SSH使用公钥认证方式登陆
六月 30, 2009 – 11:51 上午SSH使用公钥认证方式登陆
步骤如下:
1,创建本机公钥和私钥
[root@dw_test1 ]#ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (//.ssh/id_rsa): //直接回车,默认位置.ssh/id_rsa
Enter passphrase (empty for no passphrase): //直接回车,没有密码
Enter same passphrase again: //直接回车,没有密码
Your identification has been saved in //.ssh/id_rsa.
Your public key has been saved in //.ssh/id_rsa.pub.
The key fingerprint is:
f3:66:3d:23:9f:cf:78:0b:f8:58:8f:3d:ee:ba:55:99 root@dw_test1
说明:-t rsa表示SSH生成RSA类型的密钥,这是默认的行为。也可以执行生成DSA类型的密钥。
这是时候查看.ssh/文件夹发现多了两个文件id_rsa为私钥,id_rsa.pub为公钥。
2,使用SCP将公钥id_rsa.pub复制到远程机器上,并追加到相应用户下的.ssh/authorized_keys文件后面,并删除id_rsa.pub文件。
[root@dw_test1 ]#scp id_rsa.pub root@xxx.xx.xx.xxxx:/
Password:
id_rsa.pub 100% |********************************************| 227 00:00
3,这样就可以直接使用密钥登陆dw_test2的root用户了,不用在输入密码了。
如果想直接进入dw_test2的其他用户,则需要将公钥追加到其他用户的authorized_keys中
[root@dw_test1 ]#ssh dw_test2
The authenticity of host ‘dw_test2 (xxx.xx.xx.xxx)’ can’t be established.
RSA key fingerprint is e4:24:2d:ee:e9:28:f1:a1:67:52:d9:9e:fb:32:7f:02.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘dw_test2′ (RSA) to the list of known hosts.
Last login: Tue Jun 30 19:22:34 2009 from dw_test1
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
[root@dw_test2 ]#
注意:
.ssh 目录的权限必须是0700
.ssh/authorized_keys 文件权限必须是0600
否则公钥认证不会生效。
