本文档风哥主要介绍大规模SSH免密登录基础配置,包括SSH免密登录的概念、原理、密钥对生成、单机配置、批量配置等内容,参考RHEL 10官方文档,适合系统管理员在大规模环境中使用。更多视频教程www.fgedu.net.cn
Part01-基础概念与理论知识
1.1 SSH免密登录的概念
SSH免密登录是指使用SSH公钥认证机制,在不需要输入密码的情况下登录远程服务器。这种认证方式比传统的密码认证更安全、更便捷,特别适合大规模服务器集群的管理。
- 无需输入密码,提高登录效率
- 基于公钥加密,安全性更高
- 适合自动化脚本和批量操作
- 支持多用户、多服务器管理
- 可以配置密钥密码,增加安全性
1.2 SSH免密登录原理
SSH免密登录基于公钥加密技术,其工作原理如下:
- 密钥对生成:客户端生成一对密钥(私钥和公钥)
- 公钥分发:将公钥复制到目标服务器的authorized_keys文件
- 认证过程:客户端使用私钥签名,服务器使用公钥验证
- 免密登录:验证通过后,无需输入密码即可登录
1.3 大规模SSH免密登录应用场景
大规模SSH免密登录的应用场景:
- 服务器集群管理:管理数百台服务器集群
- 自动化部署:Ansible、SaltStack等自动化工具
- 批量操作:批量执行命令、脚本
- 监控巡检:批量收集服务器信息
- 日志收集:集中收集多台服务器日志
Part02-生产环境规划与建议
2.1 安全性规划
SSH免密登录安全性规划:
# 密钥类型选择
– RSA:兼容性好,但安全性较低(推荐2048位以上)
– ECDSA:安全性高,计算效率高
– Ed25519:安全性最高,性能最好(推荐)
# 密钥长度规划
– RSA:2048位(最低)、4096位(推荐)
– ECDSA:256位、384位、521位
– Ed25519:固定长度
# 密钥密码规划
– 生产环境:必须设置密钥密码
– 测试环境:可以不设置密钥密码
– 自动化环境:使用ssh-agent管理密钥密码
# 权限控制
– 私钥权限:600
– 公钥权限:644
– authorized_keys权限:600
– .ssh目录权限:700
2.2 密钥管理策略
密钥管理策略建议:
# 密钥分类
– 管理密钥:用于服务器管理
– 应用密钥:用于应用部署
– 备份密钥:用于备份恢复
# 密钥生命周期
– 生成:使用ssh-keygen生成
– 分发:使用ssh-copy-id分发
– 使用:通过ssh使用
– 轮换:定期更换密钥
– 撤销:删除失效密钥
# 密钥备份
– 备份私钥到安全位置
– 加密备份文件
– 记录密钥用途和有效期
– 定期检查密钥状态
2.3 批量部署方案
批量部署方案建议:
- Ansible部署:使用Ansible的authorized_key模块
- 脚本部署:编写Shell脚本批量分发密钥
- 配置管理:使用Puppet、Chef等配置管理工具
- 镜像部署:在系统镜像中预置公钥
- 自动化平台:使用JumpServer等堡垒机平台
Part03-生产环境项目实施方案
3.1 SSH密钥对生成
3.1.1 生成Ed25519密钥对
# ssh-keygen -t ed25519 -C “admin@example.com”
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_ed25519
Your public key has been saved in /root/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:abcdefghijklmnopqrstuvwxyz1234567890 admin@example.com
The key’s randomart image is:
+–[ED25519 256]–+
| .o. |
| . o . |
| . o . |
| . o . |
| o S o |
| o o . . |
| . o . . |
| o . . |
| . . . |
+—-[SHA256]—–+
# 2. 查看生成的密钥文件
# ls -l ~/.ssh/
total 8
-rw——- 1 root root 411 Apr 2 10:00 id_ed25519
-rw-r–r– 1 root root 97 Apr 2 10:00 id_ed25519.pub
# 3. 查看公钥内容
# cat ~/.ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIabcdefghijklmnopqrstuvwxyz1234567890 admin@example.com
# 4. 查看私钥权限(必须为600)
# stat -c “%a %n” ~/.ssh/id_ed25519
600 /root/.ssh/id_ed25519
3.2 单机免密登录配置
3.2.1 使用ssh-copy-id配置免密登录
# ssh-copy-id root@192.168.1.100
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: “/root/.ssh/id_ed25519.pub”
The authenticity of host ‘192.168.1.100 (192.168.1.100)’ can’t be established.
