- 论坛徽章:
- 0
|
网上找了半天,都不够简单明了,我自己总结以下:
把你的本地主机用户的ssh公匙文件写入到远程主机用户的~/.ssh/authorized_keys文件中,具体方法
假设本地主机localhost,远程主机remote
一,在localhost主机里的用户
运行 ssh-keygen -t rsa
结果如下
Generating public/private rsa key pair.
Enter file in which to save the key (/home/.username/ssh/id_rsa):#回车
Enter passphrase (empty for no passphrase):#回车
Enter same passphrase again:#回车
Your identification has been saved in /home/.username /.ssh/id_rsa.
Your public key has been saved in /home/.username /.ssh/id_rsa.pub.
The key fingerprint is:
38:25:c1:4d:5d:d3:89:bb:46:67:bf:52:af:c3:17:0c
[email=username@localhost]username@localhost[/email]
Generating RSA keys:
Key generation complete.
会在用户目录~/.ssh/产生两个文件,id_rsa,id_rsa.pub
步驟如下:
- ssh-keygen -t rsa 或 ssh-keygen -d (dsa) => 產生出 id_rsa, id_rsa.pub
- scp id_rsa.pub server_hostname:~/.ssh/
- ssh server_hostname
- cat .ssh/id_rsa.pub >> .ssh/authorized_keys 即可 (追加)
- 這樣子就可以 key 認證登入, 不需輸入密碼.
二,把id_rsa.pub文件拷贝到remote主机的用户目录下
cat id_rsa.pub >> ~/.ssh/authorized_keys
就可以了
这样localhost主机的用户就可以通过ssh而不用密码登陆remote主机
在测试当中发现经常出现以下错误:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
1f:a3:2b:b5:27:0c:5c:7b:89:27:ff:ab:cd:ba:31:66.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:6
RSA host key for 60.28.15.234 has changed and you have requested strict checking.
Host key verification failed.
解决办法是把known_hosts文件删掉就可以了
三、
PS:
gen 時會問 Enter passphrase (empty for no passphrase):
此處直接 enter 跳過,下次才不會詢問password
簡單解說一下:
id_rsa: private key
id_rsa.pub: public key
將 public key(id_rsa.pub) 拷貝到遠端的電腦後, 加到那 user 的 .ssh/authorized_keys 中.
之後連線時, 就會用本機的 private key(id_rsa) 與遠端電腦的 public key(authorized_keys) 做認證, 確認完成就可以直接登入, 不需輸入帳號密碼, 而且也比較安全.
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u2/66576/showart_2056122.html |
|
免费注册
发表于 2009-09-19 23:29