(1) 從sftp client端產生RSA key,預設目錄為$HOME/.ssh/id_rsa/ 所以key會根據帳號而有所不同
A帳號執行ssh-keygen -t rsa產生的Key,只專屬A帳號使用
最後生成的key會寫在這裡:$HOME/.ssh/id_rsa.pub
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): //通常不變更預設目錄,直接按enter
Enter passphrase (empty for no passphrase): //直接按enter
Enter same passphrase again: //直接按enter
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub. //這檔案就是RSA key
The key fingerprint is:
42:cf:5b:16:b6:18:2c:d8:16:b6:18:16:b6:18 user@p570
$
$ cat /home/user/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuZxlEWJjustrSmibL7PybZK8rvvDJJ4n+9n9BNU58otIw61gaJCFRwkzsJjjsmCFx0bjpSEKetSl8L0ooIRkoKkbnK0BYfwDvWlVuwt3I6ylcLx2V2EepuH+1vPmf0JOmnAWYkqf8kn0AE10JQZtK= user@p570
(2) 修改sftp server端的authorized_keys
放在該user的$HOME/.ssh/authorized_keys(如本例帳號為testsftp)
這也意味著會認sftp server登入的帳號喔~用別的帳號登入就抓不到了
下面的例子,我是自己把 authorized_keys 抓到client端,自行修改
當然正規作法應該是把key給sftp server端的系統管理員,請他們加
$ cd /home/user
$ sftp testsftp@10.11.11.11
Connecting to 10.11.11.11 ...
Welcome to 10.11.11.11
Password:
sftp> cd .ssh
sftp> ls
. .. authorized_keys
sftp> mget authorized_keys
Fetching /.ssh/authorized_keys to authorized_keys
sftp> bye
$ ls
authorized_keys
用vi(或其它你愛的文書編輯器)把剛剛產生的RSA key (路徑:/home/user/.ssh/id_rsa.pub)
複製到authorized_keys的最下面並且要記得換行
authorized_keys檔案裡面如果有別台server的key,請不要刪除,不然會害別人無法登入XD
編輯完再cat看看,驗證一下
$
$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuZxlEWJjustrSmibL7PybZK8rvvDJJ4n+9n9BNU58otIw61gaJCFRwkzsJjjsmCFx0bjpSEKetSl8L0ooIRkoKkbnK0BYfwDvWlVuwt3I6ylcLx2V2EepuH+1vPmf0JOmnAWYkqf8kn0AE10JQZtK= user@p570
(3) 將編輯完成的authorized_keys上傳至sftp server
$ sftp testsftp@10.11.11.11
Connecting to 10.11.11.11 ...
Welcome to 10.11.11.11
Password: //未上傳key之前都要輸入密碼
sftp> cd .ssh
sftp> ls
. .. authorized_keys
sftp> mput authorized_keys
Uploading authorized_keys to /.ssh/authorized_keys
Uploading authorized_keys to /.ssh/authorized_keys
sftp>
sftp> ls -l
drwx------ 0 22002 2000 96 May 11 09:33 .
drwxr-xr-x 0 22002 0 8192 Jul 30 17:09 ..
-rw-r----- 0 22002 2000 664 Aug 27 17:18 authorized_keys
sftp> bye
$
(4) 最後測試一下是否不需密碼就能連
root@p570/.ssh>sftp testsftp@10.11.11.11
Connecting to 10.11.11.11 ...
Welcome to 10.11.11.11
sftp> //直接出現sftp>提示,不用密碼
sftp> bye
$
後記:
這篇看起來好像很長,其實實作起來很簡單
我這菜鳥遇到的困難是在把sftp指令寫成shell script,並寫到crontab排程
請參考
《如何在AIX作業系統排程crontab中執行sftp指令 (以RSA key認證時)》
http://n9tech.blogspot.tw/2012/10/aixcrontabsftp-rsa-key.html