自動目錄
自動程式需要進到別台機器時,沒辦法使用交談式方式輸入密碼,所以要預先交換好金鑰,這是傳統的作法[1]:
1. 產生公私金錀
2. 把公錀加到目標機器中帳號中的目錄下的 ~/.ssh/authorized_keys 中
後來發現 [網管心得]ssh keygen用法@外行中的外行提供一個方法,超級好用的,例如要登入192.168.1.1這台機器:
$ ssh-copy-id username@192.168.1.1
這是一台FREEBSD的機器,我如法泡製時,出現這樣的錯誤:
ssh-copy-id root@163.22.168.5:~
Could not open a connection to your authentication agent.
no keys found
Could not open a connection to your authentication agent.
no keys found
嗯,它說你要有keys?
解決方法
一、建立 KEYS PAIR
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): <<按ENTER>>
Enter passphrase (empty for no passphrase):<<按ENTER>>
Enter same passphrase again:<<按ENTER>>
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ADHoATx9efwH5QSRNIIvRrL3ucT0Zjx9HwYqvRHJpJU root@myhost
The key's randomart image is:
+---[RSA 2048]----+
|o...+.+..==o. |
| ooo B o.o+E |
| ...= + . *.. |
| .. + + o = . |
| o = S + o . |
| = B = . o |
| . + o + o .|
| . . . |
| |
+----[SHA256]-----+
Enter file in which to save the key (/root/.ssh/id_rsa): <<按ENTER>>
Enter passphrase (empty for no passphrase):<<按ENTER>>
Enter same passphrase again:<<按ENTER>>
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:ADHoATx9efwH5QSRNIIvRrL3ucT0Zjx9HwYqvRHJpJU root@myhost
The key's randomart image is:
+---[RSA 2048]----+
|o...+.+..==o. |
| ooo B o.o+E |
| ...= + . *.. |
| .. + + o = . |
| o = S + o . |
| = B = . o |
| . + o + o .|
| . . . |
| |
+----[SHA256]-----+
於是乎,在家目錄下的隱藏目錄會出現兩個檔案,因為我是 root:
id_rsa
id_rsa.pub
二、把公鑰複製到遠端機器
$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.1.1
Password for root@servername: <<打入密碼>>
Password for root@servername: <<打入密碼>>
這樣就完成了,試著登入看看
$ ssh 192.168.1.1
發現不用再打密碼了
參考資料
[1] ssh keygen 免輸入密碼 https://blog.longwin.com.tw/2005/12/ssh_keygen_no_passwd/
[4] Man ssh-copy-id
END
