- 論壇徽章:
- 0
|
網上找了半天,都不夠簡單明了,我自己總結以下:
把你的本地主機用戶的ssh公匙文件寫入到遠程主機用戶的~/.ssh/authorized_keys文件中,具體方法
假設本地主機localhost,遠程主機remote
一���,在localhost主機里的用戶
運行 ssh-keygen -t rsa
結果如下
Generating public/private rsa key pair.
Enter file in which to save the key (/home/.username/ssh/id_rsa):#回車
Enter passphrase (empty for no passphrase):#回車
Enter same passphrase again:#回車
Your identification has been saved in /home/.username /.ssh/id_rsa.
Your public key has been saved in /home/.username /.ssh/id_rsa.pub.
The key fingerprint is:
38:25:c1:4d:5d:d3:89:bb:46:67:bf:52:af:c3:17:0c
[email=username@localhost]username@localhost[/email]
Generating RSA keys:
Key generation complete.
會在用戶目錄~/.ssh/產生兩個文件���,id_rsa,id_rsa.pub
步驟如下:
- ssh-keygen -t rsa 或 ssh-keygen -d (dsa) => 產生出 id_rsa, id_rsa.pub
- scp id_rsa.pub server_hostname:~/.ssh/
- ssh server_hostname
- cat .ssh/id_rsa.pub >> .ssh/authorized_keys 即可 (追加)
- 這樣子就可以 key 認證登入, 不需輸入密碼.
二�,把id_rsa.pub文件拷貝到remote主機的用戶目錄下
cat id_rsa.pub >> ~/.ssh/authorized_keys
就可以了
這樣localhost主機的用戶就可以通過ssh而不用密碼登陸remote主機
在測試當中發(fā)現(xiàn)經常出現(xiàn)以下錯誤:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
1f:a3:2b:b5:27:0c:5c:7b:89:27:ff:ab:cd:ba:31:66.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:6
RSA host key for 60.28.15.234 has changed and you have requested strict checking.
Host key verification failed.
解決辦法是把known_hosts文件刪掉就可以了
三、
PS:
gen 時會問 Enter passphrase (empty for no passphrase):
此處直接 enter 跳過,下次才不會詢問password
簡單解說一下:
id_rsa: private key
id_rsa.pub: public key
將 public key(id_rsa.pub) 拷貝到遠端的電腦後, 加到那 user 的 .ssh/authorized_keys 中.
之後連線時, 就會用本機的 private key(id_rsa) 與遠端電腦的 public key(authorized_keys) 做認證, 確認完成就可以直接登入, 不需輸入帳號密碼, 而且也比較安全.
本文來自ChinaUnix博客��,如果查看原文請點:http://blog.chinaunix.net/u2/66576/showart_2056122.html |
|
免費注冊
發(fā)表于 2009-09-19 23:29