@史荣久 / 2015-06-23 / CC-BY-SA-3.0
SSH Without a Password
The following steps can be used to ssh from one system to
another without specifying a password.
- The system from which the ssh session is started via the ssh command is the client.
- The system that the ssh session connects to is the server.
- These steps seem to work on systems running OpenSSH.
- The steps assume that a DSA key is being used. To use a RSA key substitute ‘rsa’ for ‘dsa’.
- The steps assume that you are using a Bourne-like shell (sh, ksh or bash)
- Some of this information came from: http://www.der-keiler.de/Mailing-Lists/securityfocus/ Secure_Shell/2002-12/0083.html
- On the client run the following commands:
$ mkdir -p $HOME/.ssh $ chmod 0700 $HOME/.ssh $ ssh-keygen -t dsa -f $HOME/.ssh/id_dsa -P '' #This should result in two files, #$HOME/.ssh/id_dsa (private key) and #$HOME/.ssh/id_dsa.pub (public key).
2.Copy $HOME/.ssh/id_dsa.pub to the server.
3.On the server run the following commands:
$ cat id_dsa.pub >> $HOME/.ssh/authorized_keys2 $ chmod 0600 $HOME/.ssh/authorized_keys2 #Depending on the version of OpenSSH the following #commands may also be required: $ cat id_dsa.pub >> $HOME/.ssh/authorized_keys $ chmod 0600 $HOME/.ssh/authorized_keys #An alternative is to create a link from #authorized_keys2 to authorized_keys: $ cd $HOME/.ssh $ ln -s authorized_keys2 authorized_keys
4.On the client test the results by ssh’ing to the server:
$ ssh -i $HOME/.ssh/id_dsa server
5.(Optional) accept host key
for ip in $SERVER_IP; do ssh-keygen -R $ip ssh-keyscan -H $ip >> ~/.ssh/known_hosts done
This allows ssh access to the server without having to specify
the path to the id_dsa file as an argument to ssh each time.