Foreword
In ansible of official documents , reference is strongly recommended to use ssh-agent to manage the key
What ssh-agent, it uses what is it, let's find out.
What ssh-agent that? What use is?
What ssh-agent that?
ssh-agent is an agent that can help us manage our private key.
ssh-agent with where to get?
- When we have a plurality of keys on the host: (e.g. root user generates a pair of public and private key pair, the HMK user generates another pair of public and private key pairs), we connect to a different plurality of hosts, may not be as used to authenticate the user, this time we need to manually specify which key to use, once the machine too much input will be very tedious, ssh-agent help us manage these key pairs
- When we add the password to the private key, and our authentication and select the key authentication, ssh-agent can help us without having to enter a password cumbersome operation
ssh-agent start
There are two start ssh-agent command:
ssh-agent $SHELL
eval `ssh-agent`The first command: ssh-agent $SHELL
it will start a sub-shell, ssh-agent running in this sub-shell, in centos in, $ SEHLL is to bash in the current shell (the author's shell is bash) in, so this command can be written as ssh-agent bashwe can use pstree command to see the process tree verification (pstree command can not find the yum -y install psmiscinstallation).
Run Command Before:
After executing the command:
In the current session, we have entered into in the sub-shell, ssh-agent also run here, we can exit the current sub-shell, ssh-agent will disappear.
The second command:
eval `ssh-agent`It will directly open a ssh-agent process:
Because it is a separate process, so even if we exit the current shell connection, it still exists, so we'd better quit before use in order ssh-agent kto close it. Of course, this approach is equally applicable to a first opening of the ssh-agent program. If we accidentally disconnected, when re-connected with ssh-agent kit is unable to close it:
This time is very simple, use ps -ef|grep ssh-agentto find the corresponding agent program, use kill pid号to kill process can be.
ssh-agent Add Key
After use the previous steps to open the ssh-agent, you can use ssh-add /root/.ssh/id_rsathe command to add a key, Note: If no open ssh-agent, you will see this error
At this time, we need to open ssh-agent with the method of the first step
ssh-agent to manage multiple private keys
First, we need to generate key pairs, the method can refer to my previous blog [ https://www.cnblogs.com/huangmengke/p/11497740.html ], first of all, the private key to generate a non-default name:
Then use this certification to do avoid dense log in to other machines:
Then, we come to "free secret" Login try:
WTF? ? ? Not a secret free yet? This is because the default ssh key authentication uses ~ / .ssh / id_rsa for authentication, if you use a non-default key authentication, you need to manually specify your private key file, because you and the public key to 172.16.101.251 251 ask your ~ / .ssh / id_rsa do not match, so it is necessary to ask you to enter a password, the correct authentication private key file specified by -i:
These are just example to a private sub, when we need to connect N host, and uses a different key to authenticate each need to manually specify the private key, can be extremely tedious, time ssh-agent can help the ~
ssh-agent to avoid the private key password
First, set the ssh private key and a private key password /root/.ssh/id_rsa_hmk1 123456:
The same key validation steps to do, and finally we will be prompted to enter the password key:
In this case, every time we use key authentication login, we are required to enter a password, very troublesome, ssh-agent can help us manage keys. In one ssh session private key password entered once, after the same ssh session again using the same private key, can not enter the corresponding password, for example:
Other command ssh-agent key management
View ssh-agent has been added in private :
ssh-add -lExample:
View ssh-agent has been added to the corresponding private key public key :
ssh-add -LExample:
Delete the specified private key
ssh-add -d 私钥文件Example:
Delete all private
ssh-add -DHow to use ssh-agent, you learn it?