标签:ssh自动化登录
设置SSH自动化认证需要两步。
(1)在本机创建SSH密钥。
(2)将生成的公钥传到远程主机,并将其加入到~/.ssh/authorized_keys中。
创建SSH密钥,输入命令ssh-keygen,并规定加密算法类型为RSA:
[root@localhost tmp]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 19:26:f3:6b:7a:cb:44:48:00:93:99:bc:16:84:26:bc root@localhost You have new mail in /var/spool/mail/root [root@localhost tmp]# cd /root/.ssh/ [root@localhost .ssh]# ls id_rsa id_rsa.pub known_hosts
您需要输入一个口令来生成一对公钥和私钥。如果不输入口令的话,也可以生成密钥,但是这种做法是不安全的的行为。我们可以编写监控脚本,利用自动登录来登入多台主机。对于这种情况,在运行ssh-keygen命令时,不要填入口令,这样就能够避免在运行脚本的时候向您所有口令了。-
公钥必须天际到远程服务器~/.ssh/authorized_keys文件中,要添加一个密钥到远程主机可以是使用
#说明:"cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub 关于这句的具体解释,cat >> ~/.ssh/authorized_keys将通过stdin接收到的数据添加到文件list中。这条命令在远程主机上执行的,但数据却是从本地主机传递到远程shell的stdin的。 [root@localhost .ssh]# ssh root@192.168.1.16 "cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub Address 192.168.1.16 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! root@192.168.1.16‘s password: #这里由于在创建密钥的时候输入密码,在这里需要输入创建密钥时候的密码。 [root@localhost .ssh]# ssh root@192.168.1.16 uname -a Address 192.168.1.16 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Enter passphrase for key ‘/root/.ssh/id_rsa‘: Enter passphrase for key ‘/root/.ssh/id_rsa‘: Linux localhost 2.6.18-238.el5 #1 SMP Thu Jan 13 15:51:15 EST 2011 x86_64 x86_64 x86_64 GNU/Linux
标签:ssh自动化登录
原文地址:http://bronte.blog.51cto.com/2418552/1433450