在设置ssh秘钥时,为安全起见我们可以设置一个秘钥的密码,同时又带了麻烦
例如:
[qxy@rh1 .ssh]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/qxy/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/qxy/.ssh/id_rsa.
Your public key has been saved in /home/qxy/.ssh/id_rsa.pub.
The key fingerprint is:
3f:13:7b:94:37:b0:58:64:f6:87:de:b5:5b:75:6c:94 qxy@rh1.qxy
The key's randomart image is:
+--[ RSA 2048]----+
| + o|
| + . E |
| o o B|
| o = +=|
| S o + +.o|
| . + . .o|
| = . . |
| + |
| |
+-----------------+
这里我设置了这个秘钥的密码,每次我们需要ssh免密登陆其他主机时需要输入该密码,此时可以使用:
[qxy@rh1 .ssh]$ eval `ssh-agent` ssh-addAgent pid 2840 [qxy@rh1 .ssh]$ ssh-add Enter passphrase for /home/qxy/.ssh/id_rsa: Identity added: /home/qxy/.ssh/id_rsa (/home/qxy/.ssh/id_rsa)
实现该连接仅输入一次密码,但每个连接都要执行ssh-agent和ssh-add才能使用,并且ssh-agent需要手动kill
如下方式可以达到简单便捷的效果:修改.bash_profile和.bash_logout
.bash_profile里添加:
eval `ssh-agent` >/dev/null
.bash_logout里添加:
kill $SSH_AGENT_PID
既可实现ssh-agent进程在连接开始时自动启动,连接关闭时自动停止,如果喜欢可以把ssh-add也添加到.bash_profile中,这样每次连接后都会提示输入秘钥的密码,个人喜欢手工运行ssh-add,连接时也不提示ssh-agent信息,这样一般人不知道我偷偷加了东西~~~~~~