如何设置公钥认证? [英] How do I setup Public-Key Authentication?
问题描述
如何为SSH设置公钥身份验证?
How do I setup Public-Key Authentication for SSH?
推荐答案
如果已安装SSH,则应该可以运行..
If you have SSH installed, you should be able to run..
ssh-keygen
然后按照步骤操作,您将有两个文件,id_rsa和id_rsa.pub(第一个是您的私钥,第二个是您的公钥-复制到远程计算机的一个)
Then go through the steps, you'll have two files, id_rsa and id_rsa.pub (the first is your private key, the second is your public key - the one you copy to remote machines)
然后,连接到要登录的远程计算机,并在文件~/.ssh/authorized_keys中添加该id_rsa.pub文件的内容.
Then, connect to the remote machine you want to login to, to the file ~/.ssh/authorized_keys add the contents of your that id_rsa.pub file.
哦,还有chmod 600所有id_rsa*文件(本地和远程),因此没有其他用户可以读取它们:
Oh, and chmod 600 all the id_rsa* files (both locally and remote), so no other users can read them:
chmod 600 ~/.ssh/id_rsa*
类似地,确保远程~/.ssh/authorized_keys文件也是chmod 600:
Similarly, ensure the remote ~/.ssh/authorized_keys file is chmod 600 also:
chmod 600 ~/.ssh/authorized_keys
然后,当您执行ssh remote.machine时,它应该询问您密钥的密码,而不是远程计算机.
Then, when you do ssh remote.machine, it should ask you for the key's password, not the remote machine.
为使它更易于使用,您可以使用ssh-agent将解密的密钥保存在内存中-这意味着您不必每次都键入密钥对的密码.要启动代理,请运行(包括反引号引起来的ssh-agent命令输出)
To make it nicer to use, you can use ssh-agent to hold the decrypted keys in memory - this means you don't have to type your keypair's password every single time. To launch the agent, you run (including the back-tick quotes, which eval the output of the ssh-agent command)
`ssh-agent`
在某些发行版中,ssh-agent自动启动.如果您运行echo $SSH_AUTH_SOCK并且它显示了一个路径(可能在/tmp/中),则它已经设置好了,因此您可以跳过前面的命令.
On some distros, ssh-agent is started automatically. If you run echo $SSH_AUTH_SOCK and it shows a path (probably in /tmp/) it's already setup, so you can skip the previous command.
然后添加您的密钥,
ssh-add ~/.ssh/id_rsa
,然后输入您的密码.它会一直存储,直到您将其删除(使用ssh-add -D命令,该命令将从代理中删除所有密钥)
and enter your passphrase. It's stored until you remove it (using the ssh-add -D command, which removes all keys from the agent)
这篇关于如何设置公钥认证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
