本文讲解如何用openssh生成ed25519的密钥对并实现服务器间免密钥登录。

注意：所有操作均在客户机侧

一、生成 ED25519 密钥

用需要免密登录的用户（本例为username） 运行“ssh-keygen -t ed25519 -b 256”

[username@localhost ~]$ ssh-keygen -t ed25519 -b 256
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/username/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/username/.ssh/id_ed25519
Your public key has been saved in /home/username/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:TxLFDN0ERV3qM7d0OfTXCylXHrXQilvZTymabIcYhTE username@localhost.localdomain
The key's randomart image is:
+--[ED25519 256]--+
|        .E=*+o..o|
|         o=.. ooo|
|        . . . ==.|
|         o . *=o*|
|        S =.*+=*B|
|         = Bo.o+B|
|          o .  o |
|                 |
|                 |
+----[SHA256]-----+
[username@localhost ~]$

一路回车，即可看到在当前用户家目录下生成了.ssh/id_ed25519的私钥和.ssh/id_ed25519.pub公钥文件

二、将公钥文件传给远端服务器对应帐号

使用 ssh-copy-id 命令来完成

[username@localhost ~]$ ssh-copy-id -i ~/.ssh/id_ed25519 -p4422 username@192.168.1.76
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/username/.ssh/id_ed25519.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
(username@192.168.1.76) Password: Number of key(s) added: 1Now try logging into the machine, with:   "ssh -p 4422 'username@192.168.1.76'"
and check to make sure that only the key(s) you wanted were added.[username@localhost ~]$ 

三、测试验证

[username@localhost ~]$ ssh -p4422 username@192.168.1.75
Last login: Tue May 28 17:22:38 2024
Authorized users only. All activities may be monitored and reported.
[username@localhost ~]$

可以看到，现在已经不需要密码即可以登录了。