也知道這個東西,你們都會,就當是誰忘了的時候,作個提醒的吧。。。安全
ssh 是一個專爲遠程登陸會話和其餘網絡服務提供安全性的協議。默認狀態下ssh連接是須要密碼認證的,能夠經過添加系統認證(即公鑰-私鑰)的修改,修改後系統間切換能夠避免密碼輸入和ssh認證。如下將建立過程簡單介紹下。網絡
1、用ssh-keygen建立公鑰dom
haifeng@haifeng-EX38-DS4:/$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/haifeng/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/haifeng/.ssh/id_rsa.
Your public key has been saved in /home/haifeng/.ssh/id_rsa.pub.
The key fingerprint is:
7b:75:98:eb:fd:13:ce:0f:c4:cf:2c:65:cc:73:70:53 haifeng@haifeng-EX38-DS4
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| E|
| .|
| ...|
| + =.|
| S + +.*|
| . . + Bo|
| . . . = =|
| . . . * |
| . ..=|
+-----------------+ssh
##輸入後,會提示建立.ssh/id_rsa、id_rsa.pub的文件,其中第一個爲密鑰,第二個爲公鑰。過程當中會要求輸入密碼,爲了ssh訪問過程無須密碼,能夠直接回車 。ide
2.查看鑰匙。spa
[root@localhost .ssh]# ls ~/.ssh/
id_rsa id_rsa.pub known_hosts
###能夠發現 ssh目錄下的兩枚鑰匙。orm
3.將公鑰複製到被管理機器上面ci
[root@localhost .ssh]# scp id_rsa.pub root@192.168.36.194:~/.ssh/authorized_keys
root@192.168.36.194's password:
id_rsa.pub 100% 408 0.4KB/s 00:00qt
4.訪問it
# ssh 192.168.36.194
The authenticity of host '<Game2> (<192.168.36.194>)' can't be established.
RSA key fingerprint is 34:b9:92:06:53:e6:91:4d:47:92:73:57:78:6a:5d:09.
Are you sure you want to continue connecting (yes/no)?yes
Warning: Permanently added '<Game2> (<192.168.36.194>' (RSA) to the list of known hosts.
這是由於首次訪問後,ssh會在.ssh/known_hosts中保存各個認證過的主機信息:
192.168.36.194 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAppStzIRxeFn0e737z7KO1tdm6CJUoLapaaoBDZqHy0Z11cUAmpg02dbrqwU7TBY9lDFwWQcry+W8X8qk1CoPdzu8YcMCpw5425mai0/RxkB/RPZ1putL2DQrRBMRTU1m5meLOYRXYlnU5E+YElCgH+ZJ8EXiurOzDvw6vi7pASi9wMQuJosFyNmv5E9/8ULgaKg3LtvP+0O1wPxrHOBDwVq2u9Oi7T2pX8deBEnOI4uG4CGXn/p0ml+uuS4DO3Up2VjqoRtqtuzWExnTyAGS/wQNnN3mera1ERya3FomEVHJRV5K2zJRkgSF8WfETXzQ2rAliOsW/YLTGF8vVvjo5w==
5.再次訪問,ssh登陸發現能夠不用密碼登陸。
[root@localhost .ssh]# ssh 192.168.36.194 Last login: Fri Apr 22 00:56:45 2011 from 192.168.18.44 [root@Game2 ~]#