linux ssh密钥认证自动登录

linux ssh密钥认证自动登录

 

【服务端配置】

先配置Server，打开公钥认证。用root用户执行：

vim /etc/ssh/ssh_config  www.2cto.com  

将以下两行配置打开注释：

RSAAuthentication yes

IdentityFile ~/.ssh/id_rsa

然后重启ssh服务：/etc/init.d/sshd restart

 

【客户端生成密钥】

假设要实现user0无密码登录remotehost，则先用user0登录客户端，然后执行ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/user0/.ssh/id_rsa):

Created directory '/home/user0/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/user0/.ssh/id_rsa.

Your public key has been saved in /home/user0/.ssh/id_rsa.pub.

The key fingerprint is:

f1:e8:ae:a7:b3:f6:64:3f:30:34:1f:c5:07:ce:0f:bc myid@localhost

 

连续3次回车就可以了，一般默认的输出路径就是对的

为了实现自动登录， passphrase为空。

注意：由于passphrase为空，生成的私钥必须绝对禁止未授权的访问！

将生成的id_rsa.pub文件复制到remotehost的/home/user0/.ssh/目录下

 

【把公钥传到服务器上】

将客户端/home/user0/.ssh/id_rsa.pub拷贝到服务器的/home/user0/.ssh目录，并重命名为authorized_keys文件，注意设为其他人不可读写。

chmod 400 /home/user0/.ssh/id_rsa.pub

scp /home/user0/.ssh/id_rsa.pub user0@remotehost:/home/user0/.ssh/authorized_keys