Copy from the following link
http://www.csua.berkeley.edu/~ranga/notes/ssh_nopass.html
The following steps can be used to ssh from one system to another without specifying a password.
Notes:
* The system from which the ssh session is started via the ssh command is the client.
* The system that the ssh session connects to is the server.
* These steps seem to work on systems running OpenSSH.
* The steps assume that a DSA key is being used. To use a RSA key substitute 'rsa' for 'dsa'.
* The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
* Some of this information came from:
http://www.der-keiler.de/Mailing-Lists/securityfocus/Secure_Shell/2002-12/0083.html
Steps:
1. On the client run the following commands:
$ mkdir -p $HOME/.ssh
$ chmod 0700 $HOME/.ssh
$ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P ''
This should result in two files, $HOME/.ssh/id_dsa (private key) and $HOME/.ssh/id_dsa.pub (public key).
Note:
The possible key type include the following choices (refer to the man page of ssh-keygen)
-t type
Specifies the type of key to create. The possible values are “rsa1” for protocol version
1 and “rsa” or “dsa” for protocol version 2.
DESCRIPTION of the ssh-keygen
ssh-keygen generates, manages and converts authentication keys for ssh(1). ssh-keygen can create
RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2.
The type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections.
2. Copy $HOME/.ssh/id_dsa.pub to the server.
3. On the server run the following commands:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2 (Or you can just copy the file id_dsa.pub as the name "authorized_keys", # cp $HOME/.ssh/id_dsa.pub $HOME/.ssh/authorized_keys)
$ chmod 0600 $HOME/.ssh/authorized_keys2
Depending on the version of OpenSSH the following commands may also be required:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys
$ chmod 0600 $HOME/.ssh/authorized_keys
An alternative is to create a link from authorized_keys2 to authorized_keys:
$ cd $HOME/.ssh && ln -s authorized_keys2 authorized_keys
4. On the client test the results by ssh'ing to the server:
$ ssh -i $HOME/.ssh/id_dsa server
5. (Optional) Add the following $HOME/.ssh/config on the client:
Host server
IdentityFile ~/.ssh/id_dsa
This allows ssh access to the server without having to specify the path to the id_dsa file as an argument to ssh each time.
Helpful manpages:
* ssh(1)
* ssh-keygen(1)
* ssh_config(5)
沒有留言:
張貼留言