ED25519 key fingerprint is SHA256:abcdefghijklmnopqrstuvwxyz1234567890.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
root@192.168.1.100’s password:
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘root@192.168.1.100′”
and check to make sure that only the key(s) you wanted were added.
# 2. 测试免密登录
# ssh root@192.168.1.100
Last login: Thu Apr 2 10:00:00 2026 from 192.168.1.1
[root@server100 ~]#
# 3. 查看远程服务器上的authorized_keys文件
# cat ~/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIabcdefghijklmnopqrstuvwxyz1234567890 admin@example.com
# 4. 查看authorized_keys文件权限(必须为600)
# stat -c “%a %n” ~/.ssh/authorized_keys
600 /root/.ssh/authorized_keys
3.3 批量免密登录配置
3.3.1 使用脚本批量配置免密登录
# cat > /tmp/server_list.txt << 'EOF' 192.168.1.100 192.168.1.101 192.168.1.102 192.168.1.103 192.168.1.104 EOF # 2. 创建批量免密登录脚本 # cat > /tmp/batch_ssh_copy.sh << 'EOF' #!/bin/bash # 批量SSH免密登录配置脚本 # 作者:fgedu # 日期:2026-04-02 # 定义变量 SERVER_LIST="/tmp/server_list.txt" SSH_USER="root" SSH_KEY="$HOME/.ssh/id_ed25519.pub" LOG_FILE="/tmp/batch_ssh_copy_$(date +%Y%m%d_%H%M%S).log" # 创建日志函数 log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE" } # 创建分隔线函数 separator() { echo "==========================================" | tee -a "$LOG_FILE" } # 开始批量配置 separator log "开始批量SSH免密登录配置" separator log "服务器列表:$SERVER_LIST" log "SSH用户:$SSH_USER" log "SSH公钥:$SSH_KEY" separator # 检查服务器列表文件是否存在 if [ ! -f "$SERVER_LIST" ]; then log "错误:服务器列表文件 $SERVER_LIST 不存在" exit 1 fi # 检查SSH公钥是否存在 if [ ! -f "$SSH_KEY" ]; then log "错误:SSH公钥 $SSH_KEY 不存在" exit 1 fi # 遍历服务器列表 while read -r server; do # 跳过空行和注释行 if [[ -z "$server" || "$server" =~ ^# ]]; then continue fi separator log "配置服务器:$server" # 使用ssh-copy-id复制公钥 ssh-copy-id -i "$SSH_KEY" "$SSH_USER@$server" >> “$LOG_FILE” 2>&1
# 检查是否成功
if [ $? -eq 0 ]; then
log “成功:服务器 $server 免密登录配置成功”
# 测试免密登录
ssh -o ConnectTimeout=5 -o BatchMode=yes “$SSH_USER@$server” “echo ‘免密登录测试成功'” >> “$LOG_FILE” 2>&1
if [ $? -eq 0 ]; then
log “成功:服务器 $server 免密登录测试通过”
else
log “警告:服务器 $server 免密登录测试失败”
fi
else
log “失败:服务器 $server 免密登录配置失败”
fi
separator
done < "$SERVER_LIST"
separator
log "批量SSH免密登录配置完成"
separator
exit 0
EOF
# 3. 设置执行权限
# chmod +x /tmp/batch_ssh_copy.sh
# 4. 执行批量配置脚本
# /tmp/batch_ssh_copy.sh
==========================================
[2026-04-02 10:00:00] 开始批量SSH免密登录配置
==========================================
[2026-04-02 10:00:00] 服务器列表:/tmp/server_list.txt
[2026-04-02 10:00:00] SSH用户:root
[2026-04-02 10:00:00] SSH公钥:/root/.ssh/id_ed25519.pub
==========================================
==========================================
[2026-04-02 10:00:00] 配置服务器:192.168.1.100
[2026-04-02 10:00:01] 成功:服务器 192.168.1.100 免密登录配置成功
[2026-04-02 10:00:02] 成功:服务器 192.168.1.100 免密登录测试通过
==========================================
