今天講講ssh-agent
先來張圖:
儘管期望無密碼登錄,但無口令的密鑰不是一個好的選擇(運行在本地偽分散式時,不防使用一個空的口令)。因此當使用ssh-keygen生成密鑰對時,不防設置一個口令。然後使用ssh-agent以免每個連接逐一輸入密碼。
以下是ssh-agent的使用示例:
步1:登錄linux
> ssh 192.168.56.81
步2:生成帶有密碼的ssh密鑰對
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wangjian/.ssh/id_rsa):
Created directory "/home/wangjian/.ssh".
Your identification has been saved in /home/wangjian/.ssh/id_rsa.
Your public key has been saved in /home/wangjian/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sKfzklrYrRm/JNSqtHfFsIFgibZlBZylSsPElyjO6X0 wangjian@cent81
The key"s randomart image is:
+---[RSA 2048]----+
| ..+.Bo |
|.o= @. |
|oo=*.... |
| =.o .+o |
|. o o S= |
| . . E =. o |
| + O.o. |
| . ++X. |
| +ooo+. |
+----[SHA256]-----+
步3:將公鑰copy到待登錄的伺服器上
使用ssh-copy-id將公鑰拷貝到指定的伺服器上,命令:ssh-copy-id ip或主機名
[wangjian@cent81 ~]$ ssh-copy-id cent81
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/wangjian/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
wangjian@cent81"s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh "cent81""
and check to make sure that only the key(s) you wanted were added.
步4:測試在沒有使用ssh-agent時必須要輸入私鑰的密碼才可以登錄
[wangjian@cent81 ~]$ ssh cent81
Enter passphrase for key "/home/wangjian/.ssh/id_rsa":這兒要求輸入id_rsa的密碼後才可以登錄成功
Last login: Sat Jun 2 21:53:17 2018 from cent81
步5:啟動ssh-agent
使用ssh-agent bash將啟動一個ssh-agent,同時打開一個新的ssh會話。所以,如果要退出這個ssh-agent只要執行exit就可以退出前一次登錄的bash。
[wangjian@cent81 ~]$ ssh-agent bash
步6:將私鑰添加到ssh-agent的緩存
使用ssh-add keys可以將私鑰添加到ssh-agent的緩存。
[wangjian@cent81 ~]$ ssh-add ~/.ssh/id_rsa
Enter passphrase for /home/wangjian/.ssh/id_rsa:這兒要求輸出id_rsa私鑰的密碼
Identity added: /home/wangjian/.ssh/id_rsa (/home/wangjian/.ssh/id_rsa)
添加以後,可以使用ssh-add -l顯示添加到ssh-agent緩存中的私鑰列表:
[wangjian@cent81 ~]$ ssh-add -l
2048 SHA256:sKfzklrYrRm/JNSqtHfFsIFgibZlBZylSsPElyjO6X0 /home/wangjian/.ssh/id_rsa (RSA)
步7:現在就可以在ssh-agent代理下不用再輸入密碼登錄了
[wangjian@cent81 ~]$ ssh cent81
Last login: Sat Jun 2 21:55:50 2018 from cent81
步8:退出兩次結束ssh-agent
[wangjian@cent81 ~]$ exit在ssh-agent代理下,使用exit登出ssh-agent的bash
exit
[wangjian@cent81 ~]$ ssh cent81現在再使用ssh登錄伺服器就必須要輸入id_rsa的密碼了
Enter passphrase for key "/home/wangjian/.ssh/id_rsa":
Last login: Sat Jun 2 22:02:17 2018 from cent81
由於沒有在ssh-agent的bash裡面,所以,無法執行ssh-add命令:
[wangjian@cent81 ~]$ ssh-add -l
Could not open a connection to your authentication agent.
更多命令:
啟動ssh-agent:ssh-agent bash
關閉ssh-agent:ssh-agent -k或直接exit退出ssh-agent的bash。
將私鑰添加到ssh-agent代理:ssh-add ~/.ssh/key_name
查看代理中的私鑰:ssh-add -l
查看代理中私鑰對應的公鑰:ssh-add -L
刪除指定的私鑰:ssh-add -d ~/.ssh/key_name
刪除示例:
[wangjian@cent81 ~]$ ssh-add -d ~/.ssh/id_rsa
Identity removed: /home/wangjian/.ssh/id_rsa (wangjian@cent81)
刪除代理中的所有私鑰:ssh-add -D
刪除所有示例:
[wangjian@cent81 ~]$ ssh-add -D
All identities removed.
歡迎關註:
TAG:健哥說編程 |