Ubuntu和CentOS如何配置SSH使得无密码登陆

Ubuntu 和 CentOS 如何配置 SSH 使得无密码登陆 在使用 Hadoop 的时候, 一般配置 SSH 使得我们可以无密码登录到主机, 下面分别以 Ubuntu 和 CentOS 两个平台来举例说明如何配置 SSH 使得我们可以无密码登录到主机, 当然, 你得先安装好 SSH 服务器, 并开启 ( 关于如何在 Linux 平台下安装好 SSH 请参加本博客的 Linux 平台下安装 SSH )Ubuntu 配置步骤如下所示 : [wyp@localhost ~]$ ssh-keygen -t dsa -P '' Generating public/private dsa key pair. Enter file in which to save the key (/home/wyp/.ssh/id_dsa): Created directory '/home/wyp/.ssh'. Your identification has been saved in /home/wyp/.ssh/id_dsa. Your public key has been saved in /home/wyp/.ssh/id_dsa.pub. The key fingerprint is: bd:2c:ed:ab:6d:a9:b2:45:88:32:08:5a:d2:d9:ad:cc wyp@ubuntu The key's randomart image is: +--[ DSA 1024]----+. o. o +.. o+ o o.. o o E. S. o. o. o +... +o.oo++. +-----------------+ 这样就会在 wyp 用户的 /home/wyp/.ssh/ 目录下生成 id_dsa 和 id_dsa.pub 两个文件, 输出如下 : [wyp@ubuntu ~]$ cd /home/wyp/.ssh/ [wyp@ubuntu:~/.ssh]$ ls -l total 8 -rw------- 1 wyp wyp 668 2013-10-21 02:51 id_dsa -rw-r--r-- 1 wyp wyp 600 2013-10-21 02:51 id_dsa.pub 1 / 5

将 id_dsa.pub 里面的内容加到用于认证的公钥文件中, 命令如下 ( 注意 : 不要复制, 一定要用 cat 去操作, 不信你可以去试试 ): [wyp@ubuntu:~/.ssh]$ cat id_dsa.pub >> authorized_keys 可以将这个生成的 authorized_keys 拷贝到别的机器上面 [wyp@ubuntu:~/.ssh]$ cat ~/.ssh/authorized_keys \ ssh wyp@192.168.130.141 "cat - >> ~/.ssh/authorized_keys" 输入下面命令, 如果显示如下类似的信息, 就说明配置好了! [wyp@ubuntu:~/.ssh]$ ssh localhost The authenticity of host 'localhost (::1)' can't be established. RSA key fingerprint is 22:9b:94:45:dc:f0:c8:02:03:b2:a1:30:d3:04:92:01. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:12:07 UTC 2012 x86_64 GNU/linux Ubuntu 10.04.4 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 242 packages can be updated. 213 updates are security updates. New release 'precise' available. Run 'do-release-upgrade' to upgrade to it. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. [wyp@localhost ~]$ 但是实际上, 很多人都没有这么顺利的, 一般的问题都是文件权限设置的不对, 请把.ssh 和 a uthorized_keys 的访问权限分别设置为 755 个 600( 也就是只有自己对上面两个文件有写权限 ), 命令如下 : 2 / 5

[wyp@localhost ~]$ chmod 755 /home/wyp/.ssh [wyp@localhost ~]$ chmod 600 /home/wyp/.ssh/authorized_keys 假如这台服务器上面还有 test 用户, 如何使得 wyp 用户能够无密码登录到 test(ip 地址为 192.168.1 42.129) 呢? 执行下面命令 [wyp@localhost ~]$ cat /home/wyp/.ssh/id_dsa.pub ssh test@192.168.142.129 'cat - >> ~/.ssh/authorized_keys' 之后, 在 wyp 用户下执行下面命令 [wyp@localhost ~]$ ssh test@192.168.142.129 linux ubuntu 2.6.32-38-generic #83-Ubuntu SMP Wed Jan 4 11:12:07 UTC 2012 x86_64 GNU/linux Ubuntu 10.04.4 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 240 packages can be updated. 213 updates are security updates. New release 'precise' available. Run 'do-release-upgrade' to upgrade to it. Last login: Mon Oct 21 02:48:01 2013 from localhost [test@localhost ~]$ 如果出现上述类似的信息, 说明成功了! 登陆到 test 用户了 注意上面的信息只有第一次登录的时候才会显示, 以后登陆只会显示下面类似的信息 : [wyp@localhost ~]$ ssh test@192.168.142.129 Last login: Mon Oct 21 02:49:51 2013 from localhost [test@localhost ~]$ 3 / 5

上面是以 Ubuntu 平台为例子, 下面来说说怎么在 CentOS 平台上面配置,(CentOS 由于权限比 Ub untu 的更加严格, 所以配置起来比较麻烦 ), 首先, 我们需要设置一下 /etc/ssh/sshd_config 文件, 请将 /etc/ssh/sshd_config 文件中下面三行的注释去掉 : [root@localhost ~]# vim /etc/ssh/sshd_config RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile.ssh/authorized_keys 其余的步骤和开始的一样如下所示 : [wyp@localhost ~]$ ssh-keygen -t dsa -P '' Generating public/private dsa key pair. Created directory '/home/wyp/.ssh'. Your identification has been saved in /home/wyp/.ssh/dsa. Your public key has been saved in /home/wyp/.ssh/dsa.pub. The key fingerprint is: 15:57:37:f1:ee:05:26:3a:9e:e1:aa:b3:11:27:b3:1a wyp@localhost.localdomain The key's randomart image is: +--[ DSA 1024]----+....oo o.o.. o... o o + S + o * o +.. E o +. o.... o+. +-----------------+ [wyp@localhost ~]$ cat ~/.ssh/dsa.pub >> ~/.ssh/authorized_keys The authenticity of host 'localhost (127.0.0.1)' can't be established. RSA key fingerprint is f3:f8:0b:26:a1:8e:14:55:34:ec:cb:99:f8:70:2c:d3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (RSA) to the list of known hosts. Last login: Fri Aug 9 08:39:32 2013 from 192.168.142.1 [wyp@localhost ~]$ 好了, 配置完成了 4 / 5

Powered by TCPDF (www.tcpdf.org) Ubuntu 和 CentOS 如何配置 SSH 使得无密码登陆 如果登陆失败了, 可以通过 ssh 提供的一个参数查看错误的原因 [wyp@localhost ~]$ ssh -v localhost 如果 /etc/ssh/sshd_config 文件内容修改了,.ssh 和 authorized_keys 的权限都做了相应的修改, 但是还出现了下面的错误 Agent admitted failure to sign using the key. wyp@localhost's password: 可以用下面的方法解决 [wyp@localhost ~]$ ssh-add ~/.ssh/id_dsa Identity added: /home/wyp/.ssh/id_dsa (/home/wyp/.ssh/id_dsa) Last login: Fri Oct 25 10:50:46 2013 from localhost.localdomain id_dsa 文件是上面 ssh-keygen -t dsa -P '' 生成的 本博客文章除特别声明, 全部都是原创! 转载本文请加上 : 转载自过往记忆 (https://www.iteblog.com/) 本文链接 : () 5 / 5