guozyu 2008-07-18
网上找了半天,都不够简单明了,我自己总结以下:
把你的Linux本地主机用户的ssh公匙文件写入到远程主机用户的~/.ssh/authorized_keys文件中,具体方法
假设本地主机localhost,远程主机remote
一,在localhost主机里的用户
运行ssh-keygen -t rsa
结果如下
Generating public/private rsa key pair.
Enter file in which to save the key (/home/.username/ssh/id_rsa):#回车
Enter passphrase (empty for no passphrase):#回车
Enter same passphrase again:#回车
Your identification has been saved in /home/.username /.ssh/id_rsa.
Your public key has been saved in /home/.username /.ssh/id_rsa.pub.
The key fingerprint is:
38:25:c1:4d:5d:d3:89:bb:46:67:bf:52:af:c3:17:0c username@localhost
Generating RSA keys:
Key generation complete.
会在用户目录~/.ssh/产生两个文件,id_rsa,id_rsa.pub
步骤如下:
ssh-keygen -t rsa或ssh-keygen -d (dsa) =>产生出id_rsa, id_rsa.pub
scp id_rsa.pub server_hostname:~/.ssh/
ssh server_hostname
cat .ssh/id_rsa.pub >> .ssh/authorized_keys即可(追加)
这样子就可以key认证登入,不需输入密码.
二,把id_rsa.pub文件拷贝到remote主机的用户目录下
cat id_rsa.pub >> ~/.ssh/authorized_keys
就可以了
这样localhost主机的用户就可以通过ssh而不用密码登陆remote主机
在测试当中发现经常出现以下错误:
@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
1f:a3:2b:b5:27:0c:5c:7b:89:27:ff:ab:cd:ba:31:66.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:6
RSA host key for 60.28.15.234 has changed and you have requested strict checking.
Host key verification failed.
解决办法是把known_hosts文件删掉就可以了
三、PS:gen时会问Enter passphrase (empty for no passphrase):
此处直接enter跳过,下次才不会询问password
简单解说一下:
id_rsa: private key
id_rsa.pub: public key
将public key(id_rsa.pub)拷贝到远端的电脑后,加到那user的.ssh/authorized_keys中.
之后连线时,就会用本机的private key(id_rsa)与远端电脑的public key(authorized_keys)做认证,确认完成就可以直接登入,不需输入帐号密码,而且也比较安全.