Rough flow
--Create a private / public key pair on the server before the move and register the public key on the destination server. --Authenticate with the passphrase specified when creating the private key instead of the password of the destination server -No change (in the sense that you will be asked for some password) --Register your passphrase with ssh-agent to avoid being asked for your passphrase every time --The ssh-agent registration status is reset every time the shell is restarted. --E.g. PuTTY's duplicate session ――After all, you end up doing ssh-add every time --Introduced keychain to retain ssh-agent registration information
$ ssh-keygen
If you do not enter anything, two files, id_rsa and id_rsa.pub, will be generated. The passphrase decided here will be used for authentication in the future.
--id_rsa is the private key (not disclosed to others) --id_rsa.pub public key (shared with others)
Public key authentication can be performed by registering the person with **. pub ** on the server after moving.
Edit ~ / .ssh / config to manage ssh settings as follows.
Host ${hostname}
HostName ${IP address}
User ${username}
IdentityFile ~/.ssh/id_rsa #The path of the private key file created in the above process
with this
$ ssh ${hostname}
When you do, the private key path will be specified (you can also specify it by typing ssh ~~ on the command line).
Added source server public key id_rsa.pub to ~ / .ssh / authorized_keys Now, the private key of the pre-movement server and the public key of the destination server are verified and authenticated.
Authentication will be performed using the passphrase specified when id_rsa was generated, instead of the password of the destination server. ** However, the effort does not change in the sense that some kind of password is required. ** **
To avoid this problem, let ssh-agent remember the passphrase (used for private key authentication).
$ eval `ssh-agent`
$ ssh-add ~/.ssh/id_rsa
[Qiita @ evakichi: When I find it troublesome to enter a passphrase every time with SSH] (https://qiita.com/evakichi/items/abb6dde9df78f049b913)
However, the ssh-agent registration information is reset every time the shell is restarted. For example, SSH connection with PuTTY and ssh-add → Even if you open a new window with duplicate session, the information cannot be used and you need to ssh-add again.
[Notes for information students: "keychain" that dramatically reduces the number of passphrase entries] (http://note-for-cs.seesaa.net/article/400265433.html) Is detailed. However, note that the installation method and URL have changed.
The latest information and sources are GitHub: keychain Keychain Official Wiki (link from the above page)
--Download from GitHub above --Pass the path to the keychain in it (no need to build) --For example, link to ~ / local / bin / keychain, put ~ / local / bin to $ PATH --Is "Please apply your patches to keychain.sh, not the generated keychain script" on GitHub for keychain developers? --Add the following to .bash_profile as per the official Wiki above
.bash_profile
eval `keychain --eval --agents ssh id_rsa`
This frees you from the hassle of "launching ssh-agent and entering your passphrase with ssh-add ..." every time you start it!
Recommended Posts