需要为同一 Linux 服务器和同一用户设置无密码登录

Question 1

很简单。只需像这样在您的系统上创建一个无密码的 SSH 密钥即可。下面是一个使用本地沙盒设置的示例，我使用的是 Ubunbtu 12.04，但应该适用于大多数现代 Linux/Unix 设置。

首先，创建密钥：

ssh-keygen -t rsa

然后您将收到以下提示。只需点击Enter（无需输入）每个项目：

Enter file in which to save the key (/home/myuser/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

之后，您应该会在屏幕上看到类似这样的内容。这意味着密钥已创建：

Your identification has been saved in /home/myuser/.ssh/id_rsa.
Your public key has been saved in /home/myuser/.ssh/id_rsa.pub.
The key fingerprint is:
ab:12:cd:34:ef:56:gh:78:ij:90:kl:12:mn:34:op:56 myuser@my_host
The key's randomart image is:
+--[ RSA 2048]----+
|    . ==*o       |
|     o =++       |
|      +.+        |
|     . +         |
|  . o . S        |
| o o .          |
|o E              |
|+  .            |
|=+.             |
+-----------------+

现在，将的内容复制~/.ssh/id_rsa.pub到中authorized_keys：

nano ~/.ssh/authorized_keys

at the bottom of只需将 ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys . If you do not have anauthorized_keys file already you will be creating one with thatnano 600`的内容command so you should set proper permissions on the file—（又名所有者/用户读写）放置为只读，这样 SSH 就不会像这样阻塞它：

chmod 600 ~/.ssh/authorized_keys

现在完成了这些，你就大功告成了。最后一步，你只需在机器内登录到你的机器，你就会看到一个“已知主机”警告，如下所示：

The authenticity of host 'my_host(123.456.78.90)' can't be established.
ECDSA key fingerprint is ab:12:cd:34:ef:56:gh:78:ij:90:kl:12:mn:34:op:56.
Are you sure you want to continue connecting (yes/no)? yes

只需回答yes，然后你就会收到如下消息：

Warning: Permanently added 'my_host,123.456.78.90' (ECDSA) to the list of known hosts.

现在您应该已经全部设置好了。以后您通过 SSH 登录该机器将完全无需密码。

如果您想调试连接，请务必使用-v如下（详细）选项：

ssh -v myuser@my_host

如果一切顺利，您将获得详细但干净的输出，如下所示：

OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to my_host [123.456.78.90] port 22.
debug1: Connection established.
debug1: identity file /home/myuser/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_dsa type -1
debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ab:12:cd:34:ef:56:gh:78:ij:90:kl:12:mn:34:op:56
debug1: Host 'my_host' is known and matches the ECDSA host key.
debug1: Found key in /home/myuser/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/myuser/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to my_host  ([123.456.78.90]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-34-generic x86_64)

如果这不起作用，只需查看调试输出并查看哪里出现了调试障碍。

Answer

很简单。只需像这样在您的系统上创建一个无密码的 SSH 密钥即可。下面是一个使用本地沙盒设置的示例，我使用的是 Ubunbtu 12.04，但应该适用于大多数现代 Linux/Unix 设置。

首先，创建密钥：

ssh-keygen -t rsa

然后您将收到以下提示。只需点击Enter（无需输入）每个项目：

Enter file in which to save the key (/home/myuser/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

之后，您应该会在屏幕上看到类似这样的内容。这意味着密钥已创建：

Your identification has been saved in /home/myuser/.ssh/id_rsa.
Your public key has been saved in /home/myuser/.ssh/id_rsa.pub.
The key fingerprint is:
ab:12:cd:34:ef:56:gh:78:ij:90:kl:12:mn:34:op:56 myuser@my_host
The key's randomart image is:
+--[ RSA 2048]----+
|    . ==*o       |
|     o =++       |
|      +.+        |
|     . +         |
|  . o . S        |
| o o .          |
|o E              |
|+  .            |
|=+.             |
+-----------------+

现在，将的内容复制~/.ssh/id_rsa.pub到中authorized_keys：

nano ~/.ssh/authorized_keys

at the bottom of只需将 ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys . If you do not have anauthorized_keys file already you will be creating one with thatnano 600`的内容command so you should set proper permissions on the file—（又名所有者/用户读写）放置为只读，这样 SSH 就不会像这样阻塞它：

chmod 600 ~/.ssh/authorized_keys

现在完成了这些，你就大功告成了。最后一步，你只需在机器内登录到你的机器，你就会看到一个“已知主机”警告，如下所示：

The authenticity of host 'my_host(123.456.78.90)' can't be established.
ECDSA key fingerprint is ab:12:cd:34:ef:56:gh:78:ij:90:kl:12:mn:34:op:56.
Are you sure you want to continue connecting (yes/no)? yes

只需回答yes，然后你就会收到如下消息：

Warning: Permanently added 'my_host,123.456.78.90' (ECDSA) to the list of known hosts.

