linux ssh设置密码
Automatic passwrod-less ssh login can make our life easier. To enable this, we have 2 options: using key-based authentication by copying our SSH public keys to the remote machines for automatic password-less login or using password-based authentication. I will introduce the 2 options in the post. Before you start, please note that key-based authentication is generally suggested when your working environment allows.
自动无密码ssh登录可以使我们的生活更轻松。 为实现此目的,我们有2个选项:通过将SSH公钥复制到远程计算机以进行自动无密码登录来使用基于密钥的身份验证,或使用基于密码的身份验证。 我将在帖子中介绍2个选项。 在开始之前,请注意,在您的工作环境允许的情况下,通常建议基于密钥的身份验证。
基于密钥的无密码ssh登录∞ (Key-based password-less ssh login ∞)
We introduce two methods in this post: using ssh-copy-id command and the manual way.
在本文中,我们介绍两种方法:使用ssh-copy-id命令和手动方法。
生成SSH密钥对 (Generate SSH key pair)
If you do not have a SSH private/public key pair yet, you can generate one first.
如果还没有SSH私钥/公钥对,则可以先生成一个。
$ ssh-keygen -t rsaBy default on Linux, the key pair is stored in ~/.ssh named id_rsa and id_rsa.pub for the private and public key.
在Linux上 ,默认情况下,密钥对存储在名为id_rsa和id_rsa.pub ~/.ssh以用作私钥和公钥。
将公共SSH密钥复制到远程计算机 (Copy public SSH key to the remote machine)
You have two choices here. Unless that you can not use the ssh-copy-id method, you can try the “manual” way.
您在这里有两个选择。 除非不能使用ssh-copy-id方法,否则可以尝试“手动”方式。
最简单的方法 (The easiest way)
Let ssh-copy-id do it automatically:
让ssh-copy-id自动执行:
$ ssh-copy-id username@remotemachineIf you have multiple keys in your ~/.ssh directory, you may need to use -i key_file to specify which key you will use.
如果~/.ssh目录中有多个密钥,则可能需要使用-i key_file来指定要使用的密钥。
手动方式 (The manual way)
Copy the public SSH key to remote machine
将公用SSH密钥复制到远程计算机
$ scp .ssh/id_rsa.pub username@remotemachine:/tmp/Log on the remote machine
登录远程机器
$ ssh username@remotemachineAppend your public SSH key to ~/.ssh/authorized_keys
将您的公共SSH密钥附加到〜/ .ssh / authorized_keys
# backing up before changing is a good habit
$ cp ~/.ssh/authorized_keys ~/.ssh/authorized_keys.bak
# append pub key to authorized keys list
$ cat /dev/shm/id_rsa.pub >> ~/.ssh/authorized_keys
Make sure the mode of ~/.ssh/authorized_keys is 755:
确保〜/ .ssh / authorized_keys的模式为755:
$ chmod 755 ~/.ssh/authorized_keys可能的问题 (Possible Problems)
Some possible problems that prevent you from successfully setting up password-less login.
某些可能导致您无法成功设置无密码登录的问题。
目录/文件权限 (Directory/file permissions)
Home directory
Check the home directory’s permission which may cause the key-based login fail (suppose the home directory is /home/zma):
主目录
检查主目录的权限,这可能会导致基于密钥的登录失败(假设主目录为/ home / zma):
# chmod 700 /home/zma/~/.ssh permission
Make sure the .ssh directory’s permission is 755:
〜/ .ssh权限
确保.ssh目录的权限为755:
$ chmod 755 ~/.ssh/~/.ssh/authroized_keys permission
Make sure the .ssh directory’s permission is 755:
〜/ .ssh / authroized_keys权限
确保.ssh目录的权限为755:
$ chmod 755 ~/.ssh/authorized_keys~/.ssh/id_rsa and ~/.ssh/id_rsa.pub permission
Make sure the permission is 700 (others can work, but 700 is better for your private key, right?):
〜/ .ssh / id_rsa和〜/ .ssh / id_rsa.pub权限
确保许可为700(其他人可以使用,但私钥最好为700,对吗?):
$ chmod 700 ~/.ssh/id_rsa
$ chmod 700 ~/.ssh/id_rsa.pub基于密码的“无密码” ssh登录∞ (Password-based “password-less” ssh login ∞)
This method the login and authentication is still by password. However, we use a tool to help us input the password automatically. The tool is sshpass which works nicely.
此方法的登录和身份验证仍通过密码进行。 但是,我们使用工具来帮助我们自动输入密码。 该工具是sshpass ,效果很好。
The usage is very simple as follows by providing the password in command line:
通过在命令行中提供密码,用法非常简单,如下所示:
$ sshpass -p "your_password_here" ssh username@remotemachineor by providing the password in the first line of a file
或通过在文件的第一行中提供密码
$ sshpass -f /path/to/file_storing_your_password ssh username@remotemachineSecurity considerations: before using the sshpass, please read the “SECURITY CONSIDERATIONS” section of the sshpass man page to know the security problems and only use it when you can tolerate them.
安全注意事项:在使用sshpass之前,请阅读sshpass手册页的“安全注意事项”部分以了解安全问题,并仅在可以容忍的情况下使用它。
翻译自: https://www.systutorials.com/enabling-password-less-ssh-login/
linux ssh设置密码