7 23:28:30 2023 from 192.168.42.1
[root@node2 ~]# exit
登出
Connection to node2 closed.
[root@node3 .ssh]# ssh node3
Last login: Tue Nov  7 23:28:52 2023 from node2
[root@node3 ~]# exit
登出
Connection to node3 closed.

测试免密登录，没有问题就可以了。

注意事项：这里如果遇到ssh-copy-id不存在的情况，需要安装或者升级yum -y install openssh-clients。