==========================================
[2026-04-02 10:00:02] 配置服务器:192.168.1.101
[2026-04-02 10:00:03] 成功:服务器 192.168.1.101 免密登录配置成功
[2026-04-02 10:00:04] 成功:服务器 192.168.1.101 免密登录测试通过
==========================================
==========================================
[2026-04-02 10:00:04] 配置服务器:192.168.1.102
[2026-04-02 10:00:05] 成功:服务器 192.168.1.102 免密登录配置成功
[2026-04-02 10:00:06] 成功:服务器 192.168.1.102 免密登录测试通过
==========================================
==========================================
[2026-04-02 10:00:06] 配置服务器:192.168.1.103
[2026-04-02 10:00:07] 成功:服务器 192.168.1.103 免密登录配置成功
[2026-04-02 10:00:08] 成功:服务器 192.168.1.103 免密登录测试通过
==========================================
==========================================
[2026-04-02 10:00:08] 配置服务器:192.168.1.104
[2026-04-02 10:00:09] 成功:服务器 192.168.1.104 免密登录配置成功
[2026-04-02 10:00:10] 成功:服务器 192.168.1.104 免密登录测试通过
==========================================
==========================================
[2026-04-02 10:00:10] 批量SSH免密登录配置完成
==========================================
Part04-生产案例与实战讲解
4.1 使用Ansible批量配置
4.1.1 Ansible批量配置免密登录
# cat > /etc/ansible/hosts << 'EOF' [webservers] 192.168.1.100 192.168.1.101 192.168.1.102 [dbservers] 192.168.1.103 192.168.1.104 EOF # 2. 创建Ansible playbook # cat > /tmp/ssh_key_setup.yml << 'EOF' --- - name: 批量配置SSH免密登录 hosts: all become: yes vars: ssh_public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIabcdefghijklmnopqrstuvwxyz1234567890 admin@example.com" tasks: - name: 确保SSH目录存在 file: path: "/root/.ssh" state: directory mode: '0700' owner: root group: root - name: 确保authorized_keys文件存在 file: path: "/root/.ssh/authorized_keys" state: touch mode: '0600' owner: root group: root - name: 添加SSH公钥到authorized_keys lineinfile: path: "/root/.ssh/authorized_keys" line: "{{ ssh_public_key }}" create: yes mode: '0600' owner: root group: root EOF # 3. 执行Ansible playbook # ansible-playbook -i /etc/ansible/hosts /tmp/ssh_key_setup.yml PLAY [批量配置SSH免密登录] ********************************************************** TASK [Gathering Facts] *************************************************************** ok: [192.168.1.100] ok: [192.168.1.101] ok: [192.168.1.102] ok: [192.168.1.103] ok: [192.168.1.104] TASK [确保SSH目录存在] ************************************************************** ok: [192.168.1.100] ok: [192.168.1.101] ok: [192.168.1.102] ok: [192.168.1.103] ok: [192.168.1.104] TASK [确保authorized_keys文件存在] ************************************************ ok: [192.168.1.100] ok: [192.168.1.101] ok: [192.168.1.102] ok: [192.168.1.103] ok: [192.168.1.104] TASK [添加SSH公钥到authorized_keys] ************************************************ changed: [192.168.1.100] changed: [192.168.1.101] changed: [192.168.1.102] changed: [192.168.1.103] changed: [192.168.1.104] PLAY RECAP ************************************************************************* 192.168.1.100 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.1.101 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.1.102 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.1.103 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 192.168.1.104 : ok=4 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
4.2 使用脚本批量配置
4.2.1 高级批量配置脚本
# cat > /tmp/advanced_ssh_copy.sh << 'EOF' #!/bin/bash # 高级批量SSH免密登录配置脚本 # 功能:支持密码输入、并发配置、错误重试 # 作者:fgedu # 日期:2026-04-02 # 定义变量 SERVER_LIST="/tmp/server_list.txt" SSH_USER="root" SSH_KEY="$HOME/.ssh/id_ed25519.pub" LOG_FILE="/tmp/advanced_ssh_copy_$(date +%Y%m%d_%H%M%S).log" MAX_RETRIES=3 CONCURRENT_LIMIT=5 # 创建日志函数 log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE" } # 创建分隔线函数 separator() { echo "==========================================" | tee -a "$LOG_FILE" } # 配置单个服务器函数 configure_server() { local server=$1 local retry_count=0 local success=0 while [ $retry_count -lt $MAX_RETRIES ]; do # 使用sshpass自动输入密码 sshpass -p "$SSH_PASSWORD" ssh-copy-id -o StrictHostKeyChecking=no -i "$SSH_KEY" "$SSH_USER@$server" >> “$LOG_FILE” 2>&1
if [ $? -eq 0 ]; then
# 测试免密登录
ssh -o ConnectTimeout=5 -o BatchMode=yes “$SSH_USER@$server” “echo ‘免密登录测试成功'” >> “$LOG_FILE” 2>&1
if [ $? -eq 0 ]; then
success=1
break
fi
fi
retry_count=$((retry_count + 1))
log “重试 $retry_count/$MAX_RETRIES:服务器 $server”
sleep 2
done
if [ $success -eq 1 ]; then
log “成功:服务器 $server 免密登录配置成功”
else
log “失败:服务器 $server 免密登录配置失败(重试 $MAX_RETRIES 次)”
fi
}
# 开始批量配置
separator
log “开始高级批量SSH免密登录配置”
separator
log “服务器列表:$SERVER_LIST”
log “SSH用户:$SSH_USER”
log “SSH公钥:$SSH_KEY”
log “最大重试次数:$MAX_RETRIES”
log “并发限制:$CONCURRENT_LIMIT”
separator
# 读取SSH密码
read -sp “请输入SSH密码: ” SSH_PASSWORD
echo “”
# 检查服务器列表文件是否存在
if [ ! -f “$SERVER_LIST” ]; then
log “错误:服务器列表文件 $SERVER_LIST 不存在”
exit 1
fi
# 检查SSH公钥是否存在
if [ ! -f “$SSH_KEY” ]; then
log “错误:SSH公钥 $SSH_KEY 不存在”
exit 1
fi
# 检查sshpass是否安装
if ! command -v sshpass &> /dev/null; then
log “错误:sshpass未安装,请先安装:dnf install -y sshpass”
exit 1
fi
# 遍历服务器列表
server_count=0
current_concurrent=0
while read -r server; do
# 跳过空行和注释行
if [[ -z “$server” || “$server” =~ ^# ]]; then
continue
fi
separator
log “配置服务器:$server”
# 后台执行配置
configure_server “$server” &
server_count=$((server_count + 1))
current_concurrent=$((current_concurrent + 1))
# 控制并发数
if [ $current_concurrent -ge $CONCURRENT_LIMIT ]; then
wait
current_concurrent=0
fi
done < "$SERVER_LIST"
# 等待所有后台任务完成
wait
separator
log "高级批量SSH免密登录配置完成"
log "总计配置服务器:$server_count 台"
separator
exit 0
EOF
# 2. 设置执行权限
# chmod +x /tmp/advanced_ssh_copy.sh
# 3. 安装sshpass工具
# dnf install -y sshpass
Updating Subscription Management repositories.
