sftp 密钥对的建立

有些时候，我们在复制/移动文件到另一台机器时会用到scp，因为它比较安全。但如果每次
 
都要输入密码，就比较烦了，尤其是在script里。不过，ssh有另一种用密钥对来验证的方
 
式。下面写出我生成密匙对的过程，供大家参考。
 
第一步：生成密匙对，我用的是rsa的密钥。使用命令 "ssh-keygen -t rsa"
 

01.   [user1@rh user1]$ ssh-keygen -t rsa
 
02.   Generating public/private rsa key pair.
 
03.   Enter file in which to save the key (/home/user1/.ssh/id_rsa):
 
04.   Created directory '/home/user1/.ssh'.
 
05.   Enter passphrase (empty for no passphrase):
 
06.   Enter same passphrase again:
 
07.   Your identification has been saved in /home/user1/.ssh/id_rsa.
 
08.   Your public key has been saved in /home/user1/.ssh/id_rsa.pub.
 
09.   The key fingerprint is:
 
10.   e0:f0:3b:d3:0a:3d:da:42:01:6a:61:2f:6c:a0:c6:e7 user1@rh.test.com
 
11.   [user1@rh user1]$
复制代码
 生成的过程中提示输入密钥对保存位置，直接回车，接受默认值就行了。接着会提示输入一
 
个不同于你的password的密码，直接回车，让它空着。当然，也可以输入一个。(我比较懒
 
，不想每次都要输入密码。) 这样，密钥对就生成完了。
 
其中公共密钥保存在 ~/.ssh/id_rsa.pub
 私有密钥保存在 ~/.ssh/id_rsa
 
然后改一下 .ssh 目录的权限，使用命令 "chmod 755 ~/.ssh"
 

01.   [user1@rh user1]$ chmod 755 ~/.ssh
 
02.   [user1@rh user1]$
复制代码

 之后把这个密钥对中的公共密钥复制到你要访问的机器上去，并保存为

~/.ssh/authorized_keys.
 

01.   [user1@rh user1]$ scp ~/.ssh/id_rsa.pub rh1:/home/user1/.ssh/authorized_keys
 
02.   user1@rh1's password:
 
03.   id_rsa.pub                                    100%  228     3.2MB/s   00:00
 
04.   [user1@rh user1]$
复制代码

---------做到这一步的时候如果不能实现可以换另一种放法;

----1.首先登陆到远程的主机上，根据路径/home/user1/.ssh/进行《手动的执行刚刚那一步》

[sps_wanghu@F6ND3-01p .ssh]$ ssh venusftp@133.64.102.47
venusftp@133.64.102.47's password:
Last login: Wed Dec 11 20:06:29 2013 from 133.64.102.57
[venusftp@vm-4acj-01 ~]$ ls
[venusftp@vm-4acj-01 ~]$ cd .ssh
[venusftp@vm-4acj-01 .ssh]$ ls
id_rsa.pub  known_hosts
[venusftp@vm-4acj-01 .ssh]$ mv id_rsa.pub authorized_keys

[sps_wanghu@F6ND3-01p home]$ pwd
/home
[sps_wanghu@F6ND3-01p home]$ cd sps_wanghu
[sps_wanghu@F6ND3-01p ~]$ mkdir soft
[sps_wanghu@F6ND3-01p ~]$ ls
alertCpuUseage.sh  record.log  soft
[sps_wanghu@F6ND3-01p ~]$ cd soft
[sps_wanghu@F6ND3-01p soft]$ ls
[sps_wanghu@F6ND3-01p soft]$ touch test.sh
[sps_wanghu@F6ND3-01p soft]$ vi test.sh

[sps_wanghu@F6ND3-01p soft]$ ls
test.sh
[sps_wanghu@F6ND3-01p soft]$ sh test.sh
Connecting to 133.64.102.47...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for '/home/sps_wanghu/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/sps_wanghu/.ssh/id_rsa
venusftp@133.64.102.47's password:

 

[sps_wanghu@F6ND3-01p .ssh]$ ssh venusftp@133.64.102.47
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/home/sps_wanghu/.ssh/id_rsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /home/sps_wanghu/.ssh/id_rsa
venusftp@133.64.102.47's password:

 

[sps_wanghu@F6ND3-01p .ssh]$ chmod 600 common_id_rsa
[sps_wanghu@F6ND3-01p .ssh]$ ll
总用量 16
-rw-------. 1 sps_wanghu sps_wanghu 1675 12月 12 16:40 common_id_rsa
-rw-r-----. 1 sps_wanghu sps_wanghu 1675 12月 12 15:32 id_rsa
-rwxr-----. 1 sps_wanghu sps_wanghu  402 12月 12 15:32 id_rsa.pub
-rw-r--r--. 1 sps_wanghu sps_wanghu 1184 12月 11 19:07 known_hosts
[sps_wanghu@F6ND3-01p .ssh]$ ssh -i common_id_rsa venusftp@133.64.102.47
Last login: Thu Dec 12 16:30:13 2013 from 133.64.101.26
[venusftp@vm-4acj-01 ~]$ OK le 
-b

 之这样就大功告成了。之后你再用ssh scp sftp 之类的访问那台机器时，就不用输入密码
 
了，用在script上更是方便。

转载于:https://my.oschina.net/u/1427571/blog/186820