如何让 scp / ssh 不需要密码

发表于 更新于 分类于 评论数:
让 scp / ssh 不需要密码,可在脚本中直接使用。

How to use the Linux ‘scp’ command without a password to make remote backups
How to create a public and private key pair to use ssh and scp without using a password, which lets you automate a remote server backup process.

目标:通过 server 上的脚本,通过 cron 每天备份文件到 client。

步骤:

  • 在 server 端生成 rsa 密钥对,ssh-keygen -t rsa
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
root@ubuntu:~# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c7:42:12:d7:40:58:16:0f:2b:29:6c:2b:67:6b:1c:e3 root@ubuntu
The key's randomart image is:
+--[ RSA 2048]----+
|      .+O+       |
|   .  .= +.      |
|    + + o .      |
|   . o + .       |
|  . *   S o      |
|   * +   o       |
|    E            |
|   .             |
|                 |
+-----------------+
root@ubuntu:~# 
root@ubuntu:~# ls .ssh/ -al            
total 20
drwx------ 2 root root 4096 Apr 25 14:05 .
drwx------ 7 root root 4096 Apr 25 13:51 ..
-rw------- 1 root root 1679 Apr 25 13:54 id_rsa
-rw-r--r-- 1 root root  393 Apr 25 13:54 id_rsa.pub
-rw-r--r-- 1 root root  444 Apr  6 16:58 known_hosts
  • 拷贝公钥到 client 192.168.204.168,注意此时从 172.18.111.192 scp 拷贝时还需要密码。scp .ssh/id_rsa.pub sunyongfeng@192.168.204.168:/home/sunyongfeng/.ssh/authorized_keys
1
2
3
4
root@ubuntu:~# scp .ssh/id_rsa.pub sunyongfeng@192.168.204.168:/home/sunyongfeng/.ssh/authorized_keys
sunyongfeng@192.168.204.168's password: 
id_rsa.pub                                                                                       100%  393     0.4KB/s   00:00    
root@ubuntu:~#
  • 验证从 server 172.18.111.192 scp 到 192.168.204.168 已不需要密码。下文同时确认 ssh 远程 192.168.204.168 不需要密码。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
root@ubuntu:~# scp .ssh/id_rsa.pub sunyongfeng@192.168.204.168:/home/sunyongfeng/.ssh/authorized_keys
id_rsa.pub                                                                                       100%  393     0.4KB/s   00:00    
root@ubuntu:~# 
root@ubuntu:~# ssh sunyongfeng@192.168.204.168
Welcome to Ubuntu 16.04 LTS (GNU/Linux 3.19.8-031908-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

234 packages can be updated.
0 updates are security updates.

Last login: Tue Apr 25 12:36:14 2017 from 192.168.204.167
sunyongfeng@openswitch-OptiPlex-380:~$ exit
logout
Connection to 192.168.204.168 closed.
root@ubuntu:~#