生成秘钥对(如果已经有就不用再生成了):
a@A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A
创建目录(如果已经有也不用了)
a@A:~> ssh b@B mkdir -p .ssh
b@B's password:
把公钥放到目标服务器 b@B:.ssh/authorized_keys and enter b's password one last time:
a@A:~> cat ~/.ssh/id_rsa.pub | ssh b@B 'cat >> .ssh/authorized_keys'
之后ssh到B服务器就不用密码了。
如果要为www-data用户生成key,可以用以下命令:
sudo -u www-data ssh-keygen -t rsa
密钥文件默认放在/var/www/.ssh
第一次运行的时候要回答是否信任对方key的问题,之后就不用了。因此,对于脚本执行前应该手动以www-data身份运行一次远程命令。
评论