Linux下scp/ssh免输入密码的办法

Linux下scp拷贝文件/ssh登录免输入密码的办法

通过证书完成验证，免输入密码。

假设在client上需要访问server端进行文件的scp，或者ssh登录操作。

下面所有命令都在client端运行。

1. 创建ssh key

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home//.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home//.ssh/id_rsa.
Your public key has been saved in /home//.ssh/id_rsa.pub.
The key fingerprint is:
...

这一步完成之后，在客户端的~/.ssh目录下面会生成两个文件：

$ ls -l ~/.ssh
id_rsa
id_rsa.pub

这正好是一对public/private key.

2. 拷贝key到远端server上

$ ssh-copy-id @
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home//.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
@'s password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '@'"
and check to make sure that only the key(s) you wanted were added.

这一步的作用是把用户的公钥文件(~/.ssh/id_rsa.pub)拷贝到远程server上，这样以后scp/ssh才能不需要口令。

我们看远程server上的执行结果：
会把的公钥内容添加到远程server上~/.ssh/authorized_keys文件内。

$ ls -l ~/.ssh
authorized_keys

这一步如果不用命令ssh-copy-id，可以手工操作，直接把客户端公钥文件(_{/.ssh/id_rsa.pub)内容拷贝到远程server端的}/.ssh/authorized_keys文件里面即可。

3. 验证ssh有效

在前面一步的提示符就有，让你用这个命令验证：ssh '@'

$ ssh '@'
Last login: Mon Nov 12 05:45:28 2018 from 
[@ ~]$

完毕。