现在您应该已经全部设置好了。以后您通过 SSH 登录该机器将完全无需密码。

如果您想调试连接，请务必使用-v如下（详细）选项：

ssh -v myuser@my_host

如果一切顺利，您将获得详细但干净的输出，如下所示：

OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to my_host [123.456.78.90] port 22.
debug1: Connection established.
debug1: identity file /home/myuser/.ssh/id_rsa type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048
debug1: identity file /home/myuser/.ssh/id_rsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_dsa type -1
debug1: identity file /home/myuser/.ssh/id_dsa-cert type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa type -1
debug1: identity file /home/myuser/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: match: OpenSSH_5.9p1 Debian-5ubuntu1.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA ab:12:cd:34:ef:56:gh:78:ij:90:kl:12:mn:34:op:56
debug1: Host 'my_host' is known and matches the ECDSA host key.
debug1: Found key in /home/myuser/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/myuser/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to my_host  ([123.456.78.90]:22).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 3.13.0-34-generic x86_64)

如果这不起作用，只需查看调试输出并查看哪里出现了调试障碍。

Question 2

使用以下方法创建 rsa 身份验证密钥公钥/私钥对：

ssh-keygen

如果您不想提示输入密码，请不要输入任何密码。

然后获取公钥的内容并将其复制到服务器端用户的 .ssh/authorized_keys 文件中。您可以通过 ftp 将公钥传输到服务器用户的 .ssh 目录。

cat ~/.ssh/your_id_rsa.pub >> ~/.ssh/authorized_keys

你现在应该能够 ssh[电子邮件保护]无需输入密码/密码短语。如果您遇到任何问题，请检查 .ssh 中文件的权限 - 公共文件需要为 644，私有文件需要为 600，目录需要为 644（我认为）。请 Google 确认。通常，如果您使用 ssh-keygen，它会为您正确设置权限。

Answer

使用以下方法创建 rsa 身份验证密钥公钥/私钥对：

ssh-keygen

如果您不想提示输入密码，请不要输入任何密码。

然后获取公钥的内容并将其复制到服务器端用户的 .ssh/authorized_keys 文件中。您可以通过 ftp 将公钥传输到服务器用户的 .ssh 目录。

cat ~/.ssh/your_id_rsa.pub >> ~/.ssh/authorized_keys

你现在应该能够 ssh[电子邮件保护]无需输入密码/密码短语。如果您遇到任何问题，请检查 .ssh 中文件的权限 - 公共文件需要为 644，私有文件需要为 600，目录需要为 644（我认为）。请 Google 确认。通常，如果您使用 ssh-keygen，它会为您正确设置权限。

Question 3

您需要设置ssh 公钥认证然后强制 ssh 仅使用密钥进行身份验证。

出于安全目的，我不建议您完全禁用密码和身份验证。

注意：如果您不想禁用密码验证，则不必禁用，公钥验证仍然有效。但如果您有公共服务服务器，这只是一个好习惯。

Answer

您需要设置ssh 公钥认证然后强制 ssh 仅使用密钥进行身份验证。

出于安全目的，我不建议您完全禁用密码和身份验证。

注意：如果您不想禁用密码验证，则不必禁用，公钥验证仍然有效。但如果您有公共服务服务器，这只是一个好习惯。

Question 4

您需要将 ssh 公钥添加到您的授权密钥中才能执行此操作，最简单的方法是

ssh-copy-id root@myhost1

这将要求输入密码，输入一次后，下次您将无需密码即可登录

Answer

您需要将 ssh 公钥添加到您的授权密钥中才能执行此操作，最简单的方法是

ssh-copy-id root@myhost1

这将要求输入密码，输入一次后，下次您将无需密码即可登录

需要为同一 Linux 服务器和同一用户设置无密码登录

答案1

答案2

答案3

答案4

相关内容