http://blog.csdn.net/sunnyyoona/article/details/51689041
创建ssh-key
这里我们采用rsa方式,使用如下命令:
xiaosi@xiaosi:~$ ssh-keygen-t rsa-f~/.ssh/id_rsa
Generatingpublic/private rsa key pair.
Createddirectory'/home/xiaosi/.ssh'.
Enter passphrase (empty for no passphrase):
Entersame passphrase again:
Youridentification has been savedin/home/xiaosi/.ssh/id_rsa.
Yourpublic key has been savedin/home/xiaosi/.ssh/id_rsa.pub.
Thekey fingerprint is:
SHA256:n/sFaAT94A/xxxxxxxxxxxxxxxxxxxxxxxxiaosi@xiaosi
Thekey's randomart image is:
+---[xxxxx]----+
| o= .. .. |
| o.= .. .|
| *.* o .|
| +.4.=E+..|
| .SBo=. h+ |
| ogo..oo. |
| or +j..|
| ...+o=.|
| ... o=+|
+----[xxxxx]-----+
备注:
这里会提示输入pass phrase,一定不要输入任何字符,回车即可。
xiaosi@xiaosi:~$ cat~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys
备注:
记得要把authorized_keys文件放到.ssh目录下,与rsa等文件放在一起,否则免登录失败,debug如下(ssh -vvv localhost进行调试,查找错误原因):
xiaosi@xiaosi:~$ ssh-vvv localhost
OpenSSH_7.2p2Ubuntu-4ubuntu1,OpenSSL1.0.2g-fips1Mar2016
debug1:Readingconfiguration data/etc/ssh/ssh_config
debug1:/etc/ssh/ssh_config line19:Applyingoptionsfor*
debug2:resolving"localhost"port22
debug2:ssh_connect_direct:needpriv0
debug1:Connectingto localhost[127.0.0.1]port22.
debug1:Connectionestablished.
debug1:identity file/home/xiaosi/.ssh/id_rsa type1
debug1:key_load_public:Nosuch file or directory
debug1:identity file/home/xiaosi/.ssh/id_rsa-cert type-1
debug1:key_load_public:Nosuch file or directory
debug1:identity file/home/xiaosi/.ssh/id_dsa type-1
debug1:key_load_public:Nosuch file or directory
debug1:identity file/home/xiaosi/.ssh/id_dsa-cert type-1
debug1:key_load_public:Nosuch file or directory
debug1:identity file/home/xiaosi/.ssh/id_ecdsa type-1
debug1:key_load_public:Nosuch file or directory
debug1:identity file/home/xiaosi/.ssh/id_ecdsa-cert type-1
debug1:key_load_public:Nosuch file or directory
debug1:identity file/home/xiaosi/.ssh/id_ed25519 type-1
debug1:key_load_public:Nosuch file or directory
debug1:identity file/home/xiaosi/.ssh/id_ed25519-cert type-1
debug1:Enablingcompatibility modeforprotocol2.0
debug1:Localversion string SSH-2.0-OpenSSH_7.2p2Ubuntu-4ubuntu1
debug1:Remoteprotocol version2.0,remote software versionOpenSSH_7.2p2Ubuntu-4ubuntu1
debug1:match:OpenSSH_7.2p2Ubuntu-4ubuntu1patOpenSSH*compat0x04000000
debug2:fd3setting O_NONBLOCK
debug1:Authenticatingto localhost:22as'xiaosi'
debug3:hostkeys_foreach:reading file"/home/xiaosi/.ssh/known_hosts"
debug3:record_hostkey:found key type ECDSAinfile/home/xiaosi/.ssh/known_hosts:1
debug3:load_hostkeys:loaded1keys from localhost
debug3:order_hostkeyalgs:prefer hostkeyalgs:ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521
debug3:send packet:type20
debug1:SSH2_MSG_KEXINIT sent
debug3:receive packet:type20
debug1:SSH2_MSG_KEXINIT received
debug2:localclient KEXINIT proposal
debug2:KEX algorithms:curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2:host key algorithms:ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2:ciphers ctos:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2:ciphers stoc:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2:MACsctos:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2:MACsstoc:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2:compression ctos:none,zlib@openssh.com,zlib
debug2:compression stoc:none,zlib@openssh.com,zlib
debug2:languages ctos:
debug2:languages stoc:
debug2:first_kex_follows0
debug2:reserved0
debug2:peer server KEXINIT proposal
debug2:KEX algorithms:curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2:host key algorithms:ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2:ciphers ctos:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2:ciphers stoc:chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2:MACsctos:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2:MACsstoc:umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2:compression ctos:none,zlib@openssh.com
debug2:compression stoc:none,zlib@openssh.com
debug2:languages ctos:
debug2:languages stoc:
debug2:first_kex_follows0
debug2:reserved0
debug1:kex:algorithm:curve25519-sha256@libssh.org
debug1:kex:host key algorithm:ecdsa-sha2-nistp256
debug1:kex:server->client cipher:chacha20-poly1305@openssh.com MAC:compression:none
debug1:kex:client->server cipher:chacha20-poly1305@openssh.com MAC:compression:none
debug3:send packet:type30
debug1:expecting SSH2_MSG_KEX_ECDH_REPLY
debug3:receive packet:type31
debug1:Serverhost key:ecdsa-sha2-nistp256 SHA256:378enl3ckhdpObP8fnsHr1EXz4d1q2Jde+jUplkub/Y
debug3:hostkeys_foreach:reading file"/home/xiaosi/.ssh/known_hosts"
debug3:record_hostkey:found key type ECDSAinfile/home/xiaosi/.ssh/known_hosts:1
debug3:load_hostkeys:loaded1keys from localhost
debug1:Host'localhost'is known and matches the ECDSA host key.
