使用RSA公钥实现无密码远程登陆另一台机器

Posted wangwenhao072093

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用RSA公钥实现无密码远程登陆另一台机器相关的知识,希望对你有一定的参考价值。

       在Linux 系统下,可以使用ssh客户端远程登陆到另一台Linux系统的机器,正常情况下每次在输入远程登陆命令后,都会强制要求输入远程机器的用户登陆密码,就很烦,如果将本地用户的公钥传给远程用户就可以不需要输入登录密码即可登陆,具体做法如下:

       首先假定有两个用户:本地用户python和远程登陆用户seeker,要实现用户python通过ssh客户端无密码连接seeker,首先需要生成seeker用户的RSA公钥和私钥,具体做法如下:

在python用户打开终端输入命令:

[email protected]:~$ ssh-keygen

ENTER >>:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/python/.ssh/id_rsa): 

ENTER >>:

Enter passphrase (empty for no passphrase):

ENTER >>:

Enter same passphraseCD again: 

ENTER >>:

Your identification has been saved in /home/python/.ssh/id_rsa.
Your public key has been saved in /home/python/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Nl1+ivOkNggbOs6gr6E/5nF4MAXrStEkUxtz3+Qu22Y [email protected]
The key`s randomart image is:
+---[RSA 2048]----+
| oo= .   .       |
|  =o= . +        |
| ..o.  . o  .    |
| ...    ..o      |
| .+    .S.. . .  |
|.. +  o.+. . o   |
|o + o. = Eo o    |
|.oo*o . + o=     |
|+*+oo.   ....    |
+----[SHA256]-----+

python 用户的RSA 公钥和私钥已经生成

 

公钥和私钥存放位置分别为:

私钥: /home/python/.ssh/id_rsa.
公钥: /home/python/.ssh/id_rsa.pub.

 

生成本地用户python的公钥后,就可以将该公钥发送给seeker用户,在终端执行命令:

[email protected]:~ $ cd .ssh

 

切换到 .ssh目录下,因为公钥和私钥都在该目录下

[email protected]:~/.ssh $ ssh-copy-id  [email protected]

 

向远程用户seeker发送公钥

ENTER >>:

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 2 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]`s password: ********  #输入远程用户密码

 

ENTER>>:

Number of key(s) added: 2

Now try logging into the machine, with:   “ssh  ‘[email protected]’ ”;
and check to make sure that only the key(s) you wanted were added.

上面说添加了两个key,公钥 + 私钥 = 2?!!,难不成把私钥也发过去了!

 

登陆到远程用户seeker上,打开终端输入命令

[email protected]:~$ vim .ssh/authorized_keys 

ps:传入公钥写在  .ssh 目录下 authorized_keys文件

 

打开文件一检查,发现果真如此,把私钥发过去了,那要私钥还有个屁用啊,看样子是ssh-copy-id [email protected]这个命令出问题了,注意绿色标注部分

Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [[email protected]]hostname
    -f: force mode -- copy keys without trying to check if they are already installed
    -n: dry run    -- no keys are actually copied
    -h|-?: print this help

 

所以正确命令为:

[email protected]:~/.ssh $ ssh-copy-id  -i id_rsa.pub [email protected]

id_rsa.pub是公钥文件,加上-i 选项,指定要传送的密钥类型,如果不添加,则传送公钥和私钥,就是上面的问题

至此,完成,

以上是关于使用RSA公钥实现无密码远程登陆另一台机器的主要内容,如果未能解决你的问题,请参考以下文章

利用ssh-copy-id实现SSH无密码登录

linux怎么远程执行另一台linux机器上的shell文件?

ssh免密码登陆

ssh免密码登陆

SSH 无密码远程执行脚本

linux下建立ssh无密码登陆