Ganymed SSH中的无密码SSH
[英]Passwordless ssh in Ganymed ssh
问题描述
This is probably a very stupid question, but I'm using Ganymed ssh 2 library and I'm wondering how to connect using the Connection object but with passwordless ssh. 
这可能是一个非常愚蠢的问题,但是我使用的是Ganymed ssh 2库,我想知道如何使用Connection对象和无密码的ssh进行连接。 I tried authenticating using the keyboard-interactive mode, but it doesn't seem to be supported. 我尝试使用键盘交互模式进行身份验证,但似乎不支持它。
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2014-12-18 03:43:11
here are a few cases where having passwordless access to a machine is convenient or necessary. 在某些情况下,方便或有必要使用无密码访问计算机。 I'm always looking up a series of commands that I can just copy and paste to do it right quick. 我一直在寻找一系列命令,只需复制并粘贴即可快速完成。 Here they are. 他们来了。
Generate your key pair - One of the login modes of ssh is to use a SSH key pair. 生成密钥对-ssh的登录模式之一是使用SSH密钥对。 A key pair is made up of both a private and a public key. 密钥对由私钥和公钥组成。 The private key is kept on your local machine while your public key is what you distribute to all the machines you want to log in to. 私钥保留在本地计算机上,而公钥则是分发给要登录的所有计算机的密钥。 There are a few flavors of keys you can generate, rsa1 (for SSH1) , dsa (SSH2) , or rsa (SSH2) . 您可以生成几种类型的密钥, rsa1 (for SSH1) , dsa (SSH2)或rsa (SSH2) 。 According to my IT guy he likes DSA . 据我的IT人士说,他喜欢DSA 。 You can (and should) associate a password with your key pair, so that only you can use it even if someone else manages to gain access to your account. 您可以(并且应该)将密码与密钥对关联,这样即使其他人设法获得对您帐户的访问权限,也只有您才能使用它。 If you have more than one key pair, using the same password for all key pairs will make them all active at the same time. 如果您有多个密钥对,则对所有密钥对使用相同的密码将使它们同时处于活动状态。 You can also vary the number of bits used for the key. 您还可以更改用于密钥的位数。 The more bits you use the harder it will be to crack, but I believe at a nominal performance drop. 您使用的位数越多,破解的难度就越大,但我相信会出现名义上的性能下降。 I was recommended to use 2048 bits. 建议我使用2048位。 Very well, 2048 bit DSA key it is. 很好,它是2048位DSA密钥。
ssh-keygen -t dsa -b 2048
# Type in strong password If for some reason you need an rsa key, you can just replace the type with the appropiate argument , -t rsa or -t rsa1 . #输入强密码如果出于某种原因需要rsa密钥,则可以只用适当的参数, -t rsa or -t rsa1替换类型。
NOTE: 注意:
- You need to make sure the permissions of the files in this directory are set to allow read/write for the user only
(-rw------- or chmod 600 *).您需要确保将此目录中文件的权限设置为仅允许用户读/写(-rw------- or chmod 600 *)。 The most important files to do this for are the authorized_keys and private keys files.为此,最重要的文件是authorized_keys和私钥文件。 Sometimes logging in will silently fail if you don't have the permissions set correctly. 如果您没有正确设置权限,有时登录将无提示地失败。 - Copy public key to remote machine - Once you made your key pair, you should copy your public key to the remote machine preferably using an encrypted method such as scp and add it to your .ssh/authorized_keys file. 将公共密钥复制到远程计算机 -配对后,最好使用加密方法(例如scp)将公共密钥复制到远程计算机,然后将其添加到.ssh / authorized_keys文件中。 You can do this with a single command. 您可以使用单个命令执行此操作。 cat ~/.ssh/id_dsa.pub | 猫〜/ .ssh / id_dsa.pub | ssh user@remote.machine.com 'cat >> .ssh/authorized_keys' ssh user@remote.machine.com'cat >> .ssh / authorized_keys'
If you need to make a .ssh directory on the remote machine cat
如果需要在远程机器cat上创建.ssh目录 ~/.ssh/id_dsa.pub |
〜/ .ssh / id_dsa.pub | ssh user@remote.machine.com 'mkdir .ssh; ssh user@remote.machine.com'mkdir .ssh; cat >> .ssh/authorized_keys' 猫>> .ssh / authorized_keys'
SSH Agent - Now that you have a pair, you can try logging into the remote machine as you normally would. SSH代理 -现在有了一对,您可以像往常一样尝试登录到远程计算机。 You will be prompted for your key pair password. 系统将提示您输入密钥对密码。 If you left it blank when you created your keys you may simply press enter (and SHAME on you). 如果在创建键时将其留空,则只需按Enter键(以及SHAME键)。 If you press enter at this point and you had a password you will then be prompted for your remote account password. 如果此时按Enter键,并且您已输入密码,那么系统将提示您输入远程帐户密码。 You can avoid having to do this by using ssh-agent. 您可以避免使用ssh-agent来执行此操作。 This will allow you to type in your password for the key pair once on a given machine and reuse it over and over again. 这样,您就可以在给定的计算机上键入一次密钥对的密码,然后反复使用。 ssh-agent stores information about your keys in the memory of that system, so if you move to another system or the machine is rebooted you will have to run ssh-agent again. ssh-agent将有关密钥的信息存储在该系统的内存中,因此,如果您移至另一个系统或计算机重新启动,则必须再次运行ssh-agent。 ssh-agent also will output some environment variables that you can use to gain access to the keys in memory. ssh-agent还将输出一些环境变量,您可以使用这些环境变量来访问内存中的键。 I have a couple of aliases that help me out with this. 我有几个别名可以帮助我解决这个问题。 One thing to consider is adding a time limit to how long your keys will be active in memory. 要考虑的一件事是为密钥在内存中的激活时间增加一个时间限制。 If you want them to last for only a day you can add -t 86400 (those are seconds) to your ssh-agent command. 如果希望它们仅使用一天,则可以在ssh-agent命令中添加-t 86400(以秒为单位)。
For tcsh
对于tcsh Activates the key pairs and stores some helper files.
