碼上快樂

相關內容    簡體    繁體

使用ssh-keygen和ssh-copy-id三步實現SSH無密碼登錄

本文轉載自   查看原文   2016-04-06 16:37   1861    linux 學習
ssh-keygen  產生公鑰與私鑰對.
ssh-copy-id 將本機的公鑰復制到遠程機器的authorized_keys文件中,ssh-copy-id也能讓你有到遠程機器的home, ~./ssh , 和 ~/.ssh/authorized_keys的權利

第一步:在本地機器上使用ssh-keygen產生公鑰私鑰對
  1. jsmith@local-host$ [Note: You are on local-host here]
  5. jsmith@local-host$ ssh-keygen
  7. Generating public/private rsa key pair.
  9. Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
  11. Enter passphrase (empty for no passphrase): [Press enter key]
  13. Enter same passphrase again: [Pess enter key]
  15. Your identification has been saved in /home/jsmith/.ssh/id_rsa.
  17. Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
  19. The key fingerprint is:
  21. 33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host
第二步:用ssh-copy-id將公鑰復制到遠程機器中
  1. jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
  3. jsmith@remote-host's password:
  5. Now try logging into the machine, with "ssh 'remote-host'", and check in:
  9. .ssh/authorized_keys
  13. to make sure we haven't added extra keys that you weren't expecting.

注意: ssh-copy-id 將key寫到遠程機器的 ~/ .ssh/authorized_key.文件中

第三步:  登錄到遠程機器不用輸入密碼
  1. jsmith@local-host$ ssh remote-host
  3. Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
  5. [Note: SSH did not ask for password.]
  9. jsmith@remote-host$ [Note: You are on remote-host here]

 

常見問題:

  1. ssh-copy-id -u eucalyptus -i ~eucalyptus/.ssh/id_rsa.pub eucalyptus@remote_host

上述是給eucalyptus用戶賦予無密碼登陸的權利

[1]

  1. /usr/bin/ssh-copy-id: ERROR: No identities found

使用選項 -i ,當沒有值傳遞的時候或者 如果 ~/.ssh/identity.pub 文件不可訪問(不存在), ssh-copy-id 將顯示上述的錯誤信息  ( -i選項會優先使用將ssh-add -L的內容)

 

  1. jsmith@local-host$ ssh-agent $SHELL
  5. jsmith@local-host$ ssh-add -L
  7. The agent has no identities.
  11. jsmith@local-host$ ssh-add
  13. Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)
  17. jsmith@local-host$ ssh-add -L
  19. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
  21. aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa
  25. jsmith@local-host$ ssh-copy-id -i remote-host
  27. jsmith@remote-host's password:
  29. Now try logging into the machine, with "ssh 'remote-host'", and check in:
  33. .ssh/authorized_keys
  37. to make sure we haven't added extra keys that you weren't expecting.
  39. [Note: This has added the key displayed by ssh-add -L]

[2] ssh-copy-id應注意的三個小地方

    1. Default public key: ssh-copy-id uses ~/.ssh/identity.pub as the default public key file (i.e when no value is passed to option -i). Instead, I wish it uses id_dsa.pub, or id_rsa.pub, or identity.pub as default keys. i.e If any one of them exist, it should copy that to the remote-host. If two or three of them exist, it should copy identity.pub as default.
    2. The agent has no identities: When the ssh-agent is running and the ssh-add -L returns “The agent has no identities” (i.e no keys are added to the ssh-agent), the ssh-copy-id will still copy the message “The agent has no identities” to the remote-host’s authorized_keys entry.
    3. Duplicate entry in authorized_keys: I wish ssh-copy-id validates duplicate entry on the remote-host’s authorized_keys. If you execute ssh-copy-id multiple times on the local-host, it will keep appending the same key on the remote-host’s authorized_keys file without checking for duplicates. Even with duplicate entries everything works as expected. But, I would like to have my authorized_keys file clutter free.


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 ssh-copy-id三步實現SSH無密碼登錄和ssh常用命令 Ubuntu 16.04實現SSH無密碼登錄/免密登錄/自動登錄(ssh-keygen/ssh-copy-id) Linux使用ssh-keygen實現SSH無密碼登錄 ssh、scp、ssh-keygen及ssh-copy-id的用法 【Linux】ssh-copy-id三步實現ssh免密登陸 ssh-keygen使用 ssh無密碼訪問設置(ssh-keygen 的詳解) ssh免密碼和ssh-copy-id命令 ssh和ssh-copy-id以及批量多機無密碼登陸詳解 SSH 在ssh-copy-id 之后仍需輸入密碼的問題
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM