使用RSA公钥实现无密码远程登陆另一台机器
Posted wangwenhao072093
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用RSA公钥实现无密码远程登陆另一台机器相关的知识,希望对你有一定的参考价值。
在Linux 系统下,可以使用ssh客户端远程登陆到另一台Linux系统的机器,正常情况下每次在输入远程登陆命令后,都会强制要求输入远程机器的用户登陆密码,就很烦,如果将本地用户的公钥传给远程用户就可以不需要输入登录密码即可登陆,具体做法如下:
首先假定有两个用户:本地用户python和远程登陆用户seeker,要实现用户python通过ssh客户端无密码连接seeker,首先需要生成seeker用户的RSA公钥和私钥,具体做法如下:
在python用户打开终端输入命令:
[email protected]:~$ ssh-keygen
ENTER >>:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/python/.ssh/id_rsa):
ENTER >>:
Enter passphrase (empty for no passphrase):
ENTER >>:
Enter same passphraseCD again:
ENTER >>:
Your identification has been saved in /home/python/.ssh/id_rsa. Your public key has been saved in /home/python/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Nl1+ivOkNggbOs6gr6E/5nF4MAXrStEkUxtz3+Qu22Y [email protected] The key`s randomart image is: +---[RSA 2048]----+ | oo= . . | | =o= . + | | ..o. . o . | | ... ..o | | .+ .S.. . . | |.. + o.+. . o | |o + o. = Eo o | |.oo*o . + o= | |+*+oo. .... | +----[SHA256]-----+
python 用户的RSA 公钥和私钥已经生成
公钥和私钥存放位置分别为:
私钥: /home/python/.ssh/id_rsa.
公钥: /home/python/.ssh/id_rsa.pub.
生成本地用户python的公钥后,就可以将该公钥发送给seeker用户,在终端执行命令:
[email protected]:~ $ cd .ssh
切换到 .ssh目录下,因为公钥和私钥都在该目录下
[email protected]:~/.ssh $ ssh-copy-id [email protected]
向远程用户seeker发送公钥
ENTER >>:
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 2 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]`s password: ******** #输入远程用户密码
ENTER>>:
Number of key(s) added: 2
Now try logging into the machine, with: “ssh ‘[email protected]’ ”;
and check to make sure that only the key(s) you wanted were added.
上面说添加了两个key,公钥 + 私钥 = 2?!!,难不成把私钥也发过去了!
登陆到远程用户seeker上,打开终端输入命令
[email protected]:~$ vim .ssh/authorized_keys
ps:传入公钥写在 .ssh 目录下 authorized_keys文件
打开文件一检查,发现果真如此,把私钥发过去了,那要私钥还有个屁用啊,看样子是ssh-copy-id [email protected]这个命令出问题了,注意绿色标注部分
Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [[email protected]]hostname -f: force mode -- copy keys without trying to check if they are already installed -n: dry run -- no keys are actually copied -h|-?: print this help
所以正确命令为:
[email protected]:~/.ssh $ ssh-copy-id -i id_rsa.pub [email protected]
id_rsa.pub是公钥文件,加上-i 选项,指定要传送的密钥类型,如果不添加,则传送公钥和私钥,就是上面的问题
至此,完成,
以上是关于使用RSA公钥实现无密码远程登陆另一台机器的主要内容,如果未能解决你的问题,请参考以下文章