Last metadata expiration check: 0:30:00 ago on Fri 02 Apr 2026 10:00:00 AM CST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
sshpass x86_64 1.09-4.el10 baseos 25 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 25 k
Installed size: 45 k
Downloading Packages:
sshpass-1.09-4.el10.x86_64.rpm 25 kB/s | 25 kB 00:01
--------------------------------------------------------------------------------
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : sshpass-1.09-4.el10.x86_64 1/1
Running scriptlet: sshpass-1.09-4.el10.x86_64 1/1
Verifying : sshpass-1.09-4.el10.x86_64 1/1
Installed:
sshpass-1.09-4.el10.x86_64
Complete!
# 4. 执行高级批量配置脚本
# /tmp/advanced_ssh_copy.sh
请输入SSH密码:
==========================================
[2026-04-02 10:00:00] 开始高级批量SSH免密登录配置
==========================================
[2026-04-02 10:00:00] 服务器列表:/tmp/server_list.txt
[2026-04-02 10:00:00] SSH用户:root
[2026-04-02 10:00:00] SSH公钥:/root/.ssh/id_ed25519.pub
[2026-04-02 10:00:00] 最大重试次数:3
[2026-04-02 10:00:00] 并发限制:5
==========================================
==========================================
[2026-04-02 10:00:00] 配置服务器:192.168.1.100
[2026-04-02 10:00:01] 成功:服务器 192.168.1.100 免密登录配置成功
==========================================
==========================================
[2026-04-02 10:00:01] 配置服务器:192.168.1.101
[2026-04-02 10:00:02] 成功:服务器 192.168.1.101 免密登录配置成功
==========================================
==========================================
[2026-04-02 10:00:02] 配置服务器:192.168.1.102
[2026-04-02 10:00:03] 成功:服务器 192.168.1.102 免密登录配置成功
==========================================
==========================================
[2026-04-02 10:00:03] 配置服务器:192.168.1.103
[2026-04-02 10:00:04] 成功:服务器 192.168.1.103 免密登录配置成功
==========================================
==========================================
[2026-04-02 10:00:04] 配置服务器:192.168.1.104
[2026-04-02 10:00:05] 成功:服务器 192.168.1.104 免密登录配置成功
==========================================
==========================================
[2026-04-02 10:00:05] 高级批量SSH免密登录配置完成
[2026-04-02 10:00:05] 总计配置服务器:5 台
==========================================
4.3 常见问题排查
4.3.1 SSH免密登录问题排查
# 检查1:确认公钥已添加到authorized_keys
# cat ~/.ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIabcdefghijklmnopqrstuvwxyz1234567890 admin@example.com
# 检查2:确认authorized_keys文件权限
# stat -c “%a %n” ~/.ssh/authorized_keys
600 /root/.ssh/authorized_keys
# 检查3:确认.ssh目录权限
# stat -c “%a %n” ~/.ssh
700 /root/.ssh
# 检查4:确认私钥权限
# stat -c “%a %n” ~/.ssh/id_ed25519
600 /root/.ssh/id_ed25519
# 检查5:使用详细模式调试
# ssh -vvv root@192.168.1.100
OpenSSH_9.0p1, OpenSSL 3.0.7 1 Nov 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.1.100 [192.168.1.100] port 22.
debug1: Connection established.
debug1: identity file /root/.ssh/id_ed25519 type 3
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: publickey
debug1: Offering public key: /root/.ssh/id_ed25519 ED25519 SHA256:abcdefghijklmnopqrstuvwxyz1234567890
debug1: Server accepts key: pkalg ssh-ed25519 blen 64
debug1: Authentication succeeded (publickey).
Authenticated to 192.168.1.100 ([192.168.1.100]:22).
# 问题2:SSH连接超时
# 检查1:确认网络连通性
# ping -c 3 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.124 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=0.125 ms
# 检查2:确认SSH端口是否开放
# telnet 192.168.1.100 22
Trying 192.168.1.100…
Connected to 192.168.1.100.
