ssh 免密钥登陆

前言

我们在进行客户机到主机的SSH连接的时候,往往采用PASSWORD登陆的方式,总是显得很繁琐。我们可以更具RSA密钥来避免这种登陆方式。

场景

我们需要从client机器上远程登陆server机器。登陆方式采用RSA密钥免密码登陆方式。其中client机器为Fedora,server为Ubuntu。

步骤

客户机生成密钥

用corey登陆客户机client。

[corey@corey-fedora .ssh]$Su

[corey@corey-fedora .ssh]$Chmod a+w /home/corey/.ssh

[corey@corey-fedora .ssh]$Su corey

[corey@corey-fedora .ssh]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/corey/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/corey/.ssh/id_rsa.

Your public key has been saved in /home/corey/.ssh/id_rsa.pub.

The key fingerprint is:

d4:4b:69:f3:19:bc:bf:82:56:40:43:4c:57:02:43:1a corey@corey-fedora

The key's randomart image is:

+--[ RSA 2048]----+

| E=*.o.. |

| ++= . |

| o.*.o |

| . o.+ + |

| S ..+ |

| .. |

| o . |

| o . . |

| . .. |

+-----------------+

[corey@corey-fedora .ssh]$ ls

id_rsa id_rsa.pub

上传公钥至服务器

用corey登陆server服务器。将id_rsa.pub上传到/home/corey/.ssh

corey@corey-ubuntu:~/.ssh$ cat id_rsa.pub >>authorized_keys

corey@corey-ubuntu:~/.ssh$ ls

authorized_keys id_rsa id_rsa.pub

corey@corey-ubuntu:~/.ssh$ chmod 644 authorized_keys

corey@corey-ubuntu:~/.ssh$ ls

authorized_keys id_rsa id_rsa.pub

corey@corey-ubuntu:~/.ssh$

从客户机client登陆server

[corey@corey-fedora .ssh]$ ssh 192.168.1.103

The authenticity of host '192.168.1.103 (192.168.1.103)' can't be established.

RSA key fingerprint is 5b:3b:4d:00:b6:9f:e7:d6:fb:e9:9f:25:40:4d:4a:50.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.103' (RSA) to the list of known hosts.

Linux corey-ubuntu 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686

The programs included with the Ubuntu system are free software;

the exact distribution terms for each program are described in the

individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by

applicable law.

To access official Ubuntu documentation, please visit:

http://help.ubuntu.com/

285 packages can be updated.

318 updates are security updates.

Last login: Wed Jun 16 10:37:01 2010 from 192.168.1.100

Note

客户机的.ssh目录必须在生成rsa密钥的时候可写

服务主机的.ssh权限为700

服务主机的authorized_keys权限为644

主机和客户机的用户用户名相同(本文同为corey)

你可能感兴趣的:(ssh 免密钥登陆)