假设有 LocalServer RemoteServer[1...n],需要从LocalServer SSH登录到RemoteServer上,默认配置下需要频繁输入密码,如果配置RSA/DSA 密钥认证系统,将会省却这一麻烦。以下假设登录的用户为jerome
STEP1 生成密钥对
1. 登录LocalServer
2. 切换到根目录
cd ~
3. 执行密钥生成命令
ssh-keygen -t dsa
Enter file in which to save the key (/home/jerome/.ssh/id_dsa): 回车
Enter passphrase (empty for no passphrase):输入密码短语,可以看做是私钥的密码
Enter same passphrase again:再次输入
密码对已经在/home/jerome/.ssh中生成 共两个文件:id_dsa id_dsa.pub
STEP2 KeyChain设置
1. 为避免频繁输入密码短语,安装一个小工具keychain,该工具会将密钥加入到密钥缓存中并防止每次登录LocalServer都启动新的ssh-agent进程。
2.下载最新版本的keychain: http://agriffis.n01se.net/keychain/,下载后解压到LocalServer的根目录
3. 进入keychain目录,当前版本是2.6.8
cd /home/jerome/keychain-2.6.8
安装
sudo install -m0755 keychain /usr/bin/keychain
4. 设置keychain
cd ~
生成keychain的配置,将会建立~/.keychain目录
/usr/bin/keychain
vi ~/.bash_profile
在文件末尾加入
/usr/bin/keychain ~/.ssh/id_dsa
source ~/.keychain/localserver-sh
保存退出。
先清理掉系统中所有属于jerome的ssh-agent进程(如果有的话)
ps -aux | grep ssh
kill 进程号
启动ssh-agent
source ~/.bash_profile
Enter passphrase for /home/jerome/.ssh/id_dsa:输入STEP1中输入的密码短语
在进程中可以看到ssh-agent了
STEP3 分发公钥
使用scp命令将公钥拷贝到所有RemoteServer的~/.ssh下,并改名叫authorized_keys
scp /home/jerome/.ssh/id_dsa.pub jerome@remoteserver1:/home/jerome/.ssh/authorized_keys
此步骤假设之前没有在RemoteServer上设置过authorized_keys,否则的话,请执行:
scp /home/jerome/.ssh/id_dsa.pub jerome@remoteserver1:/home/jerome/.ssh/id_dsa.pub
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
STEP4 测试
ssh remoteserver1
Last login: Fri Aug 15 13:53:18 2008 from 111.0.129.27
KeyChain 2.6.8; http://www.gentoo.org/proj/en/keychain/
Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL
* Found existing ssh-agent (29785)
* Known ssh key: /home/jerome/.ssh/id_dsa
hostname
remoteserver1
无需输入密码,success!
本文转自holy2009 51CTO博客,原文链接:http://blog.51cto.com/holy2010/326746
