一:SSH工作原理

01 客户端向服务器请求SSH 连接
02 服务端向客户端请求公钥信息
03 上传公钥信息到服务端,服务端收到后存放到/root/.ssh/authorized_keys
04 客户端使用自己的私钥去认证
05 服务端回复认证通过可以连接

二:基于密钥方式实现远程连接

2.1 客户端生成公钥和密钥

 [root@mb01-61 ~]# ssh-keygen     ###一路回车
 [root@mb01-61 ~]# ll .ssh/             ###生成公钥和私钥
 -rw------- 1 root root 1679 Aug  5 22:43 id_rsa
 -rw-r--r-- 1 root root  394 Aug  5 22:43 id_rsa.pub  

通过下面这种方式可以实现免交互生成公钥和密钥
[root@mb01-61 ~]# ssh-keygen -f /root/.ssh/id_rsa -N ''

2.2 将公钥推送到服务端

[root@m01-61 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.7

2.3 测试是否能正常

[root@m01-61 ~]# ssh root@172.16.1.7 hostname
web01-7

三:免交互分发公钥

默认正常情况下将公钥推送到服务端.要先确认在手动输入密码

[root@m01-61 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.7
 Are you sure you want to continue connecting (yes/no)? 
 root@172.16.1.7's password:

为了方便,我们使用免交互

3.1 解决需要手动确认是否连接

使用参数-o StrictHostKeyChecking=no
[root@m01-61 ~]#  ssh-copy-id -i /root/.ssh/id_rsa.pub root@172.16.1.8 -o  StrictHostKeyChecking=no
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.1.8's password: 

3.2 解决手动输入密码

安装sshpass工具
[root@m01-61 ~]# yum -y install sshpass -y

免交互分发公钥
[root@mb01-61 ~]# sshpass -p123456 ssh-copy-id -i /root/.ssh/id_rsa.pub 172.16.1.31 -o  StrictHostKeyChecking=no

四:优化ssh

vim /etc/ssh/sshd_config
 1:修改ssh端口
  #Port 22            port 6666
 2:不允许外网登录
 #ListenAddress 0.0.0.0                ListenAddress 172.16.1.61  ###这里写本机ip,就是只监听这个网段的ip
  3:不允许密码认证
 PasswordAuthentication yes           PasswordAuthentication no