password-less ssh access
2013-03-19使用公钥认证(Public key authentication)而不是密码连接主机。方法是将你的公钥文件id_rsa.pub送到远程主机重名为authorized_keys(你可以理解为将间谍派送到服务器)。
Step 1: On one of the local LINUX machines, generate an id_rsa and id_rsa.pub pair as follows (this machine will subsequently be referred to as your home machine):
###CLIENT(login server)#################
% ssh-keygen -t rsa
or
% ssh-keygen -t rsa -N ''
ssh-keygen will create the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. When prompted for a passphrase, simply hit return (to use a null passphrase).
If such files already exist, ssh-keygen will warn you that you will be overwriting them if you proceed. If you get such a warning, type n to abort the key
generation, since you have already generated the requisite keys.
###Server 上authorized_keys################################
Step 2: Copy the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys on any and all machines to which you want to be able to ssh to without being prompted for a password (typically done using a text editor). This includes the machine on which you generated the key. Note that by "machines" here, I mean all clusters of machines for which you have a distinct home directory (e.g. home directories on the bh and vn machines are distinct).
The authorized_keys files can contain an arbitrary number of entries, one per line, but one of the entries must be identical to the contents of id_rsa.pub.
% cat id_rsa.pub |ssh -p322 root@172.16.1.105 'cat - >> ~/.ssh/authorized_keys'
vi /usr/bin/ssh-copy-id
修改端口 ssh -p322
ssh-copy-id -i .ssh/id_rsa.pub root@192.168.0.1
Step 3: Copy the files ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub (using scp e.g.) to ~/.ssh on any other systems on which you wish to duplicate the identity you have
created in Step 1. This will effectively make your accounts on these other systems mirrors of that used in Step 1 with respect to ssh.
Sample commands:
my-workstation% cd ~/.ssh
my-workstation% scp id_rsa id_rsa.pub myaccount@somemachine.somewhere.ca:~/.ssh
Comment: Once you have generated a key pair, and have installed the keys in ~/.ssh/authorized_keys on your home machine, Steps 1 and 2 can be combined any time you
get a new account to which you want password-less ssh access; i.e. when you get such an account, simply scp all three files
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
~/.ssh/authorized_keys
to ~/.ssh on the new account.
分类:Linux | 标签: ssh |