原创

linux实现密钥自动登录

1.本地机器生成密钥

[root@express-balance ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 4c:70:f5:87:1b:de:8e:3a:ff:53:d0:bb:a8:1b:8d:75 root@express-balance The key's randomart image is: +--[ RSA 2048]----+ | . ... | | o . . | | . + .. | | o . =. .| | S o..E.| | +o...| | o..o..| | ...... | | .=+... | +-----------------+

2.建公约传给需要登录的远程主机

[root@express-balance .ssh]# scp id_rsa.pub root@192.168.35.3:/root/.ssh Address 192.168.35.3 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! root@192.168.35.3's password: id_rsa.pub 100% 402 0.4KB/s 00:00

3.添加到认证文件里面

[root@amssy_test35_3 .ssh]# cat id_rsa.pub >> authorized_keys [root@amssy_test35_3 .ssh]# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3wi+Y8GdcntBOc6kvkJUvwSLgIf56vOlzSLcL3HbrAdRB8uE2Y+aWj8g1apNokHMoibv9HKP5vByD5RyW8pMQerEIVQaLSOYaBQJ5zXd+KE13G24wnQcA29+dX9T7HL2OiqH/6Hi6iSiU91vVPd0mY7BHXGKs6siBheh9tjyo7i64OXr12m30S+jVnIm/Yui7Rp+cN1vxew3Q9yzg6u720lrj1sIqRtp1KwYAByDqeKvXoZCn8gFwRtIfHMS/1yiRT94qy73i7pRQblUYMIuJE5MdJwUQZ4byUnpZfCQJdA/Rp1wpIvqr4TS2ox/RD5FvzMj+bOn+7G3pydOSHlSMQ== root@amssy_test35_206 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvxpOt57uBWhvghIZw+ovTUVVW+KUlYmrpOaq/tjqircJIgmV2Ah2u7MZ0BpeVm5jRkDCTgfrvDDMi7EkIT8waYjdcc6p5zW8yxHsD9w0fe2DR+ZLVAVUeDLO9qmuTwmNIm9nfFmK7iiUSQ2cPc2dDLgRhTUDSffT5/w9RICymXztpvXZrnvDhpb8n2mSo7CyYkcZevA4IUP2tf8zAOBrhaz+Uz6hGc62g/QbYxRIWqtnmsfG8iXYLqcqlcSgs4P6k8rBYMtbaMRNjZbZSlZLytAduzaNWVwN1hS9ffGtujdiVu5AtFfAUm0ffQH5tpEvqIR5I0rpH84TkSeuKXM0Iw== root@express-balance

4.验证不需要输入密码自动登录

[root@express-balance .ssh]# ssh root@192.168.35.3 Address 192.168.35.3 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Last login: Thu Mar 6 09:56:25 2014 from 192.168.53.106

5.SecureCRT key登录linux ssh设置 一、首先用secureCrt创建密钥

1.使用SecureCRT创建私钥和公钥. SecureCRT quick Connect-> Authentiation -> Public Key -> Properties ->Create Identity File -> DSA/RSA -> Set Passphrase -> Done 这个时候在指定目录会生成两个文件，例如，私钥my_rsa和公钥my_rsa.pub 2.linux服务器上建立.ssh目录,一般情况下,已经有这个目录 # mkdir /root/.ssh # chmod 700 /root/.ssh 3.将公钥my_rsa.pub传到linux服务器，将SSH2兼容格式的公钥转换成为Openssh兼容格式 # ssh-keygen -i -f Identity.pub >> /root/.ssh/authorized_keys2 # chmod 600 /root/.ssh/authorized_keys2 4.在SecureCRT里面设置登录模式为PublicKey，并选择刚刚创建的my_rsa文件作为私钥 5.重启Linux服务器上SSH服务器 #service sshd restart或者/etc/init.d/ssh restart 6.由于已经设置了密钥登录，原来的密码登录就完全可以去掉 $ sudo vim /etc/ssh/sshd_config Protocol 2 /仅允许使用SSH2 PubkeyAuthentication yes /*启用PublicKey认证 AuthorizedKeysFile .ssh/authorized_keys2 /*PublicKey文件路径 PasswordAuthentication no /*禁止密码验证登录 PS:以上步骤是使用SecureCRT生成的密钥对来进行登录验证的，其实也可以在服务器上使用ssh-keygen命令生成的密钥，同样在生成密钥对之后，将格式转换成SecureCRT使用的SSH2格式

正文到此结束