使用ssh-keygen和ssh-copy-id三步实现SSH无密码登录

ssh-keygen  产生公钥与私钥对.

ssh-copy-id 将本机的公钥复制到远程机器的authorized_keys文件中,ssh-copy-id也能让你有到远程机器的home, ~./ssh , 和 ~/.ssh/authorized_keys的权利

第一步:在本地机器上使用ssh-keygen产生公钥私钥对

  1. [email protected]$ [Note: You are on local-host here]
  2. [email protected]$ ssh-keygen
  3. Generating public/private rsa key pair.
  4. Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]
  5. Enter passphrase (empty for no passphrase): [Press enter key]
  6. Enter same passphrase again: [Pess enter key]
  7. Your identification has been saved in /home/jsmith/.ssh/id_rsa.
  8. Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.
  9. The key fingerprint is:
  10. 33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 [email protected]

第二步:用ssh-copy-id将公钥复制到远程机器中

  1. [email protected]$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
  2. [email protected]‘s password:
  3. Now try logging into the machine, with "ssh ‘remote-host‘", and check in:
  4. .ssh/authorized_keys
  5. to make sure we haven‘t added extra keys that you weren‘t expecting.

注意: ssh-copy-id 将key写到远程机器的 ~/ .ssh/authorized_key.文件中

第三步: 登录到远程机器不用输入密码

  1. [email protected]$ ssh remote-host
  2. Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
  3. [Note: SSH did not ask for password.]
  4. [email protected]$ [Note: You are on remote-host here]

常见问题:

  1. ssh-copy-id -u eucalyptus -i ~eucalyptus/.ssh/id_rsa.pub [email protected]_host

上述是给eucalyptus用户赋予无密码登陆的权利

[1]

  1. /usr/bin/ssh-copy-id: ERROR: No identities found

使用选项 -i ,当没有值传递的时候或者 如果 ~/.ssh/identity.pub 文件不可访问(不存在), ssh-copy-id 将显示上述的错误信息  ( -i选项会优先使用将ssh-add -L的内容)

  1. [email protected]$ ssh-agent $SHELL
  2. [email protected]$ ssh-add -L
  3. The agent has no identities.
  4. [email protected]$ ssh-add
  5. Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)
  6. [email protected]$ ssh-add -L
  7. ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV
  8. aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa
  9. [email protected]$ ssh-copy-id -i remote-host
  10. [email protected]‘s password:
  11. Now try logging into the machine, with "ssh ‘remote-host‘", and check in:
  12. .ssh/authorized_keys
  13. to make sure we haven‘t added extra keys that you weren‘t expecting.
  14. [Note: This has added the key displayed by ssh-add -L]

[2] ssh-copy-id应注意的三个小地方

    1. Default public key: ssh-copy-id uses ~/.ssh/identity.pub as the default public key file (i.e when no value is passed to option -i). Instead, I wish it uses id_dsa.pub, or id_rsa.pub, or identity.pub as default keys. i.e If any one of them exist, it should copy that to the remote-host. If two or three of them exist, it should copy identity.pub as default.
    2. The agent has no identities: When the ssh-agent is running and the ssh-add -L returns “The agent has no identities” (i.e no keys are added to the ssh-agent), the ssh-copy-id will still copy the message “The agent has no identities” to the remote-host’s authorized_keys entry.
    3. Duplicate entry in authorized_keys: I wish ssh-copy-id validates duplicate entry on the remote-host’s authorized_keys. If you execute ssh-copy-id multiple times on the local-host, it will keep appending the same key on the remote-host’s authorized_keys file without checking for duplicates. Even with duplicate entries everything works as expected. But, I would like to have my authorized_keys file clutter free.
时间: 2024-10-20 03:00:20

使用ssh-keygen和ssh-copy-id三步实现SSH无密码登录的相关文章

【转】使用ssh-keygen和ssh-copy-id三步实现SSH无密码登录

[原]http://blog.chinaunix.net/uid-26284395-id-2949145.html ssh-keygen  产生公钥与私钥对. ssh-copy-id 将本机的公钥复制到远程机器的authorized_keys文件中,ssh-copy-id也能让你有到远程机器的home, ~./ssh , 和 ~/.ssh/authorized_keys的权利 第一步:在本地机器上使用ssh-keygen产生公钥私钥对 [email protected]$ [Note: You

