SSH通过密钥登录服务器，无须输入登录密码(非22端口）

ssh-copy-id的 使用
      ssh-copy-id是ssh client套件内一个预设的指令，简单的来说他只是一个script，当你在本机 电脑已经有产生了RSA or DSA  authentication，可以透过ssh-copy-id的指令将认证传送到 远端主机。
      如何建立RSA or DSA authentication？
 $ ssh-keygen -t dsa (ssh-keygen -t rsa)
      Generating public/private dsa key pair.
      Enter file in which to save the key (/root/.ssh/id_dsa)
      RSA与DSA的差异    
      ssh-keygen can create RSA keys for use by SSH protocol version 1 and
      RSA  or DSA keys for use by SSH protocol version 2
      简单来说，若您只使用SSH protocol version 2，建议使用DSA来建立authentication。
ssh-copy-id的 运用
      $ ssh-copy-id.orig -i ~/.ssh/id_dsa.pub wawa@remotehost
      wawa@remotehost's password: (需要输入一次密码)
      Now try logging into the machine, with "ssh 'wawa@remotehost'", and check
      in:
        .ssh/authorized_keys
      to make sure we haven't added extra keys that you weren't expecting.
     
     简单的执行 ssh-copy-id.orig -i 认证档案 帐号@主机
     就可以完成认证，之后就可以直接不敲密码就ssh连线到远端主机
   基本上对外服务的主机，ssh listen port都会改掉预设的22 port，如此一来可以减少主机被入侵的机会，更改ssh listen port是最基本的第一道防线，请将设定档内的 Port 22 进行更改，并且重新启动ssh的服务。
   但是当您改掉ssh listen port之后，ssh-copy-id这个好用的指令将无法运用， 这样一来不是很可惜吗？于是我们就可以对ssh-copy-id这个script进行一 些修改，让他可以支援指定不同的service port 。
更改ssh-copy-id
      $ cp /usr/bin/ssh-copy-id /usr/bin/ssh-copy-id.orig
      $ vi /usr/bin/ssh-copy-id
      #!/bin/sh
      
      # Shell script to install your identity.pub on a remote machine
      # Takes the remote machine name as an argument.
      # Obviously, the remote machine must accept password authentication,
      # or one of the other keys in your ssh-agent, for this to work.
      
      ID_FILE="${HOME}/.ssh/identity.pub"
      
      while getopts ':i:p:P:h' OPTION
      do
          case $OPTION in
              i)
              if [ -n "$OPTARG" ]; then
                  if expr "$OPTARG" : ".*.pub" > /dev/null ; then
                      ID_FILE="$OPTARG"
                  else
                      ID_FILE="$OPTARG.pub"
                  fi
              fi
              ;;
              P|p)
                  PORT=$OPTARG;
              ;;
              h)
                  echo "Usage: $0 [-i [identity_file]] [user@]machine" >&2
                  exit 1
              ;;
          esac;
      done;
      
      shift $(($OPTIND - 1))
      
      if [ $# -lt 1 ] && [ x$SSH_AUTH_SOCK != x ] ; then
         GET_ID="$GET_ID ssh-add -L"
      fi
      
      if [ -z "`eval $GET_ID`" ] && [ -r "${ID_FILE}" ] ; then
        GET_ID="cat ${ID_FILE}"
      fi
      
      if [ -z "`eval $GET_ID`" ]; then
        echo "$0: ERROR: No identities found" >&2
        exit 1
      fi
      
      if [ -z $PORT ]; then
          PORTOPTION=""
      else
          PORTOPTION="-p $PORT "
      fi;
      
      { eval "$GET_ID" ; } | ssh $PORTOPTION $1 "umask 077; test -d .ssh ||
      mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
      
      cat <<EOF
      Now try logging into the machine, with "ssh $PORTOPTION'$1'", and check
in:
      
        .ssh/authorized_keys
      
      to make sure we haven't added extra keys that you weren't expecting.
      
      EOF
      主要是增加了port的设定进去，建议可以直接复制贴上取代即可。
      以上script参考来源：http://blog.vieth.biz/2009/03/23/ssh-copy-id-with-port/

 ssh-copy-id with port的运用
      $ ssh-copy-id -i ~/.ssh/id_dsa.pub -p 1234 wawa@remotehost
      wawa@remotehost's password: (需要输入一次密码)
      Now try logging into the machine, with "ssh -p 1234 'wawa@remotehost'",
      and check in:
      
        .ssh/authorized_keys
      
      to make sure we haven't added extra keys that you weren't expecting.
      ssh-copy-id with port的认证就完成啰！
转自：http://blog.csdn.net/Johnvikey/archive/2010/05/28/5630548.aspx
以上操作和脚本均在CentOS 5.x和6.x下均测试通过，转载以备日后查用。

 

常见问题：权限方面，须要保证在服务器端，authorized_keys能被other用户读取到，否则会提示输入密码，仍不能自动登录，如：

[usr@target ~]$ ll .ssh/
总计 4
-rw----r-- 1 usr usr 610 12-05 10:11 authorized_keys

评论

1 楼 bzhao 2012-08-12  

1.
  ssh-copy-id -i ~/.ssh/id_rsa.pub '-p 12345 user@machine-to-be-logined'
它本身这样页可以的

2.
   EOF 行有特殊要求
EOF要定在行首（not sure）,用用换行结束