debug1:Foundkeyin/home/xiaosi/.ssh/known_hosts:1
debug3:send packet:type21
debug2:set_newkeys:mode1
debug1:rekey after134217728blocks
debug1:SSH2_MSG_NEWKEYS sent
debug1:expecting SSH2_MSG_NEWKEYS
debug3:receive packet:type21
debug2:set_newkeys:mode0
debug1:rekey after134217728blocks
debug1:SSH2_MSG_NEWKEYS received
debug2:key:/home/xiaosi/.ssh/id_rsa(0x5602df5e80c0)
debug2:key:/home/xiaosi/.ssh/id_dsa((nil))
debug2:key:/home/xiaosi/.ssh/id_ecdsa((nil))
debug2:key:/home/xiaosi/.ssh/id_ed25519((nil))
debug3:send packet:type5
debug3:receive packet:type7
debug1:SSH2_MSG_EXT_INFO received
debug1:kex_input_ext_info:server-sig-algs=
debug3:receive packet:type6
debug2:service_accept:ssh-userauth
debug1:SSH2_MSG_SERVICE_ACCEPT received
debug3:send packet:type50
debug3:receive packet:type51
debug1:Authenticationsthat cancontinue:publickey,password
debug3:start over,passed a different list publickey,password
debug3:preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3:authmethod_lookup publickey
debug3:remaining preferred:keyboard-interactive,password
debug3:authmethod_is_enabled publickey
debug1:Nextauthentication method:publickey
debug1:OfferingRSA public key:/home/xiaosi/.ssh/id_rsa
debug3:send_pubkey_test
debug3:send packet:type50
debug2:we sent a publickey packet,waitforreply
debug3:receive packet:type51
debug1:Authenticationsthat cancontinue:publickey,password
debug1:Tryingprivate key:/home/xiaosi/.ssh/id_dsa
debug3:no such identity: /home/xiaosi/.ssh/id_dsa: No such file or directory
debug1:Tryingprivate key:/home/xiaosi/.ssh/id_ecdsa
debug3:no such identity: /home/xiaosi/.ssh/id_ecdsa: No such file or directory
debug1:Tryingprivate key:/home/xiaosi/.ssh/id_ed25519
debug3:no such identity: /home/xiaosi/.ssh/id_ed25519: No such file or directory
debug2:we did not send a packet,disable method
debug3:authmethod_lookup password
debug3:remaining preferred:,password
debug3:authmethod_is_enabled password
debug1:Nextauthentication method:password
xiaosi@localhost's password:
xiaosi@xiaosi:~$ ssh localhost
Theauthenticity of host'localhost (127.0.0.1)'can't be established.
ECDSA key fingerprint is SHA256:378enl3ckhdpObP8fnsHr1EXz4d1q2Jde+jUplkub/Y.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
sign_and_send_pubkey: signing failed: agent refused operation
xiaosi@localhost's password:
我们可以看到还是让我输入密码,很大可能是authorized_keys文件权限的问题,我们给该文件赋予一定权限:
xiaosi@xiaosi:~$ chmod600~/.ssh/authorized_keys
再次验证:
xiaosi@xiaosi:~$ ssh localhost
WelcometoUbuntu16.04LTS(GNU/Linux4.4.0-24-generic x86_64)
*Documentation:https://help.ubuntu.com/
0个可升级软件包。
0个安全更新。
Lastlogin:ThuJun1608:05:502016from127.0.0.1
到此表示OK了。
备注:
或者第一次需要输入密码,以后再次登陆就不需要输入密码了。
有更明白的小伙伴可以指导一下。。。。。。
