# ssh-agent bash
ssh-add -l
ssh-add /root/.ssh/xyzn_api
git pull origin master
===================
A机配置
1. 生成 CA 的密钥
# ssh-keygen -t rsa (连续三次回车,即在本地生成了公钥和私钥,不设置密码)
2. 将公钥拷到B端
# scp root@B的iP:root/.ssh/id_rsa.pub ./.ssh/id_rsa.pub (需要输入密码)
===================
B机配置
创建authorized_keys2文件
# more /etc/ssh/sshd_config | grep authorized
# touch /root/.ssh/authorized_keys2 (如果已经存在这个文件, 跳过这条)
②追加公钥到authorized_keys2中
# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys2 (将id_rsa.pub的内容追加到 authorized_keys2 中)
3.SSH证书登陆验证
# ssh root@B的iP (因为没有设置私钥密码, 所以不需要密码, 登录成功)
复制SSH到服务器
ssh-copy-id -i ~/.ssh/id_rsa.pub username@server -p 22
注意权限:
chmod 600 ~/.ssh/config
chattr -i ~/.ssh/config
常用的SSH配置项
Host 别名
HostName 主机名
Port 端口
User 用户名
IdentityFile 密钥文件的路径
IdentitiesOnly 只接受SSH key 登录
PreferredAuthentications 强制使用Public Key验证
参考
# vim ~/.ssh/config
Host test
HostName 192.168.0.2
User root
Port 22
IdentityFile ~/.ssh/id_rsa
Host muji
HostName 172.17.0.1
User root
Port 22
IdentityFile ~/.ssh/id_rsa
# 1. 修复目录权限(必须 700) chmod 700 ~/.ssh # 2. 修复密钥文件权限(必须 600) chmod 600 ~/.ssh/authorized_keys # 3. 修复属主(必须是当前用户自己) chown -R $USER:$USER ~/.ssh # 4. 解锁文件(防止被锁定无法访问) chattr -i ~/.ssh chattr -i ~/.ssh/authorized_keys # 5. 重启 sshd 生效 systemctl restart sshd
权限修复命令
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys chattr -i ~/.ssh ~/.ssh/authorized_keys chown -R $USER:$USER ~/.ssh chattr -i ~/.ssh chattr -i ~/.ssh/authorized_keys
修复权限-II
# 查看权限 ls -ld ~ # 修复权限(仅属主可写,其他只读) chmod 755 ~ # 查看权限 ls -ld ~/.ssh # 修复权限(仅属主可读写执行) chmod 700 ~/.ssh # 查看权限 ls -l ~/.ssh/authorized_keys # 修复权限(仅属主可读写) chmod 600 ~/.ssh/authorized_keys # 查看归属 ls -ld ~/.ssh ls -l ~/.ssh/authorized_keys # 修复归属(替换为你的用户名,如 ubuntu/root) chown -R $USER:$USER ~/.ssh