Linux实现SSH无密码登陆

假设服务器 IP 地址为 192.168.1.1 ，机器名： cluster.hpc.org

        客户端 IP 地址为 172.16.16.1 ，机器名： p470-2.wangrx.sioc.ac.cn

客户端用户 yzhao 须要使用 ssh 无密码登陆服务器的 zhaoy 账户

 

实现原理

使用一种被称为"公私钥"认证的方式来进行ssh登陆. "公私钥"认证方式简单的解释是

• 首先在客户端上 建立一对公私钥 （公钥文件： ~/.ssh/id_rsa.pub ； 私钥文件： ~/.ssh/id_rsa ）
• 而后把公钥放到服务器上 （ ~/.ssh/authorized_keys ） , 本身保留好私钥
• 当ssh登陆时,ssh程序会发送私钥去和服务器上的公钥作匹配.若是匹配成功就能够登陆了

 

 

设置以下

1 、以 yzhao 用户登陆客户机器并在客户端机器上执行 "ssh-keygen -t rsa"

( 注：每次执行 "ssh-keygen -t rsa" 产生的私钥文件都会不一样 )

a ）若是文件 "~/.ssh/id_rsa" 存在，会提示是否覆盖该文件，此时可选择 "n" 不覆盖该文件而使用已有的 id_rsa 文件；若是选择 "y" 则会从新生成 "~/.ssh/id_rsa" 文件，接下来会提示输入 passphrase ，回车肯定使用空的 passphrase ，再次回车确认（这里也能够输出 passphrase ，至关于 ssh 时登陆的密码）。而后会从新生成 "~/.ssh/id_rsa" 文件和 "~/.ssh/id_rsa.pub" 文件（结果以下）。

[yzhao@p470-2 ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/disk2/yzhao/.ssh/id_rsa):

/disk2/yzhao/.ssh/id_rsa already exists.

Overwrite (y/n)? y

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /disk2/yzhao/.ssh/id_rsa.

Your public key has been saved in /disk2/yzhao/.ssh/id_rsa.pub.

The key fingerprint is:

6d:a1:17:8a:b6:d2:c0:a1:6c:66:ba:85:0b:7b:9f:0c yzhao@p470-2.wangrx.sioc.ac.cn

 

b ）若是 "~/.ssh/id_rsa" 文件和 "~/.ssh/id_rsa.pub" 文件不存在则会自动建立新的 "~/.ssh/id_rsa" 文件和 "~/.ssh/id_rsa.pub" 文件， passphrase 设置同上。

[yzhao@p470-2 ~]$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/disk2/yzhao/.ssh/id_rsa):

Created directory '/disk2/yzhao/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /disk2/yzhao/.ssh/id_rsa.

Your public key has been saved in /disk2/yzhao/.ssh/id_rsa.pub.

The key fingerprint is:

54:49:ad:33:b3:ff:71:da:6d:db:78:d0:bb:6a:15:bc yzhao@p470-2.wangrx.sioc.ac.cn

 

2 、使用 ssh zhaoy@192.168.1.1 登陆到服务器，编辑服务器上 "~/.ssh/authorized_keys" 文件，将客户端机器上的 "~/.ssh/id_rsa.pub" 文件内容追加到 "~/.ssh/authorized_keys" 文件中。

（注：能够在客户端机器上使用如下命令来实现：

cat   ~ /.ssh/ id_rsa .pub | ssh zhaoy@ 192.168.1. 1 "cat - >> ~/.ssh/authorized_keys"

cat /root/.ssh/id_rsa.pub|ssh root@192.168.2.168 "cat - >> /root/.ssh/authorized_keys"

此时会要求输入 zhaoy 在服务器上的登陆密码，输入后即会将客户端机器上的 "~/.ssh/id_rsa.pub" 文件内容追加到服务器上的 "~/.ssh/authorized_keys" 文件中）

 

若是是首次链接服务器会出现如下的提示，确认链接并输入密码后其余直接回车肯定。

[yzhao@p470-2 ~]$ ssh zhaoy@192.168.1.1

The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.

RSA key fingerprint is 94:91:33:01:6b:e7:10:ae:42:ac:ea:5c:8c:bb:f1:18.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.

zhaoy@192.168.1.1's password:

Last login: Fri Dec 21 17:41:38 2007 from 172.16.16.1

Rocks 4.2.1 (Cydonia)

Profile built 03:58 21-Jun-2007

 

Kickstarted 12:25 21-Jun-2007

Rocks Frontend Node - Our Cluster Cluster

 

It doesn't appear that you have set up your ssh key.

This process will make the files:

     /home/zhaoy/.ssh/id_rsa.pub

     /home/zhaoy/.ssh/id_rsa

     /home/zhaoy/.ssh/authorized_keys

 

Generating public/private rsa key pair.

Enter file in which to save the key (/home/zhaoy/.ssh/id_rsa):

Created directory '/home/zhaoy/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/zhaoy/.ssh/id_rsa.

Your public key has been saved in /home/zhaoy/.ssh/id_rsa.pub.

The key fingerprint is:

7e:f6:ab:b0:79:70:cb:c9:f7:40:37:aa:10:4d:4a:ac zhaoy@cluster.hpc.org

 

3 、若是在第 1 步中 使用了空的passphrase ，则能够跳过第 4 步，此时在客户端便可以使用 "ssh zhaoy@192.168.1.1" 便可无密码登陆到服务器；若是第一步中设置了 passphrase ，则继续执行如下步骤。

 

4 、 若是第 1 步中设置了 passphrase ，则此时须要输入该 passphrase 登陆服务器。 此时 前面咱们把输入密码变成了输入passphrase ， 这没有带来任何方便 。 可是 咱们能够经过 ssh-agent 来帮助咱们自动输入 passphrase(只是看起来像是自动输入而已) ， 咱们只要 在第一次登陆时 输入一次passphrase, 之后的工做就能够交给ssh-agent 。在客户端机器上执行命令 ssh-add ， 这里会提示输入一次passphrase 。输入第一步中设置的 passphrase 以后会修改 "~/ .ssh / id_rsa " 文件。再在客户端执行 "ssh zhaoy@192.168.1.1" 便可无密码登陆到服务器端。

 

[yzhao@p470-2 ~]$ ssh-add

Enter passphrase for /disk2/yzhao/.ssh/id_rsa:

Identity added: /disk2/yzhao/.ssh/id_rsa (/disk2/yzhao/.ssh/id_rsa)

[yzhao@p470-2 ~]$ ssh zhaoy@192.168.1.1

Last login: Fri Dec 21 17:55:38 2007 from 172.16.16.1

Rocks 4.2.1 (Cydonia)

Profile built 03:58 21-Jun-2007

 

Kickstarted 12:25 21-Jun-2007

Rocks Frontend Node - Our Cluster Cluster

[zhaoy@cluster ~]$