ssh 无密码登录
没有密码? (Passwordless?)
Yes, you heard it right: passwordless. Using it, you are able to just run:
是的,您没听错:无密码。 使用它,您可以运行:
user@client:$ ssh user@server
// connectinguser@server:$
Sure, it is convenient. But it is not just about convenience and security: One task that absolutely needs it is automation. If you want your scripts (deployment, maintenance, etc.) to perform any SSH-related tasks, you will need this enabled.
当然,这很方便。 但这不仅涉及便利性和安全性:绝对需要的一项任务是自动化。 如果您希望脚本(部署,维护等)执行任何与SSH相关的任务,则需要启用此功能。
But you might be wondering how it can ever be secure. Surely nothing can protect you more than a long password? In theory, yes. In practice, it’s really easy to leak the password, forget it, use it elsewhere, or use a common one that can easily be hacked.
但是您可能想知道它如何安全。 当然,除了长密码,没有什么可以保护您的? 从理论上讲,是的。 实际上,泄漏密码,忘记密码,在其他地方使用密码或使用容易被黑客入侵的通用密码确实很容易。
Passwordless, on the other hand, is immune to all kinds of attacks, as long as your own system is not compromised or your attackers don’t have a quantum computer. Fair to say, nothing is going to be secure when we get quantum computers, so let’s just ignore that for now.
另一方面,只要您的系统没有受到威胁或攻击者没有量子计算机,无密码就可以抵抗各种攻击。 可以说,当我们获得量子计算机时,没有什么是安全的,所以让我们暂时忽略它。
它是如何工作的? (How Does It Work?)
Firstly, you have to understand what public/private keys are. A private key is a very long, random stream of bits (2,048 is used most often). A private key is kept secret and never leaves the client (your PC). A public key is another