今天讲讲ssh-agent

先来张图：

尽管期望无密码登录，但无口令的密钥不是一个好的选择（运行在本地伪分布式时，不防使用一个空的口令）。因此当使用ssh-keygen生成密钥对时，不防设置一个口令。然后使用ssh-agent以免每个连接逐一输入密码。

以下是ssh-agent的使用示例：

步1：登录linux

> ssh 192.168.56.81

步2：生成带有密码的ssh密钥对

Generating public/private rsa key pair.

Enter file in which to save the key (/home/wangjian/.ssh/id_rsa):

Created directory '/home/wangjian/.ssh'.

Your identification has been saved in /home/wangjian/.ssh/id_rsa.

Your public key has been saved in /home/wangjian/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:sKfzklrYrRm/JNSqtHfFsIFgibZlBZylSsPElyjO6X0 wangjian@cent81

The key's randomart image is:

+---[RSA 2048]----+

| ..+.Bo |

|.o= @. |

|oo=*.... |

| =.o .+o |

|. o o S= |

| . . E =. o |

| + O.o. |

| . ++X. |

| +ooo+. |

+----[SHA256]-----+

步3：将公钥copy到待登录的服务器上

使用ssh-copy-id将公钥拷贝到指定的服务器上，命令：ssh-copy-id ip或主机名

[wangjian@cent81 ~]$ ssh-copy-id cent81

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/wangjian/.ssh/id_rsa.pub"

/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

wangjian@cent81's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'cent81'"

and check to make sure that only the key(s) you wanted were added.

步4：测试在没有使用ssh-agent时必须要输入私钥的密码才可以登录

[wangjian@cent81 ~]$ ssh cent81

Enter passphrase for key '/home/wangjian/.ssh/id_rsa':这儿要求输入id_rsa的密码后才可以登录成功

Last login: Sat Jun 2 21:53:17 2018 from cent81

步5：启动ssh-agent

使用ssh-agent bash将启动一个ssh-agent，同时打开一个新的ssh会话。所以,如果要退出这个ssh-agent只要执行exit就可以退出前一次登录的bash。

[wangjian@cent81 ~]$ ssh-agent bash

步6：将私钥添加到ssh-agent的缓存

使用ssh-add keys可以将私钥添加到ssh-agent的缓存。

[wangjian@cent81 ~]$ ssh-add ~/.ssh/id_rsa

Enter passphrase for /home/wangjian/.ssh/id_rsa:这儿要求输出id_rsa私钥的密码

Identity added: /home/wangjian/.ssh/id_rsa (/home/wangjian/.ssh/id_rsa)

添加以后，可以使用ssh-add -l显示添加到ssh-agent缓存中的私钥列表：

[wangjian@cent81 ~]$ ssh-add -l

2048 SHA256:sKfzklrYrRm/JNSqtHfFsIFgibZlBZylSsPElyjO6X0 /home/wangjian/.ssh/id_rsa (RSA)

步7：现在就可以在ssh-agent代理下不用再输入密码登录了

[wangjian@cent81 ~]$ ssh cent81

Last login: Sat Jun 2 21:55:50 2018 from cent81

步8：退出两次结束ssh-agent

[wangjian@cent81 ~]$ exit在ssh-agent代理下，使用exit登出ssh-agent的bash

exit

[wangjian@cent81 ~]$ ssh cent81现在再使用ssh登录服务器就必须要输入id_rsa的密码了

Enter passphrase for key '/home/wangjian/.ssh/id_rsa':

Last login: Sat Jun 2 22:02:17 2018 from cent81

由于没有在ssh-agent的bash里面，所以，无法执行ssh-add命令：

[wangjian@cent81 ~]$ ssh-add -l

Could not open a connection to your authentication agent.

更多命令：

启动ssh-agent：ssh-agent bash

关闭ssh-agent：ssh-agent -k或直接exit退出ssh-agent的bash。

将私钥添加到ssh-agent代理：ssh-add ~/.ssh/key_name

查看代理中的私钥：ssh-add -l

查看代理中私钥对应的公钥：ssh-add -L

删除指定的私钥：ssh-add -d ~/.ssh/key_name

删除示例：

[wangjian@cent81 ~]$ ssh-add -d ~/.ssh/id_rsa

Identity removed: /home/wangjian/.ssh/id_rsa (wangjian@cent81)

删除代理中的所有私钥：ssh-add -D

删除所有示例：

[wangjian@cent81 ~]$ ssh-add -D

All identities removed.

欢迎关注：