ssh如何免密登录

Windows 10免密登录Linux服务器

---

前言

SSH登录
1. winows 下用ssh-keygen 生成公钥和秘钥（使用git Bash Here）
使用命令 ssh-keygen.exe -t rsa （可以一路Enter）
2.将公钥发送到服务器
ssh-copy-id -i .ssh/id_rsa.pub user@192.168.1.110,此时会要求输一次服务 器密码

 ssh-copy-id -i id_rsa.pub root@192.168.200.134

【win10 ssh 上传密钥过程，出现 无法将“ssh-copy-id”项识别】`

function ssh-copy-id([string]$userAtMachine, $args){   
    $publicKey = "$ENV:USERPROFILE" + "/.ssh/id_rsa.pub"
    if (!(Test-Path "$publicKey")){
        Write-Error "ERROR: failed to open ID file '$publicKey': No such file"            
    }
    else {
        & cat "$publicKey" | ssh $args $userAtMachine "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys || exit 1"      
    }
}

3.vscode插件Remote Development如果已经配置好对应的服务器，那么下次 再ssh登陆时，就不用输密码了
另外，我vscode ssh的配置文件ssh_config路径C:\Users\Administrator.ssh，生成公钥私钥放的位置也在这儿

---

提示：以下是本篇文章正文内容，下面案例可供参考

一、权限(非root)

chmod 644 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 755 /home/user

二、配置

1./etc/ssh/sshd_config修改

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
PermitRootLogin yes

2.记得重启服务器SSH

systemctl restart sshd.service

三、VSCODE免密配置

https://blog.csdn.net/weixin_40607008/article/details/98471293

四、问题排查

1.ssh 客户端 ssh -p portXXX -vvv 服务器IP

ssh -p 1025 -vvv 192.168.200.210
首先还是要拿到明细 debug 日志，看看卡在哪里了。
linux 下的不少命令都自带调试功能，比如 ssh 就自带 debug 功能：
ssh -p 1025 -vvv 192.168.200.210
复制代码
ssh -vvv localhost
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/work/.ssh/identity type -1
debug1: identity file /home/work/.ssh/identity-cert type -1
…
debug3: remaining preferred: keyboard-interactive,password
// 启用公钥登录
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/work/.ssh/identity
debug3: no such identity: /home/work/.ssh/identity
debug1: Offering public key: /home/work/.ssh/id_rsa
debug3: send_pubkey_test
// 发送公钥包，等待服务器认证响应
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1741
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/work/.ssh/id_dsa
debug3: no such identity: /home/work/.ssh/id_dsa
debug1: Trying private key: /home/work/.ssh/id_ecdsa
debug3: no such identity: /home/work/.ssh/id_ecdsa
// 没通过认证，禁用该认证方法
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
// 下一个认证方法：启用密码登录
debug1: Next authentication method: password
work@localhost’s password:

首先还是要拿到明细 debug 日志，看看卡在哪里了。
linux 下的不少命令都自带调试功能，比如 ssh 就自带 debug 功能：

复制代码
ssh -vvv localhost
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/work/.ssh/identity type -1
debug1: identity file /home/work/.ssh/identity-cert type -1
…
debug3: remaining preferred: keyboard-interactive,password
// 启用公钥登录
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/work/.ssh/identity
debug3: no such identity: /home/work/.ssh/identity
debug1: Offering public key: /home/work/.ssh/id_rsa
debug3: send_pubkey_test
// 发送公钥包，等待服务器认证响应
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1741
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /home/work/.ssh/id_dsa
debug3: no such identity: /home/work/.ssh/id_dsa
debug1: Trying private key: /home/work/.ssh/id_ecdsa
debug3: no such identity: /home/work/.ssh/id_ecdsa
// 没通过认证，禁用该认证方法
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
// 下一个认证方法：启用密码登录
debug1: Next authentication method: password
work@localhost’s password:

2.服务器端查看失败原因

tail -f /var/log/secure
如果存在：Authentication refused: bad ownership or modes for directory /root

3. 问题解决

1、chmod 700 /root

四、测试

在window10下cmd，输入ssh root@ip 地址即可