http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id

You can login to a remote Linux server without entering password in 3 simple steps using ssky-keygen and ssh-copy-id as explained in this article.

ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host’s home, ~/.ssh, and ~/.ssh/authorized_keys.

This article also explains 3 minor annoyances of using ssh-copy-id and how to use ssh-copy-id along with ssh-agent.

Step 1: Create public and private keys using ssh-key-gen on local-host

jsmith@local-host$ [Note: You are on local-host here]

jsmith@local-host$ ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/jsmith/.ssh/id_rsa):[Enter key]

Enter passphrase (empty for no passphrase): [Press enter key]

Enter same passphrase again: [Pess enter key]

Your identification has been saved in /home/jsmith/.ssh/id_rsa.

Your public key has been saved in /home/jsmith/.ssh/id_rsa.pub.

The key fingerprint is:

33:b3:fe:af:95:95:18:11:31:d5:de:96:2f:f2:35:f9 jsmith@local-host

Step 2: Copy the public key to remote-host using ssh-copy-id

jsmith@local-host$ ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host

jsmith@remote-host's password:

Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Note: ssh-copy-id appends the keys to the remote-host’s .ssh/authorized_key.

Step 3: Login to remote-host without entering the password

jsmith@local-host$ ssh remote-host

Last login: Sun Nov 16 17:22:33 2008 from 192.168.1.2

[Note: SSH did not ask for password.]

jsmith@remote-host$ [Note: You are on remote-host here]


The above 3 simple steps should get the job done in most cases.

We also discussed earlier in detail about performing SSH and SCP from openSSH to openSSH without entering password.

If you are using SSH2, we discussed earlier about performing SSH and SCP without password from SSH2 to SSH2 , from OpenSSH to SSH2 and from SSH2 to OpenSSH.

Using ssh-copy-id along with the ssh-add/ssh-agent

When no value is passed for the option -i and If ~/.ssh/identity.pub is not available, ssh-copy-id will display the following error message.

jsmith@local-host$ ssh-copy-id -i remote-host

/usr/bin/ssh-copy-id: ERROR: No identities found


If you have loaded keys to the ssh-agent using the ssh-add, then ssh-copy-id will get the keys from the ssh-agent to copy to the remote-host. i.e, it copies the keys provided by ssh-add -L command to the remote-host, when you don’t pass option -i to the ssh-copy-id.

jsmith@local-host$ ssh-agent $SHELL



jsmith@local-host$ ssh-add -L

The agent has no identities.

jsmith@local-host$ ssh-add

Identity added: /home/jsmith/.ssh/id_rsa (/home/jsmith/.ssh/id_rsa)

jsmith@local-host$ ssh-add -L

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsJIEILxftj8aSxMa3d8t6JvM79DyBV

aHrtPhTYpq7kIEMUNzApnyxsHpH1tQ/Ow== /home/jsmith/.ssh/id_rsa

jsmith@local-host$ ssh-copy-id -i remote-host

jsmith@remote-host's password:

Now try logging into the machine, with "ssh 'remote-host'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[Note: This has added the key displayed by ssh-add -L]

Three Minor Annoyances of ssh-copy-id

Following are few minor annoyances of the ssh-copy-id.

    1. Default public key: ssh-copy-id uses ~/.ssh/identity.pub as the default public key file (i.e when no value is passed to option -i). Instead, I wish it uses id_dsa.pub, or id_rsa.pub, or identity.pub as default keys. i.e If any one of them exist, it should copy that to the remote-host. If two or three of them exist, it should copy identity.pub as default.
    2. The agent has no identities: When the ssh-agent is running and the ssh-add -L returns “The agent has no identities” (i.e no keys are added to the ssh-agent), the ssh-copy-id will still copy the message “The agent has no identities” to the remote-host’s authorized_keys entry.
    3. Duplicate entry in authorized_keys: I wish ssh-copy-id validates duplicate entry on the remote-host’s authorized_keys. If you execute ssh-copy-id multiple times on the local-host, it will keep appending the same key on the remote-host’s authorized_keys file without checking for duplicates. Even with duplicate entries everything works as expected. But, I would like to have my authorized_keys file clutter free.

3 Steps to Perform SSH Login Without Password Using ssh-keygen & ssh-copy-id的更多相关文章

  1. SSH login without password

    SSH login without password Your aim You want to use Linux and OpenSSH to automize your tasks. Theref ...

