Reprint SSH Automatic Login

Reprint Address: http://blog.csdn.net/netzsm/archive/2007/09/13/1783055.aspx

1. Automatic Ssh/scp method = =

A is a local host (that is, a machine used to control other hosts);
b is a remote host (that is, a controlled machine server), if IP is 192.168.60.110;
Both A and B systems are Linux.

To run a command on a:
# ssh-keygen-t RSA (three consecutive returns, that is, the public and private keys are generated locally, no password is set)
# SSH root@192.168.60.110 "mkdir. SSH" (Requires a password)
# SCP ~/.ssh/id_rsa.pub root@192.168.60.110:.ssh/id_rsa.pub (need to enter password)

The Order on B:
# Touch/root/.ssh/authorized_keys (If this file is already present, skip this one)
# cat/root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys (append id_rsa.pub content to Authorized_keys)

Back to a machine:
# SSH root@192.168.60.110 (no password required, login successful)

2. Control n machines as described above automatic login
That requires n-pair keys (keys and public keys), and the Ssh-keygen command can change the name of the key pair arbitrarily, such as:
# ssh-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA):/root/.ssh/id_rsa_192.168.60.110

The private key and the public key name are: Id_rsa_192.168.60.110 and id_rsa_192.168.60.110.pub, and then the contents of the Id_rsa_192.168.60.110.pub file are appended to the sever ~/. Ssh/authorized_keys file, and finally, locally use the SSH command-i parameter to specify the local key and log in:
# ssh-i/root/.ssh/id_rsa_192.168.60.110 someone@192.168.60.110

The SCP is the same.
# scp-i/root/.ssh/id_rsa_192.168.60.110 filename someone@192.168.60.110:/home/someone

Add two lines to the file. BASHRC, and do the same thing each time without typing this long command:
Alias Sshcell= ' ssh-i/root/.ssh/id_rsa_192.168.60.110 someone@192.168.60.110 '
Alias scpcell= ' scp-i/root/.ssh/id_rsa_192.168.60.110 filename someone@192.168.60.110:/home/someone '

In this way, type the instructions directly to implement SSH and SCP automatic logon:
# Sshcell
# Scpcell

3. Automatic SSH/SCP Script
If you need to from a, to B, and then to C, then need SSH and SCP two times, is more troublesome.
SSH Automatic Login:
#!/usr/bin/expect-f
Set Timeout 30
Spawn ssh Weiqiong@b
Expect "Password:"
Send "pppppp\r"
Expect "]*"
Send "SSH weiqiong@c\r"
Expect "Password:"
Send "pppppp\r"
Interact

SCP copies files from a to C:
#!/usr/bin/expect-f
Set Timeout 300
Set file [lindex $argv 0]
Spawn SCP $file Weiqiong@b:/home/weiqiong
Expect "Password:"
Send "pppppp\r"
Expect "]*"
Spawn ssh Weiqiong@b
Expect "Password:"
Send "pppppp\r"
Expect "]*"
Send "SCP $file weiqiong@c:/home/weiqiong\r"
Expect "Password:"
Send "pppppp\r"
Expect "]*"
Exit
Interact

SCP copies files from C to a:
#!/usr/bin/expect-f
Set Timeout 300
Set file [lindex $argv 0]
Spawn ssh Weiqiong@b
Expect "Password:"
Send "pppppp\r"
Expect "]*"
Send "SCP weiqiong@c:/home/weiqiong/$file. \ r"
Expect "Password:"
Send "pppppp\r"
Expect "]*"
Send "exit\r"
Expect "]*"
Spawn SCP weiqiong@b:/home/weiqiong/$file.
Expect "Password:"
Send "pppppp\r"
Interact

4. Establishment of SSH/SCP Channel
For example, my machine is a, intermediate server is B, the target server is c<br>
From a can ssh to B, from B can ssh to C, but a cannot ssh directly to c<br>
Now demonstrates using SSH channel technology to transfer files directly from a to c<br>
1. Ssh-l1234:c:22 userid@b<br>
Input B ' s password<br>
(1234 is a free port for native A, which requires root user rights on a machine, and actually establishes a channel on the native 1234 port) <br>

