我正在嘗試使用ssh-agent遠端ssh伺服器。
據我所知,當我將本機主機新增public_key至遠端伺服器時./ssh/authorized_keys,我可以 ssh 進入伺服器而無需輸入密碼。
但是,我嘗試使用它來執行此操作,ssh-agent因為我需要ssh進入 Jenkins 管道中的遠端伺服器。在Jenkins上做之前,我嘗試在本地做。
我所做的是
eval $(ssh-agent -s)
chmod 600 ./key_key2.key
ssh-add ./key_key2.key
ssh root@<remote_server> docker ps -v
其中key_key2.key包含private_key遠端伺服器的。
這仍然讓我輸入密碼。這是正確的方法嗎?
我覺得使用ssh-agent是跳過將 添加public_key到遠端伺服器的部分authorized_keys,但我認為跳過該部分是使用 的要點之一public_key。
答案1
假設 ServerA 是您家裡的計算機,ServerB 是遠端伺服器。為了透過公鑰/私鑰進行連接,我們需要在 ServerA 上建立一組金鑰。請注意,我沒有輸入密碼。
ServerA $ ssh-keygen -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/admin/.ssh/id_rsa.
Your public key has been saved in /home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:11tmtkpYjGCPLc8I59kV1QySEYfwpJt76BDMX01aTkU admin@localhost
The key's randomart image is:
+---[RSA 4096]----+
| ..==+=E|
| +o+ .o|
| o . o + |
| + = * O |
| . S B B B |
| + @ B * . |
| = O + . |
| o o . |
| . . |
+----[SHA256]-----+
如您所見,金鑰是在 /home/admin/.ssh/id_rsa(私鑰)和 /home/admin/.ssh/id_rsa.pub(公鑰)產生的。
現在,我們登入 ServerB 並將 ServerA 中的公鑰新增至位於 ~/.ssh/authorized_keys 中的authorized_keys。
ServerA $ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP4BIiaHUm6Ow9SGFOdHpsaAu2odnBLfDu5YjwQeESLe7ubfQ62v21PXKAJUVS0ZcAN7KfAfHv+f8Los8GE7NhAJUeOB18YpaQohLVaajKb0pSJnAfcYMqH38Ouq3Q23GA61ZqUF4o3pJpRf9O2V/qpIkGQtMZ1/EbYApvh0y+MSlmrDHNjm6n6LO1P31WqsAwzTlZilcaDJTDu3ILW+bd+b1LzMr2oQUPnrc2YIiGRt8PvvM5YcGfN9/4D1vKyLNgF3c+KhbEapsoxfsGmEl1Z+jR/ldep0jwEh7XVXAMrLWhtUdi/a40R0Zisj3b27gfrQLmEMBOS4X0nfDJ9/QoxVl16SwZWxFuDX1xV/n2XIAg1OQ== admin@localhost
將 ServerA 的輸出複製並貼上到 ServerBauthorized_keys 中。
ServerB $ cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP4BIiaHUm6Ow9SGFOdHpsaAu2odnBLfDu5YjwQeESLe7ubfQ62v21PXKAJUVS0ZcAN7KfAfHv+f8Los8GE7NhAJUeOB18YpaQohLVaajKb0pSJnAfcYMqH38Ouq3Q23GA61ZqUF4o3pJpRf9O2V/qpIkGQtMZ1/EbYApvh0y+MSlmrDHNjm6n6LO1P31WqsAwzTlZilcaDJTDu3ILW+bd+b1LzMr2oQUPnrc2YIiGRt8PvvM5YcGfN9/4D1vKyLNgF3c+KhbEapsoxfsGmEl1Z+jR/ldep0jwEh7XVXAMrLWhtUdi/a40R0Zisj3b27gfrQLmEMBOS4X0nfDJ9/QoxVl16SwZWxFuDX1xV/n2XIAg1OQ== admin@localhost
現在在 serverA 上載入 ssh-agent 並新增私鑰
eval $(ssh-agent)
ServerA $ ssh-add ~/.ssh/id_rsa
Identity added: /home/admin/.ssh/id_rsa (/home/admin/.ssh/id_rsa)
ServerA $ ssh [email protected]
The authenticity of host '[someIP.com]:2220 ([xx.xxx.xxx.xxx]:2220)' can't be established.
ECDSA key fingerprint is SHA256:K6nMI2Dxb7t6oj00HlKmPCCuGorgQoBJCeXB31B9VTY.
ECDSA key fingerprint is MD5:aa:20:4f:08:bb:5d:c5:8e:fd:cb:4c:5f:b9:3b:44:59.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[someIP.com]:2220 ([xx.xxx.xxx.xxx]:2220)' (ECDSA) to the list of known hosts.
Last login: Tue Nov 26 21:20:14 2019
admin@mail ~]$