Linux实现SSH无密码登录
假设服务器 IP 地址为 192.168.1.1 ,机器名: cluster.hpc.org
客户端 IP 地址为 172.16.16.1 ,机器名: p470-2.wangrx.sioc.ac.cn
客户端用户 yzhao 需要使用 ssh 无密码登录服务器的 zhaoy 帐户
实现原理
使用一种被称为"公私钥"认证的方式来进行ssh登录. "公私钥"认证方式简单的解释是
- 首先在客户端上 创建一对公私钥 (公钥文件: ~/.ssh/id_rsa.pub ; 私钥文件: ~/.ssh/id_rsa )
- 然后把公钥放到服务器上 ( ~/.ssh/authorized_keys ) , 自己保留好私钥
- 当ssh登录时,ssh程序会发送私钥去和服务器上的公钥做匹配.如果匹配成功就可以登录了
设置如下
1 、以 yzhao 用户登录客户机器并在客户端机器上执行 "ssh-keygen -t rsa"
( 注:每次执行 "ssh-keygen -t rsa" 产生的私钥文件都会不同 )
a )如果文件 "~/.ssh/id_rsa" 存在,会提示是否覆盖该文件,此时可选择 "n" 不覆盖该文件而使用已有的 id_rsa 文件;如果选择 "y" 则会重新生成 "~/.ssh/id_rsa" 文件,接下来会提示输入 passphrase ,回车确定使用空的 passphrase ,再次回车确认(这里也可以输出 passphrase ,相当于 ssh 时登录的密码)。然后会重新生成 "~/.ssh/id_rsa" 文件和 "~/.ssh/id_rsa.pub" 文件(结果如下)。
[yzhao@p470-2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/disk2/yzhao/.ssh/id_rsa):
/disk2/yzhao/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /disk2/yzhao/.ssh/id_rsa.
Your public key has been saved in /disk2/yzhao/.ssh/id_rsa.pub.
The key fingerprint is:
6d:a1:17:8a:b6:d2:c0:a1:6c:66:ba:85:0b:7b:9f:0c [email protected]
b )如果 "~/.ssh/id_rsa" 文件和 "~/.ssh/id_rsa.pub" 文件不存在则会自动创建新的 "~/.ssh/id_rsa" 文件和 "~/.ssh/id_rsa.pub" 文件, passphrase 设置同上。
[yzhao@p470-2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/disk2/yzhao/.ssh/id_rsa):
Created directory '/disk2/yzhao/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /disk2/yzhao/.ssh/id_rsa.
Your public key has been saved in /disk2/yzhao/.ssh/id_rsa.pub.
The key fingerprint is:
54:49:ad:33:b3:ff:71:da:6d:db:78:d0:bb:6a:15:bc [email protected]
2 、使用 ssh [email protected] 登录到服务器,编辑服务器上 "~/.ssh/authorized_keys" 文件,将客户端机器上的 "~/.ssh/id_rsa.pub" 文件内容追加到 "~/.ssh/authorized_keys" 文件中。
(注:可以在客户端机器上使用以下命令来实现:
cat ~ /.ssh/ id_rsa .pub | ssh zhaoy@ 192.168.1. 1 "cat - >> ~/.ssh/authorized_keys"
cat /root/.ssh/id_rsa.pub|ssh [email protected] "cat - >> /root/.ssh/authorized_keys"
此时会要求输入 zhaoy 在服务器上的登录密码,输入后即会将客户端机器上的 "~/.ssh/id_rsa.pub" 文件内容追加到服务器上的 "~/.ssh/authorized_keys" 文件中)
如果是首次连接服务器会出现以下的提示,确认连接并输入密码后其他直接回车确定。
[yzhao@p470-2 ~]$ ssh [email protected]
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is 94:91:33:01:6b:e7:10:ae:42:ac:ea:5c:8c:bb:f1:18.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
[email protected]'s password:
Last login: Fri Dec 21 17:41:38 2007 from 172.16.16.1
Rocks 4.2.1 (Cydonia)
Profile built 03:58 21-Jun-2007
Kickstarted 12:25 21-Jun-2007
Rocks Frontend Node - Our Cluster Cluster
It doesn't appear that you have set up your ssh key.
This process will make the files:
/home/zhaoy/.ssh/id_rsa.pub
/home/zhaoy/.ssh/id_rsa
/home/zhaoy/.ssh/authorized_keys
Generating public/private rsa key pair.
Enter file in which to save the key (/home/zhaoy/.ssh/id_rsa):
Created directory '/home/zhaoy/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/zhaoy/.ssh/id_rsa.
Your public key has been saved in /home/zhaoy/.ssh/id_rsa.pub.
The key fingerprint is:
7e:f6:ab:b0:79:70:cb:c9:f7:40:37:aa:10:4d:4a:ac [email protected]
3 、如果在第 1 步中 使用了空的passphrase ,则可以跳过第 4 步,此时在客户端即可以使用 "ssh [email protected]" 即可无密码登录到服务器;如果第一步中设置了 passphrase ,则继续执行以下步骤。
4 、 如果第 1 步中设置了 passphrase ,则此时需要输入该 passphrase 登录服务器。 此时 前面我们把输入密码变成了输入passphrase , 这没有带来任何方便 。 但是 我们可以通过 ssh-agent 来帮助我们自动输入 passphrase(只是看起来像是自动输入而已) , 我们只要 在第一次登录时 输入一次passphrase, 以后的工作就可以交给ssh-agent 。在客户端机器上执行命令 ssh-add , 这里会提示输入一次passphrase 。输入第一步中设置的 passphrase 之后会修改 "~/ .ssh / id_rsa " 文件。再在客户端执行 "ssh [email protected]" 即可无密码登录到服务器端。
[yzhao@p470-2 ~]$ ssh-add
Enter passphrase for /disk2/yzhao/.ssh/id_rsa:
Identity added: /disk2/yzhao/.ssh/id_rsa (/disk2/yzhao/.ssh/id_rsa)
[yzhao@p470-2 ~]$ ssh [email protected]
Last login: Fri Dec 21 17:55:38 2007 from 172.16.16.1
Rocks 4.2.1 (Cydonia)
Profile built 03:58 21-Jun-2007
Kickstarted 12:25 21-Jun-2007
Rocks Frontend Node - Our Cluster Cluster
[zhaoy@cluster ~]$