以下是在机器Client的root和机器Server的root之间建立安全信任关系的步骤:
1. 在机器Client上root用户执行ssh-keygen命令,生成建立安全信任关系的证书。
[root@Client root]# ssh-keygen -b 1024 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <-- 直接输入回车
Enter same passphrase again: <-- 直接输入回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
49:9c:8a:8f:bc:19:5e:8c:c0:10:d3:15:60:a3:32:1c root@Client
[root@Client root]#
注意:在程序提示输入passphrase时直接输入回车,表示无证书密码。
上述命令将生成私钥证书id_rsa和公钥证书id_rsa.pub,存放在用户家目录的.ssh子目录中。
2. 将公钥证书id_rsa.pub复制到机器Server的root家目录的.ssh子目录中,同时将文件名更换为authorized_keys。
[root@Client root]# ssh-copy-id [email protected]
[email protected]'s password: <-- 输入机器Server的root用户密码
id_rsa.pub 100% |**************************| 218 00:00
(在不使用默认的22 端口的情况
ssh-copy-id -i /root/.ssh/id_rsa.pub '-p12022 [email protected]' )
[root@Client root]#
在执行上述命令时,两台机器的root用户之间还未建立安全信任关系,所以还需要输入机器Server的root用户密码。
经过以上2步,就在机器Client的root和机器Server的root之间建立安全信任关系。下面我们看看效果:
[root@Client root]# scp -p text [email protected]:/root
text 100% |**************************| 19 00:00
[root@Client root]#
成功了!真的不再需要输入密码了。
0 2 * * 2,4 sh /root/bin/bak_file_script.sh
或者是:
ssh-keygen
产生公钥与私钥对.
ssh-copy-id
将本机的公钥复制到远程机器的authorized_keys文件中,ssh-copy-id也能让你有到远程机器的home, ~./ssh , 和 ~/.ssh/authorized_keys的权利
zhz@zhz:~/$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/zhz/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): [Press enter key
same passphrase again: [Pess enter key]
Your identification has been saved in /home/zhz/.ssh/id_rsa.
Your public key has been saved in /home/zhz/.ssh/id_rsa.pub.
The key fingerprint is:
用cat命令查看是否生成产生公钥私钥对
zhz@zhz:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl9N5+xboqSIagBx02rdZ2fkROCPW8iW7hl6Gu+2hkBYYy/b1qcOm8RF/AMyas3i0QEK7Hcu9H51l2lulVbS5n9M9FaWIyYzssaS012x2mg9iA6MxPMlaXFsZ5jnVrGicndzf3VUu9kCErp5q0OzzMjsG3PKQevzWZJSBaFgc8NF5ZJ+VT54BN8ktMTHVwOo15I2Uai+bs4eP0NsuwIJmGyYIUOuvTuUtJxGV3hZ+tcjhupupqVCwYOE+cDz8VkFBGtnKsdE69hWoY2VUfEOAfHZptra7Ce9dXfDgx9jxuuNiJYtGo/bZDfe+UJ5HUv8wrL+hFeRIihdmP2CKJD8j5 zhz@zhz
第二步:用ssh-copy-id将公钥复制到远程机器中
zhz@zhz:~$ ssh-copy-id -i .ssh/id_rsa.pub 用户名字@192.168.x.xxx
注意:
ssh-copy-id
将key写到远程机器的 ~/
.ssh/authorized_key.文件中
zhz@zhz:~$ ssh 用户名字@192.168.x.xxx
Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2
常见问题:
ssh-copy-id -u eucalyptus -i ~eucalyptus/.ssh/id_rsa.pub
ssh 用户名字@192.168.x.xxx
第一次需要密码登录
上述是给eucalyptus用户赋予无密码登陆的权利
/usr/bin/ssh-copy-id: ERROR: No identities found
使用选项
-i
,当没有值传递的时候或者 如果
~/.ssh/identity.pub
文件不可访问(不存在),
ssh-copy-id
将显示上述的错误信息 ( -i选项会优先使用将ssh-add -L的内容)