SSH 开启自动登录
假设服务器网址为: server.joycodes.com,客户端就为本地电脑.默认情况下,我们通过客户端ssh到服务器端,是需要输入密码来进行认证的.除了使用用户名和密码,SSH还可以使用公钥/私钥来进行认证,这样就避免在同一客户端SSH多次输入麻烦.
SSH 使用公钥/密钥认证的原理如下:
服务器端持有公钥,客户端持有密钥,当客户端通过SSH到服务器端时将会发送私钥,服务器端根据私钥和自身持有的密钥进行验证.如果匹配,认证通过.具体设置如下:
1.登录到服务器端,生成SSH公钥和密钥
1![]()
joy:joys-macpro31:~$ssh root@server.joycodes.com #登录用户为root
2![]()
root@server.joycodes.com's password: #输入root的密码
3![]()
[root@joycodes ~]#ssh-keygen -t rsa
5![]()
Generating public/private rsa key pair.
6![]()
Enter passphrase (empty for no passphrase): #直接按回车
7![]()
Enter same passphrase again: #直接按回车
8![]()
Your identification has been saved in /root/.ssh/id_rsa.
9![]()
Your public key has been saved in /root/.ssh/id_rsa.pub.
10![]()
The key fingerprint is:
11![]()
c5:ec:ce:c5:67:eb:fb:a4:05:a0:fd:05:75:92:ec:1c joy@joys-macpro31.local
joy:joys-macpro31:~$ssh root@server.joycodes.com #登录用户为root2
root@server.joycodes.com's password: #输入root的密码3
[root@joycodes ~]#ssh-keygen -t rsa5
Generating public/private rsa key pair.6
Enter passphrase (empty for no passphrase): #直接按回车7
Enter same passphrase again: #直接按回车8
Your identification has been saved in /root/.ssh/id_rsa.9
Your public key has been saved in /root/.ssh/id_rsa.pub.10
The key fingerprint is:11
c5:ec:ce:c5:67:eb:fb:a4:05:a0:fd:05:75:92:ec:1c joy@joys-macpro31.local
2.在服务器端将生成的公钥加入authorized_keys中
[root@joycodes ~]# cd ~/.ssh[root@joycodes ~]# cat id_rsa.pub >> authorized_keys[root@joycodes ~]# chmod 600 authorized_keys
3.退出服务器端,将私钥保存到客户端
1 [root@joycodes ~]# exit
2 joy:joys-macpro31:~$ mkdir -p ~/.ssh
3 joy:joys-macpro31:~$ cd ~/.ssh
4 joy:joys-macpro31:~/.ssh$ scp neo@server1.techpulp.com:.ssh/id_rsa ./
5 root@server.joycodes.com's password: #再次输入服务器密码 将私钥下载到 ~/.ssh目录中
6 .ssh/id_rsa 100% 2587 2.5KB/s 00:00
7 joy:joys-macpro31:~/.ssh$ chmod 600 id_rsa
2 joy:joys-macpro31:~$ mkdir -p ~/.ssh
3 joy:joys-macpro31:~$ cd ~/.ssh
4 joy:joys-macpro31:~/.ssh$ scp neo@server1.techpulp.com:.ssh/id_rsa ./
5 root@server.joycodes.com's password: #再次输入服务器密码 将私钥下载到 ~/.ssh目录中
6 .ssh/id_rsa 100% 2587 2.5KB/s 00:00
7 joy:joys-macpro31:~/.ssh$ chmod 600 id_rsa
经过上面步骤后,在次运行 ssh root@server.joycodes.com后就可以直接登录到服务器而无需输入密码.
附capistrano文件
# this capistrano file is for enable ssh auto login
# run command => cap ssh_auto_login
# by joycodes@gmail.com
set :user, "root" # the user name login for remote server
set :password, "passwd" # login passwd for
role :app, "www.joycodes.com" # remote host
desc "this task is for set ssh auto login"
task :ssh_auto_login,:role => :app do
cmd =<<-COMMAND
cd ~/.ssh
ssh-keygen -t rsa
cat id_rsa.pub >> authorized_keys
chmod 600 authorized_keys
COMMAND
run cmd.split(/\n\s*/).join(' && ') do |channel, stream ,data|
logger.info data
if data =~ /Enter file in/
channel.send_data "\n"
elsif data =~ /Overwrite/
channel.send_data "y\n"
elsif data =~ /Enter same passphrase/
channel.send_data "\n"
elsif data =~ /Enter passphrase/
channel.send_data "\n"
end
end
get "/#{user}/.ssh/id_rsa", '/Users/joy/.ssh/id_rsa' #/User/joy is current local user home path
run_locally "chmod 600 ~/.ssh/id_rsa"
end
# run command => cap ssh_auto_login
# by joycodes@gmail.com
set :user, "root" # the user name login for remote server
set :password, "passwd" # login passwd for
role :app, "www.joycodes.com" # remote host
desc "this task is for set ssh auto login"
task :ssh_auto_login,:role => :app do
cmd =<<-COMMAND
cd ~/.ssh
ssh-keygen -t rsa
cat id_rsa.pub >> authorized_keys
chmod 600 authorized_keys
COMMAND
run cmd.split(/\n\s*/).join(' && ') do |channel, stream ,data|
logger.info data
if data =~ /Enter file in/
channel.send_data "\n"
elsif data =~ /Overwrite/
channel.send_data "y\n"
elsif data =~ /Enter same passphrase/
channel.send_data "\n"
elsif data =~ /Enter passphrase/
channel.send_data "\n"
end
end
get "/#{user}/.ssh/id_rsa", '/Users/joy/.ssh/id_rsa' #/User/joy is current local user home path
run_locally "chmod 600 ~/.ssh/id_rsa"
end
参考原文: http://techpulp.com/2009/04/how-to-enable-auto-login-for-ssh/
浙公网安备 33010602011771号