2. Open a new console, type:<br>
scp-p1234 filename userid@localhost:<br>
Input C ' s password

This article from Csdn Blog, reproduced please indicate the source: http://blog.csdn.net/netzsm/archive/2007/09/13/1783055.aspx

===============================================================

Configuring automatic login for SSH
Reprint Address: http://www.fwolf.com/blog/post/279

SSH is now a bridge between my home computer and the company computer, often in the lazy time ssh up to work, so I don't have to go all the way to the company, in addition my mail--mutt and feeds-- Liferea and some other things are also using unison to sync with the company's computers, so all the time ssh, the password is long, very annoying, but also worried that the film hackers to tape to the keyboard on a sticky to know that the most polished key is my password, so determined to fix the public key/ Private key in the way of automatic login, eliminating the pain of password input. The first step is to create a key pair

$ ssh-keygen-d
generating public/private DSA key pair.
Enter file in which to save the key (/HOME/FWOLF/.SSH/ID_DSA):. SSH/FWOLF_DSA
Enter passphrase (empty for no Passphras E):
Enter same passphrase again:
open. SSH/FWOLF_DSA failed:no such file or directory.
Saving the key failed:. Ssh/fwolf_dsa.

Here I am using the DSA format key, or I can use the-t RSA parameter to specify the RSA format, I really do not know what their differences; without parameters is probably for SSH1 key format, now few people should use SSH1. Prompt input passphrase (in fact, the equivalent of the private key password), carriage return means no password, where I set a non-empty password. The second step is to upload the public key to the server

$ ssh-copy-id-i ~/.ssh/fwolf_dsa.pub fwolf.com
fwolf@fwolf.com ' s password: Now
try logging into the Machine, with "ssh ' fwolf.com '", and check in:

  . Ssh/authorized_keys to make

sure we haven ' t added extra the keys that You weren ' t expecting.

A command to fix, of course at this time we still need the server SSH password, in order to pass the pub key, Ssh-copy-id command will directly add key to the. ssh/authorized_keys file, this and the following approach is the same effect:

$ SCP ~/.ssh/fwolf_dsa.pub fwolf@fwolf.com ...
$ ssh fwolf@fwolf.com ...
$ cat Fwolf_dsa.pub >> ~/ssh/authorized_keys

step three, let's enjoy the fun of automatic login .

$ ssh fwolf.com ... Doubt, how still need to enter the password. If you encounter the same problem with me, and pub key upload is not a problem, it is the SSH client configuration is not done, note that the first step I changed the key file default name is not it. So make a copy of/etc/ssh/ssh_config file as ~/.ssh/config, then edit it, change the identityfile ~/.SSH/ID_DSA this line, remove the annotation, add your actual DSA private key file name is OK, And then SSH again:

$ ssh fwolf.com
Enter passphrase for key '/HOME/FWOLF/.SSH/FWOLF_DSA ':
... (Login successful)

step Fourth, get rid of that fucking passphrase.

In the third step above, SSH does not need to re-enter the user's password, but still has to enter the passphrase of the private key, which is as troublesome as entering the SSH password, thanks to IBM's blessing, Daniel Robbins introduced us to use ssh-agent and keychain to remove the hassle of typing passwords, but it should not apply to the case where we often need to switch machines, so we have to go back to the first step and generate a pair of keys that don't have a passphrase, although the security is down. , but very convenient. Security Recommendations If conditions permit, use a key with passphrase to use with ssh-agent and keychain. If you need to log on to the server from a different computer, it is best to use a separate key pair. Remember to change the key pair regularly. Reference ADVANCEDOPENSSH generic thread: OpenSSH Key Management, part 1th – Understanding RSA/DSA Authentication Generic Thread: OpenSSH Key Management, part 2nd – Introduction to Ssh-agent and Keychain RSA/DSA Auth Entication on SSH Related posts to open the reverse tunnel with SSH, intranet can also provide services (2) Configure a secure shared Web server (4) Choose Eclipse PHP DEVELOPM ENT tools (PDT) as a PHP development tool (8) use unison to sync your remote folder (9) Install IBUs Input Method (3)