Scenario: Server A uses SSH login Server B, without any special settings, the use of SSH host.b will appear prompts password: let the input password. How to enter a password without manual input.
Solution: Generate SSH public and private key
[plain] view plain copy print? [qingxu@login1.cm3. ssh]$ ssh-keygen-t DSA generating public/private DSA key pair. Enter file in which to save the key (/HOME/QINGXU/.SSH/ID_DSA): Enter passphrase (empty for no passphrase): Enter SA Me passphrase Again:your identification has been saved. Your public key has been saved in/home/qingxu/.ssh/id_dsa.pub. The key fingerprint Is:ba:43:5b:8e:80:50:5b:88:f1:01:99:1a:c8:73:68:ab qingxu@login1.cm3 here-t DSA represents the use of DSA encryption, return will let you lose Into the private key, and finally generates two files Id_dsa and id_dsa.pub in the. SSH directory, representing the private key and the public key, respectively.
Copy the public key to the machine B that you want to log on to, and in the. SSH directory of B, and append the id_dsa.pub content to the Authorized_keys file.
[HTML] view plain copy print? Cat Id_dsa.pub >> Authorized_keys At this point, the B server has two files, id_dsa.pub and Authorized_keys.
At this time we can through SSH host.b login b server, will not remind the password, but. You will still see this information at this time.
[HTML] view plain copy print? [qingxu@login1.cm3 ~]$ ssh host.b the authenticity of host ' host.b (xxxxxx) ' can ' t be established. DSA key fingerprint is b9:d9:d6:69:c0:e5:bd:6d:c8:89:43:8a:a5:d6:ef:a4. Are you sure your want to continue connecting (yes/no)? Will let you enter whether to connect B server, enter Yes, will be in a server local generated a known_hosts file, the inside is a visited server, the function of this file is: Found B server's public key and local known_hosts public key inconsistency, will remind you whether to connect up. General input once, will not be prompted later.
The following information will then appear:
[HTML] view plain copy print? Enter passphrase for key '/HOME/QINGXU/.SSH/ID_DSA ': You still need to enter the private key. And no matter how many times you log in, will remind you to enter the private key, did not meet our requirements, how to do it.
Managing keys using Ssh-agent and Ssh-add
Ssh-agent is used to manage the key, Ssh-add is used to add the key to the ssh-agent, SSH can obtain the key with ssh-agent communication, so no user is required to manually enter the password.
Eval ' ssh-agent '
ssh-add
Enter passphrase FOR/HOME/QINGXU/.SSH/ID_DSA:
However, it is a good idea to put the command in ~/.bash_profile because it needs to be set once per login.
In addition, keychain can be used to deal with this step, for reference:
Http://www.ibm.com/developerworks/cn/linux/security/openssh/part1/index.html
http://www.ibm.com/developerworks/cn/linux/security/openssh/part2/