ssh-keygen 用于:生成、管理和转换认证密钥
常用参数
-t type:指定要生成的密钥类型,有rsa1(SSH1),dsa(SSH2),ecdsa(SSH2),rsa(SSH2)等类型,较为常用的是rsa类型
-C comment:提供一个新的注释
-b bits:指定要生成的密钥长度 (单位:bit),对于RSA类型的密钥,最小长度768bits,默认长度为2048bits。DSA密钥必须是1024bits
-f filename:指定生成的密钥文件名字
Linux下使用ssky-keygen无密码登录服务器步骤:
1. 使用ssh-keygen在本机上生成密钥:
[Jiakun@Kunge ~]$ ssh-keygen -t rsa -C "[email protected]|[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/Jiakun/.ssh/id_rsa):[Enter key]
/home/Jiakun/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):[Enter key]
Enter same passphrase again:[Enter key]
Your identification has been saved in /home/Jiakun/.ssh/id_rsa.
Your public key has been saved in /home/Jiakun/.ssh/id_rsa.pub.
The key fingerprint is:
ac:15:9d:97:2a:f3:43:ed:64:25:38:ad:54:d2:bd:c8 [email protected]|[email protected]
此时在本机上生成如下一个公钥和一个私钥文件:
[Jiakun@Kunge ~]$ ll ./.ssh/
总用量 12
-rw-------. 1 Jiakun Jiakun 1675 5月 19 19:44 id_rsa
-rw-r--r--. 1 Jiakun Jiakun 420 5月 19 19:44 id_rsa.pub
注意公钥相当于锁,私钥相当于钥匙,我们这里相当于在客户端创建一对钥匙和锁,想要做到SSH免密码登录,就相当于我们将锁分发到服务端并装锁,然后客户端就可以利用这个钥匙开锁。
2. 使用ssh-copy-id命令将本机上的公钥文件拷贝到服务器上(服务器用户名比如为liujiakun,IP地址为192.168.3.105):
[Jiakun@Kunge ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
[email protected]'s password:
Now try logging into the machine, with "ssh '[email protected]'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
若服务器端远程登录ssh的端口号被更改了(比如为3330),则命令应改为这样:
ssh-copy-id -i ~/.ssh/id_rsa.pub “-p 3330 [email protected]“
3. 此时在本机上登录服务器会提示Agent admitted failure to sign using the key.并仍提示需要输入密码:
[Jiakun@Kunge ~]$ ssh [email protected]
Agent admitted failure to sign using the key.
[email protected]'s password:
在网上查询得知需要使用 ssh-add 指令将私钥 加进来:
[Jiakun@Kunge ~]$ ssh-add ~/.ssh/id_rsa
Identity added: /home/Jiakun/.ssh/id_rsa (/home/Jiakun/.ssh/id_rsa)
[Jiakun@Kunge ~]$ ssh '[email protected]'
Last login: Tue May 19 20:32:32 2015 from 192.168.3.118
此时如上所示可以无密码登录进192.168.3.118服务器上。
可以在服务器上查询~/.ssh/目录下多了一个文件:authorized_keys:
[liujiakun@localhost ~]$ ll ./.ssh/
总用量 8
-rw-------. 1 liujiakun liujiakun 420 5月 19 20:25 authorized_keys
-rw-r--r--. 1 liujiakun liujiakun 1191 1月 11 19:03 known_hosts
---------------------
原文:https://blog.csdn.net/liujiakunit/article/details/45849095