激活密钥对并存储一些帮助文件。 Run this once per 每个运行一次 machine you want to log from.
您要从中登录的计算机。 alias agent 'rm -f "$HOME"/.ssh/
hostname.agent ;别名代理'rm -f“ $ HOME” /。ssh / hostname.agent; ssh-agent -t 86400 |ssh代理-t 86400 | grep -v echo > "$HOME"/.ssh/ hostname.agent ;grep -v echo>“ $ HOME” /。ssh / hostname.agent; source "$HOME"/.ssh/hostname.agent ;源“ $ HOME” /。ssh / hostname.agent; ssh-add'ssh-add' Run this in any shell after 'agent' to "activate" the keys.
在“ agent”之后的任何外壳中运行此命令以“激活”密钥。 alias sshagent 'if (-e "$HOME"/.ssh/
hostname.agent) source "$HOME"/.ssh/hostname.agent ;别名sshagent'if(-e“ $ HOME” /。ssh / hostname.agent)源“ $ HOME” /。ssh /hostname.agent; endif'万一' For bash
对于bash alias agent='rm -f "$HOME"/.ssh/
hostname.agent ;别名agent ='rm -f“ $ HOME” /。ssh / hostname.agent; ssh-agent -t 86400 |ssh代理-t 86400 | grep -v echo > "$HOME"/.ssh/ hostname.agent ;grep -v echo>“ $ HOME” /。ssh / hostname.agent; source "$HOME"/.ssh/hostname.agent ;源“ $ HOME” /。ssh / hostname.agent; ssh-add' alias sshagent='if [ -e "$HOME"/.ssh/hostname.agent ];ssh-add'别名sshagent ='if [-e“ $ HOME” /。ssh / hostname.agent]; then source "$HOME"/.ssh/hostname.agent ;然后来源“ $ HOME” /。ssh / hostname.agent; fi'fi'
Now you should simply be able to run agent once on the machine, and then sshagent once per shell. 现在,您应该只能够在计算机上运行一次代理,然后每个shell sshagent一次。 You can then log into the remote machine without having to type in a password. 然后,您无需输入密码即可登录到远程计算机。 If your ssh agent expires (you'll know, because you'll be promted for your password), then run agent again. 如果您的ssh代理过期(您会知道,因为会提示您输入密码),请再次运行代理。 Root access - You can also give users the ability to log into the machine as root without having to give the root password out. root用户访问权限 -您还可以使用户能够以root用户身份登录计算机,而不必给出root用户密码。 Just add the users public key to list of root's authorized_keys, and then the user can log into the machine using root as the user name. 只需将用户的公共密钥添加到root的authorized_keys列表中,然后用户就可以使用root作为用户名登录计算机。
- # Admin does
cat ~user/.ssh/id_dsa.pub | ssh root@remote.machine.com 'cat >> .ssh/authorized_keys'#管理员执行cat ~user/.ssh/id_dsa.pub | ssh root@remote.machine.com 'cat >> .ssh/authorized_keys'cat ~user/.ssh/id_dsa.pub | ssh root@remote.machine.com 'cat >> .ssh/authorized_keys' - # User does agent
sshagent; ssh root@remote.machine.com#用户执行代理sshagent; ssh root@remote.machine.comsshagent; ssh root@remote.machine.com - # Or by typing the key pair's
password ssh root@remote.machine.com#或通过输入密钥对的password ssh root@remote.machine.com
It is recommended that once you have the ability to log in remotely as root with keys, you should disable password-based logins via ssh by making sure the following line is in /etc/ssh/sshd_config: PermitRootLogin without-password 建议一旦您能够使用密钥以root用户身份远程登录,则应通过确保以下行位于/etc/ssh/sshd_config:通过ssh禁用基于密码的登录/etc/ssh/sshd_config: PermitRootLogin without-password
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.