ssh无密码登录_3个简单步骤即可完成无密码SSH登录

ssh无密码登录

SSH (Secure SHELL) is a secure opensource network protocol that allows users to log in securely to remote Linux systems and other network devices. In addition, the protocol is used for the transfer of files between Linux systems using Secure copy (SCP) protocol.

SSH（Secure SHELL）是一种安全的开源网络协议，允许用户安全地登录到远程Linux系统和其他网络设备。此外，该协议还用于使用安全复制（SCP）协议在Linux系统之间传输文件。

Usually, SSH prompts users for passwords before login. However, you can configure SSH Passwordless login to another remote Linux system from your Linux system. This enhances trust and comes in handy in cron jobs that require backup of files remotely using the SCP protocol.

通常，SSH在登录前提示用户输入密码。但是，您可以将SSH无密码登录配置为从Linux系统登录到另一个远程Linux系统。这样可以增强信任度，并在需要使用SCP协议远程备份文件的cron作业中派上用场。

In this guide, you will learn how to set up passwordless SSH login using ssh keys to increase trust between two servers.

在本指南中，您将学习如何使用ssh密钥设置无密码SSH登录，以增加两个服务器之间的信任。

搭建环境 (Set up environment)

ssh client      : 66.152.163.19 (Ubuntu 18.04)ssh remote Host : 173.82.2.236  (CentOS 7)

在客户端系统上生成SSH密钥（66.152.163.19） (Generate SSH keys on the client system ( 66.152.163.19 ) )

The first step in setting up a passwordless login is to generate ssh authentication keys in the client system. SSH keys are digital keys that create trust between Linux systems.

设置无密码登录名的第一步是在客户端系统中生成ssh身份验证密钥。 SSH密钥是在Linux系统之间建立信任的数字密钥。

To generate the ssh keys execute the command.

要生成ssh密钥，请执行命令。

$ ssh-keygen

You will be prompted for the file in which to save the key. Hit ‘Enter’ to save to the default location directory ( /root/.ssh)

系统将提示您输入保存密钥的文件。点击“ Enter”保存到默认位置目录（/root/.ssh）

Enter file in which to save the key (/home/user/.ssh/id_rsa):

Hit Enter.

按下Enter键。

Next, you will be prompted for a passphrase. This we are setting up a passwordless login, hit ‘Enter’ twice to skip.

接下来，将提示您输入密码。这是我们要设置的无密码登录，按两次“ Enter”以跳过。

Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Hit ‘Enter’ on both occasions.

两次都按下“ Enter”。

The full output is shown below.

完整的输出如下所示。

Sample output

样品输出

The ssh-keygen command generates both public and private ssh keys and stores them in /root/.ssh directory.

ssh-keygen命令生成公共和私有ssh密钥，并将它们存储在/root/.ssh目录中。

To verify run:

验证运行：

ls /root/.ssh

Sample output

样品输出

The public key is denoted by id_rsa.pub.

公钥由id_rsa.pub表示。

The private key is denoted by id_rsa.

私钥由id_rsa表示。

将ssh公钥复制到远程系统（173.82.2.236） (Copying the ssh public key to the remote system (173.82.2.236))

The next step is to copy the public key to the remote Linux server. This will be achieved using the ssh-copy-id command as shown below.

下一步是将公钥复制到远程Linux服务器。这将使用ssh-copy-id命令来实现，如下所示。

ssh-copy-id remote_username@server_ip_address

In our example, the command will be:

在我们的示例中，命令将为：

ssh-copy-id root@173.82.2.236

You will be asked if you are sure you want to continue connecting. Type yes and hit ‘Enter’

系统将询问您是否确定要继续连接。输入yes然后按“ Enter”

The authenticity of host '173.82.2.236 (173.82.2.236)' can't be established.
ECDSA key fingerprint is SHA256:U4aOk0p30sFjv1rzgh73uhGilwJ2xtG205QFqzB9sns.
Are you sure you want to continue connecting (yes/no)? yes

Next, you will be prompted for the remote system’s password. Type the password and hit ‘Enter’

接下来，将提示您输入远程系统的密码。输入密码并点击“ Enter”

root@173.82.2.236's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@173.82.2.236'"
and check to make sure that only the key(s) you wanted were added.

The full output is shown below.

完整的输出如下所示。

The ssh public key will be saved at /root/.ssh/authorized_keys file on the remote system.

ssh公钥将保存在远程系统上的/root/.ssh/authorized_keys文件中。

登录到远程系统 (Logging in to the remote system)

Having copied the public ssh key to the remote system, you can now log in without being prompted for a password as shown.

将公用ssh密钥复制到远程系统后，您现在可以登录，而无需提示输入密码，如图所示。

ssh server-ip-address

For our case, this will be:

对于我们来说，这将是：

ssh 173.82.2.236

And that’s how you set up a Passwordless SSH setup from a client Linux system to a remote Linux server.

这就是从客户端Linux系统到远程Linux服务器的无密码SSH设置的方法。

Delete the public key from the client system. If you think that the private key is compromised, delete the public key from the remote server and set it up again.从客户端系统中删除公钥。如果您认为私钥已被破坏，请从远程服务器上删除公钥，然后重新设置。
The above SSH command works without giving user id because we are using the root user in both the servers. If you have set up passwordless login for some other user, please provide that in the SSH command too.上面的SSH命令可以在不提供用户ID的情况下工作，因为我们在两个服务器上都使用root用户。如果您为其他用户设置了无密码登录，请在SSH命令中也提供该密码。

翻译自: https://www.journaldev.com/30301/passwordless-ssh-login

ssh无密码登录