ssh密钥对验证方式
/ / 点击 /[原文]:
HOWTO: set up ssh keys
Paul Keck, 2001
Getting Started
- First, install OpenSSH on two UNIX machines, hurly and burly.This works best using DSA keys and SSH2 by default as far as I cantell. All the other HOWTOs I’ve seen seem to deal with RSA keys andSSH1, and the instructions not surprisingly fail to work with SSH2.
- On each machine type ssh somemachine.example.com and make aconnection with your regular password. This will create a .ssh dir inyour home directory with the proper perms.
On your primary machine where you want your secret keys to live (let’s say hurly), type
1
ssh-keygen -t dsa
This will prompt you for a secret passphrase. If this isyour primary identity key, make sure to use a good passphrase. If thisworks right you will get two files called id_dsa and id_dsa.pub in your.ssh dir. Note: it is possible to just press the enter key whenprompted for a passphrase, which will make a key with no passphrase.This is a Bad Idea ? for an identity key, so don’t do it! See below foruses of keys without passphrases.
1
scp ~/.ssh/id_dsa.pub burly:.ssh/authorized_keys2
Copy the id_dsa.pub file to the other host’s .ssh dir with the name authorized_keys2.
Now burly is ready to accept your ssh key. How to tell it whichkeys to use? The ssh-add command will do it. For a test, type
1
ssh-agent sh -c 'ssh-add < /dev/null && bash'
This will start the ssh-agent, add your defaultidentity(prompting you for your passphrase), and spawn a bash shell.From this new shell you should be able to:
ssh burly
1
ssh burly
This should let you in without typing a password orpassphrase. Hooray! You can ssh and scp all you want from this bashshell and not have to type any password or passphrase.
[实战]:
生成密匙对
1 | ssh-keygen -t rsa |
这一步在~/.ssh目录下生成三个文件: id_rsa.pub ,id_rsa ,authorized_keys
公共密钥存放在 id_rsa.pub 中
私有密钥存放在 id_rsa 中
1 | scp ~/.ssh/id_rsa.pub root@xxx.xxx.xxx.xxx:~/.ssh/authorized_keys |
有时需要更改.ssh 权限 为755
以后用ssh登陆的时候就不用输入密码了,使在script中使用scp或ssh的时候更为方便
用ssh 执行远程程序在本地显示:1
ssh -n xxx.xxx.xxx.xxx filename