【Linux】ssh-copy-id三步实现ssh免密登陆

一.本地机器上使用ssh-keygen产生公钥私钥对 ssh-keygen -t rsa -C "[email protected]" --->执行完会在~/.ssh/下生成公钥私钥对 查看公钥私钥对: wucaiyundeMacBook-Pro:~ wucaiyun$ cd ~/.ssh/ wucaiyundeMacBook-Pro:.ssh wucaiyun$ ll total 24 899401 0 drwx------ 5 wucaiyun staff 160 12 18

三步配置SSH 免密码登录

Step1:在 Client 端建立 Public 与 Private Key $ssh-keygen -t dsa <==这个步骤产生 Keys  Generating public/private rsa key pair.  Enter file in which to save the key (/root/.ssh/id_dsa): <== 按下 Enter  Enter passphrase (empty for no passphrase): <== 按 Enter  En

详解ssh通过公钥密码、免密码登录以及导入公钥文件三种形式实现远程登录

简介 SSH(Secure Shell)是一种安全通道协议,主要用来实现字符界面的远程登录.远程复制等功能,SSH协议对通信双方的数据传输进行了加密处理,其中包括用户登录时输入的用户口令,与TELNET(远程登录,明文传递)等应用相比,SSH协议提供了更好的安全性 对称加密算法 采用单钥密码系统的加密方法,同一个密钥可以同时用作信息的加密和解密,这种加密方法称为对称加密,也称为单密钥加密.加密和解密是一样的,例如密码123,都是明文,用户密码并不多,有可能其他数据密码也用这个密码,一旦截获,直接

Linux与云计算——第二阶段 第三章:SSH服务器架设(上)openssh 基础

Linux与云计算--第二阶段Linux服务器架设 第三章:SSH服务器架设(上)openssh 基础 1.密码认证 配置SSH服务器以便远程主机连接访问 [1] 即使你在安装CentOS系统的时候选择了最小化安装,OpenSSH也会被默认安装,所以你不需要再安装任何额外的软件包来实现该功能.缺省情况下你可以通过密码实现远程访问,如果需要增强安全性,建议还是要修改部分配置. [[email protected] ~]# vim /etc/ssh/sshd_config # line 49:去掉备

SSH Passwordless Login Using SSH Keygen in 5 Easy Steps

SSH (Secure SHELL) is an open source and most trusted network protocol that is used to login into remote servers for execution of commands and programs. It is also used to transfer files from one computer to another computer over the network using se

第三十天-ssh key企业批量分发自动化管理案例

本文实现一个应用ssh key 批量分发案例 目录 一.ssh key 原理及案例原理简图 1.ssh key 简介 2.rsa和dsa区别 3.ssh-copy-id的特殊应用 4.ssh-copy-id的原理 5.案例简图 二.操作步骤 三.具体实现步骤 服务端A: 客户端B: 客户端C: 四.ssh 批量分发与管理方案小结 五.企业级生产场景批量管理,自动化管理方案 一.ssh key 原理及案例原理简图 1.ssh key 简介 特别提示:在整个方案实现中,公钥(public key)和

Linux与云计算——第二阶段 第三章:SSH服务器架设(下)openssh 进阶

Linux与云计算--第二阶段Linux服务器架设 第三章:SSH服务器架设(下)openssh 进阶 5.SFTP+Chroot 配置SFTP only + Chroot. 给一些用户限制他们只允许SFTP访问特定的目录. [1] 例如, 设置 /home 作为Chroot目录. # 为SFTP创建一个组 [[email protected] ~]# groupadd sftp_users # 限制只有用户"user"可以使用SFTP [[email protected] ~]# u

使用ssh keygen实现rsync免密钥同步数据

总结:生成公钥和私钥,把公钥推送到远端,并生成authorized_keys公钥验证配置文件rsync连接方式每次都需要输入密码:我们可以通过ssh keygen的公私钥机制来实现ssh连接时认证(做定时任务时,可能需要用到).1.服务器添加用户Ricky,并在家目录下创建.ssh目录(rsync服务端) [[email protected] ~]#useradd Ricky [[email protected] ~]# mkdir /home/Ricky/.ssh .ssh目录用来存放公钥验证