由于工作关系,经常需要在非常不同的Linux服务器上转上转去,每次登陆,系统都会提示输入密码,是一件很烦的事情。后来,用SSH证书认证来取代普通的密码认证,就不用每次都输入密码了。OpenSSH允许远程执行命令,如果再加上证书使用,可以运行一些远程控制的脚本去控制许多许多机器,这个对工作非常有用
服务器端 root@192.168.0.102
客户端 root@192.168.0.105
在做实验前,先确定2台Linux服务器的连通性和ssh连通性
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
42:98:08:15:0c:56:4b:0e:05:0e:5b:ed:1b:db:40:9f root@localhost.localdoma
cd /root/.ssh/
ls
id_rsa id_rsa.pub known_hosts 通过此命令会生成一对共钥、私钥
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.0.105 复制服务器密钥到客户端
21
root@192.168.0.105's password:
Now try logging into the machine, with "ssh 'root@192.168.0.105'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
看到这几行配置证明,秘钥已经复制到了客户端,到客户端看看密码
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:1D:30:A3
inet addr:192.168.0.105 Bcast:192.168.0.255 Mask:255.255.255.0
此提示为客户端的ip配置
cd /root/.ssh/
ls
authorized_keys 看到次提示,证明服务器端的ssh的秘钥,已经复制到了客户端
ssh root@192.168.0.105
Last login: Fri Aug 2 11:04:59 2013 from 192.168.0.102
ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:1D:30:A3
inet addr:192.168.0.105 Bcast:192.168.0.255 Mask:255.255.255.0
验证成功,这样就可以实现无须输入密码,就可以ssh到服务器了
本文转自 mailfile 51CTO博客,原文链接:http://blog.51cto.com/mailfile/1263197,如需转载请自行联系原作者