  2. 【转载】SSH login without password 免密登陆

    Your aim You want to use Linux and OpenSSH to automate your tasks. Therefore you need an automatic l ...

  3. Passwordless SSH Login

    原文地址:http://manjeetdahiya.com/2011/03/03/passwordless-ssh-login/ Consider two machines A and B. We w ...

  4. Fixing ssh login long delay

    原文:http://injustfiveminutes.com/2013/03/13/fixing-ssh-login-long-delay/ For a long time I had a prob ...

  5. 无法连接 MKS: Login(username/password)incorrect

    升级到Vmware Workstation 12之后,客户端能连上虚拟机服务器,但却打不开共享的虚拟机,提示报错"无法连接 MKS: Login(username/password)inco ...

  6. 实现ssh的无password登录

    这里所说的ssh是指OpenSSH SSHclient.是用于登录远程主机.而且在远程主机上运行命令.它的目的是替换rlogin和rsh,同一时候在不安全的网络之上,两个互不信任的主机之间,提供加密的 ...

  7. ssh配置无password登录

    前提.机器A,B,均为RedHat Linux操作系统,均实用户user 1.以usernameuser登录,在A机器上运行 ssh-keygen -t rsa 一路回车.不须要输入password ...

  8. [异常解决] windows用SSH和linux同步文件&linux开启SSH&ssh client 报 algorithm negotiation failed的解决方法之一

    1.安装.配置与启动 SSH分客户端openssh-client和openssh-server 如果你只是想登陆别的机器的SSH只需要安装openssh-client(ubuntu有默认安装,如果没有 ...

  9. [转]使用ping钥匙临时开启SSH:22端口,实现远程安全SSH登录管理就这么简单

    原文链接:使用ping钥匙临时开启SSH:22端口,实现远程安全SSH登录管理就这么简单 这个留待后面玩一下,还是有安全隐患,非核心业务 临时用一下可以. 设置防火墙策略时,关于SSH:22访问权限, ...

随机推荐

  1. Django练习——TodoList

    TodoList是django入门一个比较基础的例程,主要参考如下博客,写的非常好: simple-todo: http://www.cnblogs.com/cacique/archive/2012/ ...

  2. android官方技术文档翻译——Case 标签中的常量字段

    本文译自androd官方技术文档<Non-constant Fields in Case Labels>,原文地址:http://tools.android.com/tips/non-co ...

  3. React Native之AppRegistry模块

    我们在写react native的js的时候,在最后总会加上一段代码: AppRegistry.registerComponent('ReactDemo', () => ReactDemo); ...

  4. Github最流行的10,000个Java项目使用的类库

    本文由 ImportNew - Andy.Song 翻译自 takipiblog.欢迎加入翻译小组.转载请见文末要求. 前言 作为Java开发人员,总是需要面临这门不断成熟.高速改进中的语言.开发人员 ...

  5. HTML入门笔记案例展示(1)

    一: html标签&html书写规则 Html 的标签 分为如下 这两种 : 单标签: 单标签一般 用于特殊的含义,  例如 :  <br/> 表示换行,  <hr/> ...

  6. EBS Concurrent Manager(并发管理器)异常处理[final]

    来自:http://blog.itpub.net/35489/viewspace-742191/ 有时候我们在通过 adstpall.sh 关闭应用后,然后再使用adstrtal.sh开启.发现并发 ...

  7. 运行React-Native项目

    首先需要配置好环境.集体配置安装Homebrew,Node.js,React Native; 命令行开启RN项目 (如要cd 进入到当前项目的跟目录下) 1. npm install 2. react ...

  8. Linux下编译GDAL

    一.准备工作 从官网下载GDAL.PROJ.4和GEOS,将其存放在/home/liml/Work/3rdPart目录并解压,如下图所示.下载地址请自行Google.注:使用的系统是CentOS6.4 ...

  9. 在Cocos2D中改变动态物体为静态物体

    原文链接,有压缩和简化 1.导入一个新的头文件 首先你要知道,不是所有Chimpunk特性都通过Cocos2d的类暴露出来,比如CCPhysicsNode和CCPhysicsBody.对于一些更高级的 ...

  10. 01_JNI是什么,为什么使用,怎么用JNI,Cygwin环境变量配置,NDK案例(使用Java调用C代码),javah命令使用

    1 什么是JNI JNI Java本地开发接口 JNI是一个协议,这个协议用来沟通java代码和外部的本地代码(C/C++) 通过这个协议,java代码就可以调用外部的C/C++代码,外部的C/C++ ...