使用ssh-agent将ssh插入远程服务器,而无需键入密码。
使用ssh-agent将ssh插入远程服务器,而无需键入密码。
提问于 2019-11-26 23:55:49
我正在尝试将ssh-agent用于ssh到远程服务器中。
我知道,当我将本地主机的public_key添加到远程服务器的./ssh/authorized_keys中时,我可以在不输入密码的情况下将ssh添加到服务器中。
但是,我尝试使用ssh-agent来完成这个任务,因为我需要在Jenkins管道中将ssh放到远程服务器中。在詹金斯做之前,我试着在本地做。
我所做的是
eval $(ssh-agent -s)
chmod 600 ./key_key2.key
ssh-add ./key_key2.key
ssh root@ docker ps -v其中key_key2.key包含远程服务器的private_key。
这还是让我输入密码。这样做对吗?
我觉得使用ssh-agent是在跳过将public_key添加到远程服务器的authorized_keys的部分,但我认为跳过该部分是使用public_key的要点之一。
回答 1
Unix & Linux用户
发布于 2019-11-27 02:36:13
让我们假设ServerA是家中的计算机,而ServerB是远程服务器。为了通过公钥/私钥进行连接,我们需要在ServerA上创建一组密钥。请注意,我没有输入密码。
ServerA $ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:11tmtkpYjGCPLc8I59kV1QySEYfwpJt76BDMX01aTkU admin@localhost
The key's randomart image is:
+---[RSA 4096]----+
| ..==+=E|
| +o+ .o|
| o . o + |
| + = * O |
| . S B B B |
| + @ B * . |
| = O + . |
| o o . |
| . . |
+----[SHA256]-----+如您所见,密钥是在/home/admin/..ssh/id_rsa(私钥)和/home/admin/..ssh/id_rsa.PUB(公钥)生成的。
现在,我们登录到ServerB,并将公钥从ServerA添加到~/..ssh/ authorized_keys _authorized_keys中。
ServerA $ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP4BIiaHUm6Ow9SGFOdHpsaAu2odnBLfDu5YjwQeESLe7ubfQ62v21PXKAJUVS0ZcAN7KfAfHv+f8Los8GE7NhAJUeOB18YpaQohLVaajKb0pSJnAfcYMqH38Ouq3Q23GA61ZqUF4o3pJpRf9O2V/qpIkGQtMZ1/EbYApvh0y+MSlmrDHNjm6n6LO1P31WqsAwzTlZilcaDJTDu3ILW+bd+b1LzMr2oQUPnrc2YIiGRt8PvvM5YcGfN9/4D1vKyLNgF3c+KhbEapsoxfsGmEl1Z+jR/ldep0jwEh7XVXAMrLWhtUdi/a40R0Zisj3b27gfrQLmEMBOS4X0nfDJ9/QoxVl16SwZWxFuDX1xV/n2XIAg1OQ== admin@localhost将ServerA的输出复制到ServerB authorized_keys中。
ServerB $ cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP4BIiaHUm6Ow9SGFOdHpsaAu2odnBLfDu5YjwQeESLe7ubfQ62v21PXKAJUVS0ZcAN7KfAfHv+f8Los8GE7NhAJUeOB18YpaQohLVaajKb0pSJnAfcYMqH38Ouq3Q23GA61ZqUF4o3pJpRf9O2V/qpIkGQtMZ1/EbYApvh0y+MSlmrDHNjm6n6LO1P31WqsAwzTlZilcaDJTDu3ILW+bd+b1LzMr2oQUPnrc2YIiGRt8PvvM5YcGfN9/4D1vKyLNgF3c+KhbEapsoxfsGmEl1Z+jR/ldep0jwEh7XVXAMrLWhtUdi/a40R0Zisj3b27gfrQLmEMBOS4X0nfDJ9/QoxVl16SwZWxFuDX1xV/n2XIAg1OQ== admin@localhost现在在serverA上加载ssh代理并添加私钥。
eval $(ssh-agent)
ServerA $ ssh-add ~/.ssh/id_rsa
Identity added: /home/admin/.ssh/id_rsa (/home/admin/.ssh/id_rsa)
ServerA $ ssh admin@someip.com
The authenticity of host '[someIP.com]:2220 ([xx.xxx.xxx.xxx]:2220)' can't be established.
ECDSA key fingerprint is SHA256:K6nMI2Dxb7t6oj00HlKmPCCuGorgQoBJCeXB31B9VTY.
ECDSA key fingerprint is MD5:aa:20:4f:08:bb:5d:c5:8e:fd:cb:4c:5f:b9:3b:44:59.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[someIP.com]:2220 ([xx.xxx.xxx.xxx]:2220)' (ECDSA) to the list of known hosts.
Last login: Tue Nov 26 21:20:14 2019
admin@mail ~]$页面原文内容由Unix & Linux提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://unix.stackexchange.com/questions/554324
复制相关文章
相似问题
腾讯云开发者
