在Linux 系统下,可以使用ssh客户端远程登陆到另一台Linux系统的机器,正常情况下每次在输入远程登陆命令后,都会强制要求输入远程机器的用户登陆密码,就很烦,如果将本地用户的公钥传给远程用户就可以不需要输入登录密码即可登陆,具体做法如下:
首先假定有两个用户:本地用户python和远程登陆用户seeker,要实现用户python通过ssh客户端无密码连接seeker,首先需要生成seeker用户的RSA公钥和私钥,具体做法如下:
在python用户打开终端输入命令:
python@python:~$ ssh-keygen
ENTER >>:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/python/.ssh/id_rsa):
ENTER >>:
Enter passphrase (empty for no passphrase):
ENTER >>:
Enter same passphraseCD again:
ENTER >>:
Your identification has been saved in /home/python/.ssh/id_rsa. Your public key has been saved in /home/python/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Nl1+ivOkNggbOs6gr6E/5nF4MAXrStEkUxtz3+Qu22Y python@python-virtual-machine The key`s randomart image is: +---[RSA 2048]----+ | oo= . . | | =o= . + | | ..o. . o . | | ... ..o | | .+ .S.. . . | |.. + o.+. . o | |o + o. = Eo o | |.oo*o . + o= | |+*+oo. .... | +----[SHA256]-----+
python 用户的RSA 公钥和私钥已经生成
公钥和私钥存放位置分别为:
私钥: /home/python/.ssh/id_rsa.
公钥: /home/python/.ssh/id_rsa.pub.
生成本地用户python的公钥后,就可以将该公钥发送给seeker用户,在终端执行命令:
python@python:~ $ cd .ssh
切换到 .ssh目录下,因为公钥和私钥都在该目录下
python@python:~/.ssh $ ssh-copy-id seeker@10.0.0.106
向远程用户seeker发送公钥
ENTER >>:
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 2 key(s) remain to be installed -- if you are prompted now it is to install the new keys seeker@10.0.0.106`s password: ******** #输入远程用户密码
ENTER>>:
Number of key(s) added: 2
Now try logging into the machine, with: “ssh ‘seeker@10.0.0.106’ ”;
and check to make sure that only the key(s) you wanted were added.
上面说添加了两个key,公钥 + 私钥 = 2?!!,难不成把私钥也发过去了!
登陆到远程用户seeker上,打开终端输入命令
seeker@seeker:~$ vim .ssh/authorized_keys
ps:传入公钥写在 .ssh 目录下 authorized_keys文件
打开文件一检查,发现果真如此,把私钥发过去了,那要私钥还有个屁用啊,看样子是ssh-copy-id seeker@192.168.0.106这个命令出问题了,注意绿色标注部分
Usage: /usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname -f: force mode -- copy keys without trying to check if they are already installed -n: dry run -- no keys are actually copied -h|-?: print this help
所以正确命令为:
python@python:~/.ssh $ ssh-copy-id -i id_rsa.pub seeker@192.168.0.106
id_rsa.pub是公钥文件,加上-i 选项,指定要传送的密钥类型,如果不添加,则传送公钥和私钥,就是上面的问题
至此,完成,
原文:https://www.cnblogs.com/wangwenhao072093/p/10485928.html