For example:
there are now three servers, test1, test2, and test3. I created an ssh key pair (rsa type) on the test2 server. I plan to transfer the public key to test3 and copy the private key to test1. Then use the test1 server to connect to the test3 server. There are users on these three machines: test1, test2, and test3.
The operations are as follows:
1. Create an ssh key pair (rsa type) on the test2 server
[root@test2 ~]# ssh-keygen
2. Pass the public key to test3
[root@test2 ~]# cd .ssh/
[root@test2 ~/.ssh]# ssh-copy-id test3@test3 service ip
3. Copy the private key to the test1 server, and use scp to send it here
[root@test2 ~/.ssh]# scp id_rsa test1@test1 server ip
4. Use the ssh-add command on the test1 server to add the private key id_rsa passed by the test2 server to the key agent
[root@test1 ~]# ssh-add ~/.ssh/id_ras
error:
Could not open a connection to Your authentication agent
translated into Chinese means "unable to open the connection with the authentication agent"
Solution:
Execute the ssh-agent bash command first, and then execute ssh-add ~/.ssh/id_ras, as follows:
[root@test1 ~]# ssh-agent bash
[root@test1 ~]# ssh-add ~/.ssh /id_ras
Enter passphrase for id_rsa: ----> prompt us to enter the private key password, after entering the correct password, you can log in to the test3 server normally without password
Private key password:
1. It is a private (personal) key password, not a certificate developer password
. 2. This password is used as a protection password for activation, export, and import.
3. Only when you know the password, can you re-import the certificate to use it to avoid other people's misuse