如何使用私钥到远程服务器？

Question

我有两台服务器。这两台服务器都在CentOS 5.6中。我想使用我拥有的私钥(OpenSSH SSH-2私钥)从服务器1到服务器2进行SSH。

我不知道在unix上怎么做。但是，我使用Putty在windows上所做的是将我的OpenSSH私钥提供给putty，并生成一个PPK格式的私钥。

但是，我将从服务器1创建一个bash脚本，该脚本将通过SSH在服务器2上执行一些命令。

如何使用服务器1中的私钥文件SSH到Server 2？

Answer 1

你需要你的SSH公钥，你需要你的ssh私钥。可以使用ssh-keygen生成密钥。私钥必须保存在服务器1上，公钥必须存储在服务器2上。

这是完整的描述在openssh的命令，所以我会引用很多它。您应该阅读“身份验证”部分。另外，openSSH手册应该非常有用：http://www.openssh.org/manual.html

请注意ssh，因为这会影响服务器的安全性。

来自man ssh：

 ~/.ssh/identity
 ~/.ssh/id_dsa
 ~/.ssh/id_rsa
     Contains the private key for authentication.  These files contain
     sensitive data and should be readable by the user but not acces-
     sible by others (read/write/execute).  ssh will simply ignore a
     private key file if it is accessible by others.  It is possible
     to specify a passphrase when generating the key which will be
     used to encrypt the sensitive part of this file using 3DES.

 ~/.ssh/identity.pub
 ~/.ssh/id_dsa.pub
 ~/.ssh/id_rsa.pub
     Contains the public key for authentication.  These files are not
     sensitive and can (but need not) be readable by anyone.

这意味着您可以将私钥存储在.ssh的主目录中。另一种可能是通过-i参数开关告诉ssh使用一个特殊的标识文件。也来自man ssh：

 -i identity_file
     Selects a file from which the identity (private key) for RSA or
     DSA authentication is read.  The default is ~/.ssh/identity for
     protocol version 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for pro-
     tocol version 2.  Identity files may also be specified on a per-
     host basis in the configuration file.  It is possible to have
     multiple -i options (and multiple identities specified in config-
     uration files).

这是给私钥的。现在，您需要在服务器2上介绍您的公钥。再次引用man ssh的话：

  ~/.ssh/authorized_keys
         Lists the public keys (RSA/DSA) that can be used for logging in
         as this user.  The format of this file is described in the
         sshd(8) manual page.  This file is not highly sensitive, but the
         recommended permissions are read/write for the user, and not
         accessible by others.

实现这一目标的最简单方法是将文件复制到服务器2并将其附加到authorized_keys文件中：

scp -p your_pub_key.pub user@host:
ssh user@host
host$ cat id_dsa.pub >> ~/.ssh/authorized_keys

必须允许通过公钥授权ssh守护进程，请参阅man ssh_config。通常，这可以通过将以下语句添加到配置文件中来完成：

PubkeyAuthentication yes

Answer 2

我使用ssh和-i选项在这里添加您的密钥。

如果您想传递arg1，arg2和.sh文件，只需在.sh文件之后传递它，并使用一个使用空间来分隔它。

ssh -i home/avr/new.pem ar@231.221.54.8 "/var/www/beta/betatolive.sh mmin 30"

Answer 3

您需要做的第一件事是确保运行keygen命令来生成键：

ssh-keygen -t rsa

然后使用此命令将密钥推送到远程服务器，并对其进行修改以匹配服务器名称。

cat ~/.ssh/id_rsa.pub | ssh user@hostname 'cat >> .ssh/authorized_keys'