linux下ssh/scp使用公鑰認證方式登陸
|
比如想要在192.168.41.76服務器上, 不輸入用戶密碼即以root用戶登陸192.168.41.75服務器.
1) 在192.168.41.76上創建公鑰和私鑰
[192.168.41.76]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa): //直接回車, 默認位置.ssh/id_rsa
Enter passphrase (empty for no passphrase): //直接回車, 沒有密碼
Enter same passphrase again: //直接回車, 沒有密碼
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
f3:66:3d:23:9f:cf:78:0b:f8:58:8f:3d:ee:ba:55:99 root@dw_test1
[192.168.41.76]# ll ~/.ssh
-rw------- 1 root root 883 Jun 30 14:25 id_rsa
-rw-r--r-- 1 root root 221 Jun 30 14:25 id_rsa.pub
說明:
-t rsa表示SSH生成RSA類型的密鑰, 這是默認的行爲. 也可以執行生成DSA類型的密鑰. 這時查看.ssh文件夾發現多了兩個文件, id_rsa爲私鑰, id_rsa.pub爲公鑰.
2) 確認192.168.41.75上是否有~/.ssh目錄, 沒有則先建立
[192.168.41.75]# ll ~/.ssh
[192.168.41.75]# mkdir ~/.ssh
3) 在 192.168.41.76上使用將的公鑰id_rsa.pub複製到192.168.41.75上scp
[192.168.41.76]# scp ~/.ssh/id_rsa.pub [email protected]:~/
[email protected]'s password: //輸入遠程服務器root登錄密碼
4) 在192.168.41.75上追加id_rsa.pub內容到相應用戶下的~/.ssh/authorized_keys文件裏, 並刪除id_rsa.pub文件
[192.168.41.75]# cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
[192.168.41.75]# rm -f id_rsa.pub
5) 這樣在192.168.41.76上就可以不輸入密碼直接以root用戶登陸192.168.41.75了, 也多了一個known_hosts文件
[192.168.41.76]# ssh 192.168.41.75
[192.168.41.76]# ll ~/.ssh
-rw-r--r-- 1 root root 221 2009-06-30 14:25:32.000000000 +0800 id_rsa.pub
-rw------- 1 root root 883 2009-06-30 14:25:32.000000000 +0800 id_rsa
-rw-r--r-- 1 root root 223 2009-06-30 14:30:26.000000000 +0800 known_hosts
6) 注意
.ssh目錄的權限必須是0700, .ssh/authorized_keys文件權限必須是0600, 否則公鑰認證不會生效. 如果想直接進入192.168.41.75的其他用戶, 則需要將公鑰追加到其他用戶的authorized_keys文件裏.
|