我们在进行客户机到主机的SSH连接的时候,往往采用PASSWORD登陆的方式,总是显得很繁琐。我们可以更具RSA密钥来避免这种登陆方式。
我们需要从client机器上远程登陆server机器。登陆方式采用RSA密钥免密码登陆方式。其中client机器为Fedora,server为Ubuntu。
用corey登陆客户机client。
[corey@corey-fedora .ssh]$Su
[corey@corey-fedora .ssh]$Chmod a+w /home/corey/.ssh
[corey@corey-fedora .ssh]$Su corey
[corey@corey-fedora .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/corey/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/corey/.ssh/id_rsa.
Your public key has been saved in /home/corey/.ssh/id_rsa.pub.
The key fingerprint is:
d4:4b:69:f3:19:bc:bf:82:56:40:43:4c:57:02:43:1a corey@corey-fedora
The key's randomart image is:
+--[ RSA 2048]----+
| E=*.o.. |
| ++= . |
| o.*.o |
| . o.+ + |
| S ..+ |
| .. |
| o . |
| o . . |
| . .. |
+-----------------+
[corey@corey-fedora .ssh]$ ls
id_rsa id_rsa.pub
用corey登陆server服务器。将id_rsa.pub上传到/home/corey/.ssh
corey@corey-ubuntu:~/.ssh$ cat id_rsa.pub >>authorized_keys
corey@corey-ubuntu:~/.ssh$ ls
authorized_keys id_rsa id_rsa.pub
corey@corey-ubuntu:~/.ssh$ chmod 644 authorized_keys
corey@corey-ubuntu:~/.ssh$ ls
authorized_keys id_rsa id_rsa.pub
corey@corey-ubuntu:~/.ssh$
[corey@corey-fedora .ssh]$ ssh 192.168.1.103
The authenticity of host '192.168.1.103 (192.168.1.103)' can't be established.
RSA key fingerprint is 5b:3b:4d:00:b6:9f:e7:d6:fb:e9:9f:25:40:4d:4a:50.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.103' (RSA) to the list of known hosts.
Linux corey-ubuntu 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To access official Ubuntu documentation, please visit:
http://help.ubuntu.com/
285 packages can be updated.
318 updates are security updates.
Last login: Wed Jun 16 10:37:01 2010 from 192.168.1.100
客户机的.ssh目录必须在生成rsa密钥的时候可写
服务主机的.ssh权限为700
服务主机的authorized_keys权限为644
主机和客户机的用户用户名相同(本文同为corey)