基础篇
执行: ssh-keygen -t rsa
rocky@tiger:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/rocky/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rocky/.ssh/id_rsa.
Your public key has been saved in /home/rocky/.ssh/id_rsa.pub.
The key fingerprint is:
02:fc:ca:a5:8b:28:d1:bf:0a:d5:40:7a:80:8d:43:b1 rocky@tiger
The key's randomart image is:
+--[ RSA 2048]----+
|+=o |
|++o. |
|.Eo o |
| . o o |
| .. . + S |
|.... + . |
|.. .+ |
|.o ... |
|o o.o. |
+-----------------+
注:提示输入passphrase的时候,直接输入回车,这样登录时就无需再输入密码
执行后会在/home/rocky/.ssh/目录下生成两个文件: id_rsa(私钥) id_rsa.pub(公钥)
上传id_rsa.pub文件到remote server的 ~/.ssh/目录下 (没有该目录时,自行创建即可)
scp /home/rocky/.ssh/id_rsa.pub root@ipaddr:/root/.ssh/authorized_keys (此时要输入密码)
注:1.上面的命令不但会把id_rsa.pub文件上传到remote server的/root/.ssh目录下,还会把文件名替换为authorized_keys 即authorized_keys文件就是id_rsa.pub文件
2.如果之前remote server上已经存在了authorized_keys文件,上面的命令会清除文件内容在写入.因此这个时候最好先保存为其他某个文件,再把文件内容追加到authorized_keys文件中. cat xxx.pub >> authorized_keys
重新登录测试
ssh root@ipaddress
如果仍然需要密码,需登录到remote server检查.ssh目录的权限是否为700,以及authorized_keys文件的权限是否为644
再次测试,成功
异常处理:
1.Agent admitted failure to sign using the key.
在本机执行ssh-add命令即可
rocky@tiger:.ssh$ ssh-add
Identity added: /home/rocky/.ssh/id_rsa (/home/rocky/.ssh/id_rsa)进阶篇
基础篇中采用scp把公钥文件拷贝到remote server的authorized_keys文件中,其中要注意各种文件,比如权限,内容追加这些地方.
下面有个简便方法搞定上诉步骤:
ssh-copy-id -i .ssh/id_rsa.pub user@IP
该命令会自动把id_rsa.pub命令追加到user用户下的.ssh/authorized_keys文件中.
