A-A+
使用ssh公钥实现ssh免密码登录
昨晚熬夜测试了使用SSH公钥来进行无密码远程登录,一切都比较顺利,下面是这次测试的详细记录。
客户机的ip地址:192.168.2.11
远端主机的IP地址:192.168.2.12
在客户机以root用户执行下述命令:
- [root@localhost .ssh]# /usr/bin/ssh-keygen -t rsa
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa):
- Enter passphrase (empty for no passphrase):
- Enter same passphrase again:
- Your identification has been saved in /root/.ssh/id_rsa.
- Your public key has been saved in /root/.ssh/id_rsa.pub.
- The key fingerprint is:
- 30:f6:d7:2a:ac:56:eb:3f:fa:40:25:8d:90:96:68:cb root@localhost.localdomain
说明:
该命令将在用户的主目录/.ssh目录下面产生一对密钥
一般采用的ssh的rsa密钥:
id_rsa 私钥
id_rsa.pub 公钥
下述命令产生不同类型的密钥
- ssh-keygen -t dsa
- ssh-keygen -t rsa
- ssh-keygen -t rsa1
- -------------------------------------------------------
- [root@localhost .ssh]# scp /root/.ssh/id_rsa.pubroot@192.168.2.12:/root/.ssh/authorized_keys
- The authenticity of host '192.168.2.12 (192.168.2.12)' can't be established.
- RSA key fingerprint is 4b:a5:74:fb:2e:08:60:af:fa:76:d4:b0:26:4c:13:75.
- Are you sure you want to continue connecting (yes/no)? yes
- Warning: Permanently added '192.168.2.12' (RSA) to the list of known hosts.
- root@192.168.2.12's password:
- id_rsa.pub
100% 236 0.2KB/s 00:00
说明:
将公钥拷贝到远端主机,并写入授权列表文件
你也可以把公钥文件拷贝过去后,在远端主机下直接执行
- touch /root/.ssh/authorized_keys
- cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
操作完毕,登陆检查。
- [root@localhost .ssh]# ssh 192.168.2.12
- root@192.1682.12's password:
请注意此时如果仍提示输入密码,请检查如下文件夹和文件的操作权限,这是非常重要的, 否则ssh公钥认证体制不能正常工作:
- 192.168.2.11(客户端)
- /home/root文件夹的权限是600
- /home/root/.ssh文件夹的权限是600 (好像这个权限关系不是很大)
- /home/root/.ssh/id_dsa私钥的权限600
- 192.168.2.12(远端主机)
- /home/root文件夹的权限是644
- /home/root/.ssh文件夹的权限是644 (好像这个权限关系不是很大)
- /root/.ssh/authorized_keys公钥的权限644
- --------------------------------------------------------------
- [root@localhost ~]# ssh 192.168.2.12
- Last login: Sat Dec 15 21:10:17 2007 from 192.168.2.11
- [root@localhost ~]#
无密码SSH登陆成功!