最近越来越懒了 远程登录服务器的时候ssh都不想在每次都输入密码所以就有了这个需求。 方法很简单只有两步(a 指代本地 b 指代远端) 1 生成私有和公有密钥
ssh-keygen -t rsa
直接回车 回车 在回车 ,期间是有步骤是需要输入密码的,这里我们直接回车也就是直接留空。 这样会在~/.ssh下生成id_rsa id_rsa.pub 前者就是私有密钥 后者是公有密钥。 2.0 把公有密钥id_rsa.pub复制到想要免密码登录的远端(例如 b) ~/.ssh/下面的authorized_keys中 注意 如果远端没有这个authorized_keys文件,就直接创建,如果有则把id_rsa.pub的内容追加到authorized_keys中。 2.1 更新一个更简单的方法添加公钥 使用ssh-copy-id ssh-copy-id is a script that uses ssh(1) to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless you’ve done some clever use of multiple identities). It assembles a list of one or more fingerprints (as described below) and tries to log in with each key, to see if any of them are already installed (of course, if you are not using ssh-agent(1) this may result in you being repeatedly prompted for pass-phrases). It then assembles a list of those that failed to log in, and using ssh, enables logins with those keys on the remote server. By default it adds the keys by appending them to the remote user’s ~/.ssh/authorized_keys (creating the file, and directory, if necessary). It is also capable of detecting if the remote system is a NetScreen, and using its `set ssh pka-dsa key …’ command instead.
someusername@hostname$ ssh-copy-id -i ~/.ssh/id_rsa.pub someusername@otherhost
someusername@hostname‘s password:
Now try logging into the machine, with ―ssh ?remote-host‘‖, and check in:
.ssh/authorized_keys to make sure we haven‘t added extra keys that you weren‘t expecting.
#[注: ssh-copy-id 把密钥追加到远程主机的 .ssh/authorized_key 上.]
很简单这样就完成了. 原理如下: A机器作为客户端,要实现无密码公钥认证,连接到服务端B机器上时,需要在A机器上生成一个密钥对,包括一个公钥和一个私钥,而后将公钥复制到B机器上。当A机器通过ssh连接B机器时,B机器就会生成一个随机数并用A机器的公钥对随机数进行加密,并发送给A机器,A机器收到加密数之后再用私钥进行解密,并将解密数回传给B机器,B机器确认解密数无误之后就允许A机器进行连接了。这就是一个公钥认证过程,其间不需要用户手工输入密码。重要过程是将客户端A机器的公钥复制到B机器上。 打完收工
