码迷,mamicode.com
首页 > 系统相关 > 详细

[转] Linux服务器三步骤配置免密码登陆

时间:2017-04-11 11:21:40      阅读:279      评论:0      收藏:0      [点我收藏+]

标签:sam   targe   turn   aaa   time   机器   last   style   信息   

ssh-keygen  产生公钥与私钥对.
ssh-copy-id 将本机的公钥复制到远程机器的authorized_keys文件中,ssh-copy-id也能让你有到远程机器的home, ~./ssh , 和 ~/.ssh/authorized_keys的权利

第一步:在本地机器上使用ssh-keygen产生公钥私钥对
  1. jsmith@local-host$ [Note: You are on local-host here]
  5. jsmith@local-host$ ssh-keygen
  7. Generating public/private rsa key pair.
  9. Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
  11. Enter passphrase (empty for no passphrase): [Press enter key]
  13. Enter same passphrase again: [Pess enter key]
  15. Your identification has been saved in /home/jsmith/.ssh/id_rsa.
  17. Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
  19. The key fingerprint is:
  21. 33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host
第二步:用ssh-copy-id将公钥复制到远程机器中
  1. jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
  3. jsmith@remote-host‘s password:
  5. Now try logging into the machine, with "ssh ‘remote-host‘", and check in:
  9. .ssh/authorized_keys
  13. to make sure we haven‘t added extra keys that you weren‘t expecting.

注意: ssh-copy-id 将key写到远程机器的 ~/ .ssh/authorized_key.文件中

第三步: 登录到远程机器不用输入密码
  1. jsmith@local-host$ ssh remote-host
  3. Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
  5. [Note: SSH did not ask for password.]
  9. jsmith@remote-host$ [Note: You are on remote-host here]

 

常见问题:

  1. ssh-copy-id -u eucalyptus -i ~eucalyptus/.ssh/id_rsa.pub eucalyptus@remote_host

上述是给eucalyptus用户赋予无密码登陆的权利

[1] 

  1. /usr/bin/ssh-copy-id: ERROR: No identities found

使用选项 -i ,当没有值传递的时候或者 如果 ~/.ssh/identity.pub 文件不可访问(不存在), ssh-copy-id 将显示上述的错误信息  ( -i选项会优先使用将ssh-add -L的内容)

 

  1. jsmith@local-host$ ssh-agent $SHELL
  5. jsmith@local-host$ ssh-add -L
  7. The agent has no identities.
  11. jsmith@local-host$ ssh-add
  13. Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)
  17. jsmith@local-host$ ssh-add -L
  19. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
  21. aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa
  25. jsmith@local-host$ ssh-copy-id -i remote-host
  27. jsmith@remote-host‘s password:
  29. Now try logging into the machine, with "ssh ‘remote-host‘", and check in:
  33. .ssh/authorized_keys
  37. to make sure we haven‘t added extra keys that you weren‘t expecting.
  39. [Note: This has added the key displayed by ssh-add -L]

[2] ssh-copy-id应注意的三个小地方

    1. Default public key: ssh-copy-id uses ~/.ssh/identity.pub as the default public key file (i.e when no value is passed to option -i). Instead, I wish it uses id_dsa.pub, or id_rsa.pub, or identity.pub as default keys. i.e If any one of them exist, it should copy that to the remote-host. If two or three of them exist, it should copy identity.pub as default.
    2. The agent has no identities: When the ssh-agent is running and the ssh-add -L returns “The agent has no identities” (i.e no keys are added to the ssh-agent), the ssh-copy-id will still copy the message “The agent has no identities” to the remote-host’s authorized_keys entry.
    3. Duplicate entry in authorized_keys: I wish ssh-copy-id validates duplicate entry on the remote-host’s authorized_keys. If you execute ssh-copy-id multiple times on the local-host, it will keep appending the same key on the remote-host’s authorized_keys file without checking for duplicates. Even with duplicate entries everything works as expected. But, I would like to have my authorized_keys file clutter free.

[转] Linux服务器三步骤配置免密码登陆

标签:sam   targe   turn   aaa   time   机器   last   style   信息   

原文地址:http://www.cnblogs.com/ld1226/p/6692503.html
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!