試了二次沒成功,擱置了好久,今天再試一把
原來我的步驟方法是對的,就是少了臨門一角「644」!!!
簡單講一下
Server_A提供ssh連線
Client_otnv每次利用ssh連到Server_A時都要打密碼
於是我先在client_otnv裡用ssh-keygen指令製造相對應的private和public key
把public key加入到Server_A要登入帳號的~/.ssh/authorized_keys就行了!!
方法和步驟
Step 1. 產生private和public key
In Client_otnv,
otnv:~# ssh-keygen -t rsa 或 ssh-keygen -d (dsa) => rsa產生出 id_rsa, id_rsa.pub;dsa產生出id_dsa id_dsa.pub
otnv:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): (不輸入,直接按Enter)
Enter passphrase (empty for no passphrase): (不輸入,直接按Enter)
Enter same passphrase again: (不輸入,直接按Enter)
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
12:1c:66:52:b1:f3:ce:61:a9:08:fd:01:12:e7:6e:d3 root@otnv
The key's randomart image is:
+--[ RSA 2048]----+
| ..*. |
| * . |
|. . o o |
| + o . |
|. o o S |
| + o - . |
|. + E o |
|.o = o |
|. . |
+-----------------+
Step 2. 將產生的public key加入到Server_A的~/.ssh/authorized_keys
otnv:~/.ssh# ls
id_rsa id_rsa.pub
otnv:~/.ssh#scp id_rsa.pub otnv@servera.com.tw:~/.ssh
Password:
id_rsa.pub 100% 392 0.4KB/s 00:00
otnv:~/.ssh#ssh otnv@servera.com.tw
Password:
otnv@servera:~$ cd .ssh
otnv@servera:~/.ssh$ cat id_rsa.pub >> authorized_keys
otnv@servera:~/.ssh$ chmod 600 authorized_key
otnv@servera:~/.ssh$ exit
logout
Step 3. 恭喜您!!!再登入就不用密碼囉!!
otnv:~#ssh otnv@servera.com.tw
otnv@servera:~$
2010/07/12 Modify:
chmod 644 -> chmod 600
一般檔案權限為655,group和other可以讀和執行
改為644後,group和other可以讀,但這是比較不安全的作法
雖然public key需要有相對應的private key才會發揮作用
但是最安全的作法是改為600,group和other都不能讀
-------------------------------------------------------------
Reference:
1. http://www.l-penguin.idv.tw/article/ssh-keygen.htm
2. http://plog.longwin.com.tw/post/1/293
3. http://slv922.pixnet.net/blog/post/26419814
文章標籤
全站熱搜
Diary (1)
otnv@servera:~/.ssh$ chmod 600 authorized_key 你好大大 請問渭河我這異步他說不能存取阿 上述都有成功剩這一步掛了..教教我
我發現好KEY少一個S 我步驟都做完但是免密碼還是沒有成功