Escape character is ‘^]’.
SSH-2.0-OpenSSH_9.0
# 检查3:确认SSH服务运行状态
# ssh root@192.168.1.100 “systemctl status sshd”
● sshd.service – OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2026-04-02 09:00:00 CST; 1h 0min ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1234 (sshd)
Tasks: 1 (limit: 4915)
Memory: 2.5M
CGroup: /system.slice/sshd.service
└─1234 “sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups”
# 问题3:Permission denied (publickey)
# 检查1:确认私钥文件存在
# ls -l ~/.ssh/id_ed25519
-rw——- 1 root root 411 Apr 2 10:00 /root/.ssh/id_ed25519
# 检查2:确认私钥权限正确
# chmod 600 ~/.ssh/id_ed25519
# 检查3:确认使用正确的私钥
# ssh -i ~/.ssh/id_ed25519 root@192.168.1.100
# 问题4:Host key verification failed
# 解决方法1:删除known_hosts中的旧记录
# ssh-keygen -R 192.168.1.100
# Host 192.168.1.100 found: line 1
/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old
# 解决方法2:禁用主机密钥检查(不推荐)
# ssh -o StrictHostKeyChecking=no root@192.168.1.100
Part05-风哥经验总结与分享
5.1 免密登录最佳实践
SSH免密登录最佳实践:
- 使用Ed25519密钥:安全性高,性能好
- 设置密钥密码:生产环境必须设置密钥密码
- 权限控制:严格设置文件和目录权限
- 密钥轮换:定期更换SSH密钥
- 密钥审计:定期检查authorized_keys文件
- 使用ssh-agent:管理密钥密码,避免重复输入
- 限制访问:在sshd_config中限制允许的用户和IP
5.2 安全加固建议
SSH免密登录安全加固建议:
# 1. 编辑sshd_config文件
# vi /etc/ssh/sshd_config
# 2. 修改以下配置项
# 禁用密码认证(仅允许公钥认证)
PasswordAuthentication no
# 禁用root登录
PermitRootLogin prohibit-password
# 限制允许的用户
AllowUsers admin1 admin2
# 限制允许的IP
AllowUsers admin1@192.168.1.0/24
# 限制最大认证尝试次数
MaxAuthTries 3
# 设置登录超时
LoginGraceTime 60
# 禁用空密码
PermitEmptyPasswords no
# 3. 重启SSH服务
# systemctl restart sshd
# 4. 查看SSH服务状态
# systemctl status sshd
● sshd.service – OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2026-04-02 10:00:00 CST; 0s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 5678 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 5679 (sshd)
Tasks: 1 (limit: 4915)
Memory: 2.5M
CGroup: /system.slice/sshd.service
└─5679 “sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups”
Apr 02 10:00:00 server1 systemd[1]: Starting OpenSSH server daemon…
Apr 02 10:00:00 server1 sshd[5678]: Server listening on 0.0.0.0 port 22.
Apr 02 10:00:00 server1 sshd[5678]: Server listening on :: port 22.
Apr 02 10:00:00 server1 systemd[1]: Started OpenSSH server daemon.
5.3 工具推荐
推荐的SSH管理工具:
- Ansible:自动化配置管理工具,支持批量SSH配置
- sshpass:自动化SSH密码输入工具
- ssh-copy-id:SSH公钥分发工具
- ssh-agent:SSH密钥代理工具
- JumpServer:堡垒机平台,集中管理SSH访问
- PuTTY:Windows平台SSH客户端
- SSH Config:SSH配置文件,简化SSH连接
本文档介绍了大规模SSH免密登录基础配置,包括SSH免密登录的概念、原理、密钥对生成、单机配置、批量配置等内容。通过合理的配置,可以提高服务器管理效率,降低运维成本。更多学习教程公众号风哥教程itpux_com
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
