Linux 如何设置公钥认证?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7260/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I setup Public-Key Authentication?
提问by Eldila
How do I setup Public-Key Authentication for SSH?
如何为 SSH 设置公钥认证?
采纳答案by dbr
If you have SSH installed, you should be able to run..
如果你安装了 SSH,你应该可以运行..
ssh-keygen
Then go through the steps, you'll have two files, id_rsaand id_rsa.pub(the first is your private key, the second is your public key - the one you copy to remote machines)
然后通过这些步骤,您将有两个文件,id_rsa并且id_rsa.pub(第一个是您的私钥,第二个是您的公钥 - 您复制到远程机器的那个)
Then, connect to the remote machine you want to login to, to the file ~/.ssh/authorized_keysadd the contents of your that id_rsa.pubfile.
然后,连接到您要登录的远程机器,向该文件~/.ssh/authorized_keys添加该文件的内容id_rsa.pub。
Oh, and chmod 600all the id_rsa*files (both locally and remote), so no other users can read them:
哦,还有chmod 600所有id_rsa*文件(本地和远程),因此其他用户无法读取它们:
chmod 600 ~/.ssh/id_rsa*
Similarly, ensure the remote ~/.ssh/authorized_keysfile is chmod 600also:
同样,确保远程~/.ssh/authorized_keys文件chmod 600也是:
chmod 600 ~/.ssh/authorized_keys
Then, when you do ssh remote.machine, it should ask you for the key's password, not the remote machine.
然后,当您这样做时ssh remote.machine,它应该询问您密钥的密码,而不是远程机器的密码。
To make it nicer to use, you can use ssh-agentto hold the decrypted keys in memory - this means you don't have to type your keypair's password every single time. To launch the agent, you run (including the back-tick quotes, which eval the output of the ssh-agentcommand)
为了更好地使用,您可以使用ssh-agent将解密的密钥保存在内存中 - 这意味着您不必每次都键入密钥对的密码。要启动代理,请运行(包括反引号,它评估ssh-agent命令的输出)
`ssh-agent`
On some distros, ssh-agent is started automatically. If you run echo $SSH_AUTH_SOCKand it shows a path (probably in /tmp/) it's already setup, so you can skip the previous command.
在某些发行版上,ssh-agent 会自动启动。如果你运行echo $SSH_AUTH_SOCK它并显示一个路径(可能在 /tmp/ 中),它已经设置好了,所以你可以跳过上一个命令。
Then to add your key, you do
然后添加你的密钥,你做
ssh-add ~/.ssh/id_rsa
and enter your passphrase. It's stored until you remove it (using the ssh-add -Dcommand, which removes all keys from the agent)
并输入您的密码。它会一直存储,直到您将其删除(使用ssh-add -D从代理中删除所有密钥的命令)
