ssh密钥登录 改密码登录
In last post we saw how to use Expect Script for login to remote server using SSH. The problem with Expect script is that your password is written in a normal text file and can be compromised. Similar problem arises with password because if someone knows your password, he can easily login to your remote server.
在上一篇文章中,我们看到了如何使用Expect脚本通过SSH登录到远程服务器。 Expect脚本的问题在于,您的密码写在普通的文本文件中,可能会受到影响。 密码也会出现类似的问题,因为如果有人知道您的密码,他就可以轻松登录到您的远程服务器。
SSH provides a more secure way to login using SSH Public Key authentication that doesn’t require password. This method has two levels of security because it also requires a passphrase, so hacker will need both of these to login to remote server. In this post, we will learn how easily we can setup public key authentication between your local machine and remote server.
SSH使用不需要密码的SSH公钥身份验证提供了一种更安全的登录方式。 该方法具有两个安全级别,因为它还需要一个密码短语,因此黑客将需要这两个密码才能登录到远程服务器。 在本文中,我们将学习如何轻松地在本地计算机和远程服务器之间设置公共密钥身份验证。
生成SSH密钥对 (Generate SSH Key Pair)
First of all we need to generate the public and private keys that will be used for SSH authentication purpose. We can generate these usingssh-keygen. The private and public key needs to be generated at the local machine.
首先,我们需要生成将用于SSH身份验证的公钥和私钥。 我们可以使用ssh-keygen生成它们。 私钥和公钥需要在本地计算机上生成。
pankaj@Pankajs-MacBook-Pro:~$ ssh-keygenGenerating public/private rsa key pair.Enter file in which to save the key (/Users/pankaj/.ssh/id_rsa): <ENTER> Enter passphrase (empty for no passphrase): <passphrase>Enter same passphrase again: <passphrase>Your identification has been saved in /Users/pankaj/.ssh/id_rsa.Your public key has been saved in /Users/pankaj/.ssh/id_rsa.pub.The key fingerprint is:e7:ad:6c:d8:06:rr:8f:ef:5s:fe:e2:2f:05:9c:5f:b0 pankaj@Pankajs-MacBook-Pro.localThe key's randomart image is:+--[ RSA 2048]----+| || || . || . + || DE .|| .o . o.|| =. . +|| ..=. ..* || oo.o=*o*|+-----------------+
For better security purpose, you should never leave passphrase empty. Once theSSH key pairis generated we are ready to move to next step.
为了提高安全性,切勿将密码短语留空。 生成SSH密钥对后,我们就可以进行下一步了。
使用公钥设置远程服务器 (Setting up Remote Server with Public Key)
Once the public key is generated (/Users/pankaj/.ssh/id_rsa.pub), the next task is to copy it over to the remote server. You can usessh-copy-idfor copying the public key to the remote server but it’s not available in OpenSSH. So you will have to either SFTP the public key or you can just copy paste it to the authorized_keys at the remote server. Also we need to change the permissions on the ssh directory and authorized_keys file.
生成公钥后(/Users/pankaj/.ssh/id_rsa.pub),下一个任务是将其复制到远程服务器上。 您可以使用ssh-copy-id将公钥复制到远程服务器,但在OpenSSH中不可用。 因此,您将必须通过SFTP公开密钥,也可以将其复制粘贴到远程服务器上的authorized_keys中。 另外,我们需要更改ssh目录和authorized_keys文件的权限。
pankaj@and [~]# mkdir .sshpankaj@and [~]# cd .ssh/pankaj@and [~/.ssh]# vi authorized_keys <paste the contents from /Users/pankaj/.ssh/id_rsa.pub>pankaj@and [~/.ssh]# cd pankaj@and [~]# chmod 700 .sshpankaj@and [~]# chmod 600 .ssh/authorized_keys
After you are done with above steps, you can login to the remote server without using password.
完成上述步骤后,无需使用密码即可登录到远程服务器。
pankaj@Pankajs-MacBook-Pro:~$ ssh pankaj@Last login: Mon Jun 10 22:05:25 from c-67-161-57-160.pankaj333@and [~]#
重要事项 (Important Points)
If you are on Mac OS, when you will try to login first time, Keychain window will popup asking for passphrase. You can use remember password option so that it won’t ask for passphrase again.如果您使用的是Mac OS,则首次尝试登录时,会弹出“钥匙串”窗口,要求输入密码。 您可以使用“记住密码”选项,以便它不再要求输入密码。
If you are on Unix or Linux system, you will be asked to enter passphrase for login but you can avoid that usingssh-agentandssh-addcommands.
pankaj@Pankajs-MacBook-Pro:~$ ssh-agent $SHELLpankaj@Pankajs-MacBook-Pro:~$ ssh-addEnter passphrase for /Users/pankaj/.ssh/id_rsa: Identity added: /Users/pankaj/.ssh/id_rsa (/Users/pankaj/.ssh/id_rsa)pankaj@Pankajs-MacBook-Pro:~$
如果您使用的是Unix或Linux系统,则系统会要求您输入密码来登录,但可以使用ssh-agent和ssh-add命令避免这种情况。 Make sure to delete the public key file (/Users/pankaj/.ssh/id_rsa.pub) after you have added it to the remote host.将公用密钥文件(/Users/pankaj/.ssh/id_rsa.pub)添加到远程主机后,请确保将其删除。
翻译自: /1408/how-to-ssh-login-without-password-using-key-pair
ssh密钥登录 改密码登录
如果觉得《ssh密钥登录 改密码登录_如何使用密钥对通过SSH登录而不使用密码》对你有帮助,请点赞、收藏,并留下你的观点哦!
