使用ssh、scp时不再输入密码
1 目的:
在 A机器:192.168.1.2 上使用ssh、scp对 B机器:192.168.1.11 操作时不再输入密码。
2 方法:
使用 ssh-keygen 生成当前用户公钥和私钥,公钥内容追加到目的主机的对应用户的home目录下的 ~/.ssh/authorized_keys;这样使用私钥就可以不输入密码ssh或者scp目的主机
3 具体:
3.1 ssh-keygen 常用选项
-f 指定密钥文件名
-N 提供一个密钥对密码
-t 指定要创建的密钥类型。可以使用:"rsa1"(SSH-1) "rsa"(SSH-2) "dsa"(SSH-2)
3.2 实例1 无密钥对密码
使用无密钥对密码产生的密钥对时,无需输入如密码,使用有密钥对密码产生的密钥对时,需要输入密钥对密码(是ssh-keygen的-N参数值或者Enter passphrase (empty for no passphrase):时的输入)
红色字体是在 192.168.1.2 上的操作,紫色字体是在192.168.1.11上的操作
[root@test2 ~]# ssh-keygen -f /root/.ssh/op_center_rsa -t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): #直接回车,无密钥对密码
Enter same passphrase again: #直接回车,无密钥对密码
Your identification has been saved in /root/.ssh/op_center_rsa.
Your public key has been saved in /root/.ssh/op_center_rsa.pub.
The key fingerprint is:
f5:16:65:d0:7e:08:da:df:89:4c:86:4c:c9:6d:2e:a3 root@test2
[root@test2 ~]# scp -P20009 /root/.ssh/op_center_rsa.pub 192.168.1.11:/root/.ssh/
Address 192.168.1.11 maps to test2, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.11's password:
op_center_rsa.pub 100% 396 0.4KB/s 00:00
[root@test11 ~]# cd .ssh/
[root@test11 .ssh]# ls
known_hosts op_center_rsa.pub
[root@test11 .ssh]# mv op_center_rsa.pub
[root@test11 .ssh]# cat op_center_rsa.pub >> authorized_keys; chmod 0600 authorized_keys;rm -f op_center_rsa.pub#这里的 authorized_keys 的权限必须是 0600
[root@test11 .ssh]# ls -l authorized_keys
-rw------- 1 root root 396 Feb 6 12:14 authorized_keys
[root@test11 .ssh]# ifconfig |grep "192.168.1.11"
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
[root@test11 .ssh]#
[root@test2 ~]# ssh -p20009 -i /root/.ssh/op_center_rsa 192.168.1.11 ifconfig |grep "192.168.1.11" #验证密钥对是否生效
Address 192.168.1.11 maps to test2, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
[root@test2 ~]#
3.3 实例2 有密钥密码
红色字体是在 192.168.1.2 上的操作,紫色字体是在192.168.1.11上的操作
[root@test2 ~]# ssh-keygen -f /root/.ssh/pass_op_center_rsa -t rsa -N"123456"
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/pass_op_center_rsa.
Your public key has been saved in /root/.ssh/pass_op_center_rsa.pub.
The key fingerprint is:
a5:b7:7e:a2:30:70:f0:25:f6:fd:6b:f1:c0:a7:f3:9a root@test2
[root@test2 ~]# scp -P20009 /root/.ssh/pass_op_center_rsa.pub 192.168.1.11:/root/.ssh/
Address 192.168.1.11 maps to test2, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
root@192.168.1.11's password:
pass_op_center_rsa.pub 100% 396 0.4KB/s 00:00
[root@test11 ~]# cd /root/.ssh/
[root@test11 .ssh]# ls
authorized_keys known_hosts pass_op_center_rsa.pub
[root@test11 .ssh]# cat pass_op_center_rsa.pub >> authorized_keys; chmod 0600 authorized_keys; rm -f pass_op_center_rsa.pub #这里的 authorized_keys 的权限必须是 0600
[root@test11 .ssh]# ifconfig |grep "192.168.1.11"
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
[root@test11 .ssh]#
[root@test2 ~]# ssh -p20009 -i /root/.ssh/pass_op_center_rsa 192.168.1.11 ifconfig |grep "192.168.1.11"#验证密钥对是否生效
Address 192.168.1.11 maps to test2, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Enter passphrase for key '/root/.ssh/pass_op_center_rsa': #这时这里要输入 ssh-keygen -N参数的内容
inet addr:192.168.1.11 Bcast:192.168.1.255 Mask:255.255.255.0
[root@test2 ~]#
这里的私钥文件也可以下载到windows使用Xshell登录.
------------- end -------------
From: GS
-------------------------------
From: GS
-------------------------------