为什么我进入ssh-agent和ssh-add后还是要输入密码? [英] Why do I still have to enter password after I entered ssh-agent and ssh-add?

问题描述

我正在安装文档中学习 Ansible:http://docs.ansible.com/intro_getting_started.html

I'm learning Ansible, in a setup document : http://docs.ansible.com/intro_getting_started.html

它说如果我不想每次都输入密码，我可以这样做:

It says if I don't want to enter password every time, I can do :

$ ssh-agent bash
$ ssh-add ~/.ssh/id_rsa

我做到了，但为什么每次都需要输入密码?然后它说你可能希望使用 Ansible 的 --private-key 选项"，但我找不到任何关于它的文档.这是为了什么以及如何做到这一点?

I did it, but how come I still have to enter password every time ? Then it says "you may wish to use Ansible’s --private-key option", but I can't find any document on that. Whay's that for and how to do it ?

推荐答案

我对 Ansible 不太了解，但我对 ssh 密钥的工作原理有所了解

I'm not sure about Ansible, but I know a bit about how ssh keys work

当您使用 ssh-keygen 命令(默认情况下会转到 ~/.ssh/id_rsa 文件)生成新的 SSH 密钥时，它会要求您输入密码(密码)
每当您使用该密钥时，它都会要求您输入密码.

When you generate a new SSH key with the ssh-keygen command (which by default goes to the ~/.ssh/id_rsa file), it asks you to put in a passphrase(password)
Whenever you use that key, it will ask you for that passphrase.

如果您使用

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): /home/YOUR_USERNAME/.ssh/id_rsa_nopass
Enter passphrase (empty for no passphrase): [just press enter, don't type anything]
Enter same passphrase again: [just press enter again]

这将在您选择的目录 (/home/user/.ssh) 中创建 id_rsa_nopass 私钥文件和 id_rsa_nopass.pub 公钥文件

This will create both an id_rsa_nopass private key file, and an id_rsa_nopass.pub public key file in the directory you chose (/home/user/.ssh)

然后您应该能够使用以下命令，假设 ansible 设置为正确使用您的 ssh 密钥

You should then be able to use the following command, assuming ansible is set up to use your ssh keys correctly

$ ssh-add ~/.ssh/id_rsa_nopass

注意:使用没有密码短语的 ssh 密钥可能很危险，因为任何人都可以在不知道密码的情况下访问您的设备并进行连接.如果您不介意这一点，那么无密码 ssh 密钥是避免每个人都输入密码的好方法

NOTE: Using an ssh key without a passphrase can be dangerous, as anybody can access your device and connect without knowing your password. If you don't mind this, then a no-passphrase ssh key is a good way to avoid typing a password everyone

只是稍微研究了一下 Ansible，它的基本设置只是在 ssh 服务器上运行命令，对吗?
在这种情况下，您可能需要将您的公钥添加到您要连接的任何服务器，这通常可以通过命令来完成

edit: Just looked into Ansible a bit, it's basic setup is just to run a command on an ssh server, right?
In which case, you may need to add your public key to whichever server you are connecting to, this can usually be done via the command

ssh-copy-id -i /path/to/your/public/key/file yourname@yourserver.com -p your_server's_ssh_port

例如，要将之前的 id_rsa_nopass 密钥授权给服务器 example.org 上的帐户 foobar，您可以使用 ssh 端口 10022

For example, to authorize the id_rsa_nopass key from earlier to the account foobar on the server example.org, with ssh port 10022 you would do

ssh-copy-id -i ~/.ssh/id_rsa_nopass.pub foobar@example.org -p 10022

这将提示您输入 foobar@example.org 的密码，在填写密码后，它将授权该公钥连接到该服务器，并且由于 id_rsa_nopass 没有密码，您现在应该能够在没有任何密码的情况下进行连接密码提示

This will prompt you for the password to foobar@example.org, upon filling in the password it will authorize that public key to connect to that server, and since id_rsa_nopass has no passphrase, you should now be able to connect without any password prompt

这篇关于为什么我进入ssh-agent和ssh-add后还是要输入密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！