今天讲讲ssh-agent

先来张图:

尽管期望无密码登录,但无口令的密钥不是一个好的选择(运行在本地伪分布式时,不防使用一个空的口令)。因此当使用ssh-keygen生成密钥对时,不防设置一个口令。然后使用ssh-agent以免每个连接逐一输入密码。

以下是ssh-agent的使用示例:

步1:登录linux

> ssh 192.168.56.81

步2:生成带有密码的ssh密钥对

Generating public/private rsa key pair.

Enter file in which to save the key (/home/wangjian/.ssh/id_rsa):

Created directory '/home/wangjian/.ssh'.

Your identification has been saved in /home/wangjian/.ssh/id_rsa.

Your public key has been saved in /home/wangjian/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:sKfzklrYrRm/JNSqtHfFsIFgibZlBZylSsPElyjO6X0 wangjian@cent81

The key's randomart image is:

+---[RSA 2048]----+

| ..+.Bo |

|.o= @. |

|oo=*.... |

| =.o .+o |

|. o o S= |

| . . E =. o |

| + O.o. |

| . ++X. |

| +ooo+. |

+----[SHA256]-----+

步3:将公钥copy到待登录的服务器上

使用ssh-copy-id将公钥拷贝到指定的服务器上,命令:ssh-copy-id ip或主机名

[wangjian@cent81 ~]$ ssh-copy-id cent81

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/wangjian/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

wangjian@cent81's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'cent81'"

and check to make sure that only the key(s) you wanted were added.

步4:测试在没有使用ssh-agent时必须要输入私钥的密码才可以登录

[wangjian@cent81 ~]$ ssh cent81

Enter passphrase for key '/home/wangjian/.ssh/id_rsa':这儿要求输入id_rsa的密码后才可以登录成功

Last login: Sat Jun 2 21:53:17 2018 from cent81

步5:启动ssh-agent

使用ssh-agent bash将启动一个ssh-agent,同时打开一个新的ssh会话。所以,如果要退出这个ssh-agent只要执行exit就可以退出前一次登录的bash。

[wangjian@cent81 ~]$ ssh-agent bash

步6:将私钥添加到ssh-agent的缓存

使用ssh-add keys可以将私钥添加到ssh-agent的缓存。

[wangjian@cent81 ~]$ ssh-add ~/.ssh/id_rsa

Enter passphrase for /home/wangjian/.ssh/id_rsa:这儿要求输出id_rsa私钥的密码

Identity added: /home/wangjian/.ssh/id_rsa (/home/wangjian/.ssh/id_rsa)

添加以后,可以使用ssh-add -l显示添加到ssh-agent缓存中的私钥列表:

[wangjian@cent81 ~]$ ssh-add -l

2048 SHA256:sKfzklrYrRm/JNSqtHfFsIFgibZlBZylSsPElyjO6X0 /home/wangjian/.ssh/id_rsa (RSA)

步7:现在就可以在ssh-agent代理下不用再输入密码登录了

[wangjian@cent81 ~]$ ssh cent81

Last login: Sat Jun 2 21:55:50 2018 from cent81

步8:退出两次结束ssh-agent

[wangjian@cent81 ~]$ exit在ssh-agent代理下,使用exit登出ssh-agent的bash

exit

[wangjian@cent81 ~]$ ssh cent81现在再使用ssh登录服务器就必须要输入id_rsa的密码了

Enter passphrase for key '/home/wangjian/.ssh/id_rsa':

Last login: Sat Jun 2 22:02:17 2018 from cent81

由于没有在ssh-agent的bash里面,所以,无法执行ssh-add命令:

[wangjian@cent81 ~]$ ssh-add -l

Could not open a connection to your authentication agent.

更多命令:

启动ssh-agent:ssh-agent bash

关闭ssh-agent:ssh-agent -k或直接exit退出ssh-agent的bash。

将私钥添加到ssh-agent代理:ssh-add ~/.ssh/key_name

查看代理中的私钥:ssh-add -l

查看代理中私钥对应的公钥:ssh-add -L

删除指定的私钥:ssh-add -d ~/.ssh/key_name

删除示例:

[wangjian@cent81 ~]$ ssh-add -d ~/.ssh/id_rsa

Identity removed: /home/wangjian/.ssh/id_rsa (wangjian@cent81)

删除代理中的所有私钥:ssh-add -D

删除所有示例:

[wangjian@cent81 ~]$ ssh-add -D

All identities removed.

欢迎关注:

  • 发表于:
  • 原文链接https://kuaibao.qq.com/s/20180602G1MEX600?refer=cp_1026
  • 腾讯「腾讯云开发者社区」是腾讯内容开放平台帐号(企鹅号)传播渠道之一,根据《腾讯内容开放平台服务协议》转载发布内容。
  • 如有侵权,请联系 cloudcommunity@tencent.com 删除。

扫码关注腾讯云开发者

领取腾讯云代金券