Answers:
您需要SSH公钥,而您将需要ssh私钥。可以使用生成密钥ssh_keygen
。私钥必须保留在服务器1上,而公钥必须存储在服务器2上。
这在openssh的手册页中有完整描述,因此我将引用很多。您应该阅读“身份验证”部分。另外,openSSH手册也应该很有帮助:http : //www.openssh.org/manual.html
请注意ssh,因为这会影响服务器的安全性。
来自man ssh
:
~/.ssh/identity
~/.ssh/id_dsa
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not acces-
sible by others (read/write/execute). ssh will simply ignore a
private key file if it is accessible by others. It is possible
to specify a passphrase when generating the key which will be
used to encrypt the sensitive part of this file using 3DES.
~/.ssh/identity.pub
~/.ssh/id_dsa.pub
~/.ssh/id_rsa.pub
Contains the public key for authentication. These files are not
sensitive and can (but need not) be readable by anyone.
这意味着您可以将私钥存储在.ssh的主目录中。另一种可能性是通过-i
参数开关告诉ssh 使用特殊的标识文件。也来自man ssh
:
-i identity_file
Selects a file from which the identity (private key) for RSA or
DSA authentication is read. The default is ~/.ssh/identity for
protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro-
tocol version 2. Identity files may also be specified on a per-
host basis in the configuration file. It is possible to have
multiple -i options (and multiple identities specified in config-
uration files).
这是专用密钥。现在,您需要在服务器2上引入您的公钥。再次引用man ssh
:
~/.ssh/authorized_keys
Lists the public keys (RSA/DSA) that can be used for logging in
as this user. The format of this file is described in the
sshd(8) manual page. This file is not highly sensitive, but the
recommended permissions are read/write for the user, and not
accessible by others.
实现此目的最简单的方法是将文件复制到Server 2并将其附加到authorized_keys文件:
scp -p your_pub_key.pub user@host:
ssh user@host
host$ cat id_dsa.pub >> ~/.ssh/authorized_keys
ssh守护程序必须允许通过公钥进行授权,请参见man ssh_config
。通常,可以通过将以下语句添加到配置文件中来完成此操作:
PubkeyAuthentication yes
ssh -i keyfile
谢谢!
ssh-copy-id
:ssh-copy-id -i ~/.ssh/foo.id_rsa remote.example.com
。
ssh-add
您要在要连接的计算机上创建密钥后需要运行的情况。这就是让大多数人头痛的原因。
$ ssh -i ~/.ssh/id_rsa myuser@ssh.myhost.com
出现错误, myuser@ssh.myhost.com: Permission denied (publickey).
我创建了密钥,使用本地ssh-add
添加了密钥,并作为授权密钥添加到了远程服务器上。
我使用ssh和-i选项在此处添加密钥。
如果要通过.sh文件传递arg1,arg2,则只需在.sh文件之后传递它,并使用使用空间将其分开。
ssh -i home/avr/new.pem ar@231.221.54.8 "/var/www/beta/betatolive.sh mmin 30"
chmod 600 home/avr/new.pem
ssh-copy-id user@machine