如何 ssh 到本地主机没有密码?

编辑: 把完成的东西

我需要 SSH 本地主机没有密码,通常的方式做到这一点(与公共密钥)不工作。

user@PC:~$ rm -rf .ssh/*
user@PC:~$ ssh-keygen -t rsa > /dev/null
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
user@PC:~$ ls .ssh/
id_rsa  id_rsa.pub
user@PC:~$ ssh-copy-id -i localhost
The authenticity of host 'localhost (::1)' can't be established.
RSA key fingerprint is f7:87:b5:4e:31:a1:72:11:8e:5f:d2:61:bd:b3:40:1a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
user@localhost's password:
Now try logging into the machine, with "ssh 'localhost'", and check in:


.ssh/authorized_keys


to make sure we haven't added extra keys that you weren't expecting.


user@PC:~$ ssh-agent $SHELL
user@PC:~$ ssh-add -L
The agent has no identities.
user@PC:~$ ssh-add
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)
user@PC:~$ ssh-add -L
ssh-rsa ...MY KEY HERE


user@PC:~$ ssh-copy-id -i localhost
user@localhost's password:
Now try logging into the machine, with "ssh 'localhost'", and check in:


.ssh/authorized_keys


to make sure we haven't added extra keys that you weren't expecting.


user@PC:~$ ssh localhost echo 'testing'
user@localhost's password:


user@PC:~$

因此,正如您在最后一个命令中看到的,它仍然在询问密码! 我该怎么做? Ubuntu-10.04,OpenSSH _ 5.3 p1

编辑2:

添加一些关于 sshd 的信息

user@PC:~$ cat /etc/ssh/sshd_config | grep Authentication
# Authentication:
RSAAuthentication yes
PubkeyAuthentication yes
RhostsRSAAuthentication no
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
ChallengeResponseAuthentication no
# PasswordAuthentication yes

编辑3: 从 $ssh-vv localhost 添加结果

$ssh -vv localhost
...
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /home/user/.ssh/identity
debug1: Offering public key: /home/user/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/user/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
user@localhost's password:
114216 次浏览
小开

Have discovered the problem.

Running the server with debuging:

$sshd -Dd

I found it was not able to read the auth_key

$chmod 750 $HOME

Fixed it.

小开

Another possible answer: the authorized_keys file may exist and be readable. But if it is group- or world-writable, it will still prompt for the password. The answer to THAT problem is

chmod og-wx ~/.ssh/authorized_keys
小开
最佳答案

I did following 3 steps to create the password less login

1. ssh-keygen -t rsa
Press enter for each line
2. cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
3. chmod og-wx ~/.ssh/authorized_keys
小开

Do the following steps

ssh-keygen -t rsa -C "your_email@example.com"
# Creates a new ssh key, using the provided email as a label
# Generating public/private rsa key pair.

Use the default file and empty passphrase (Simply press enter in the next 2 steps)

# start the ssh-agent in the background
eval "$(ssh-agent -s)"
# Agent pid 59566
ssh-add

Copy the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys

Ensure following are the permissions

 ls -l .ssh/
total 20
-rw-r--r--. 1 swati swati  399 May  5 14:53 authorized_keys
-rw-r--r--. 1 swati swati  761 Jan 12 15:59 config
-rw-------. 1 swati swati 1671 Jan 12 15:44 id_rsa
-rw-r--r--. 1 swati swati  399 Jan 12 15:44 id_rsa.pub
-rw-r--r--. 1 swati swati  410 Jan 12 15:46 known_hosts

Also, ensure the permissions for .ssh directory are. This is also important

drwx------.   2 swati swati    4096 May  5 14:56 .ssh
小开

Two simple steps:

ssh-keygen -t rsa <Press enter for each line>
ssh-copy-id localhost

Enter password and you're done.

小开

The correct and safe way of doing it is to copy the keys as has been said here.

In other cases, sshpass can be handy.

sshpass -p raspberry ssh pi@192.168.0.145

Keep in mind that this is not safe at all. Even though it is not a good idea to use it in secure environments, it can be useful for scripting, automated testing...

this can be combined with

ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no pi@192.168.0.145

to avoid confirmation questions that prevent scripting from happening.

Again, only use this in development systems where different machines share an IP and security is not important.

https://ownyourbits.com/2017/02/22/easy-passwordless-ssh-with-sshh/

小开

as the accepted answer do, if you encount a problem of 

    Agent admitted failure to sign using the key.

you need to 

    ssh-add
小开

I faced the same issue even after following all the recommendations, but found out that the issue was with gnome-keyring interference.

Solution:

  1. Go Search , look for “Startup Applications”
  2. If you see “SSH Key Agent”, uncheck the box
  3. Reboot the machine and connect to localhost.
小开

I solved ssh login problem this way.

I generate the key pairs on my server side and then scp back the private key to my windows 10 computer and now I can login without password.

Previously I used key pairs generated by my window 10 laptop and there was no luck at all.

小开

On Centos 7

SOLUTION

1 create rsa key
2 vim /etc/ssh/ssh_config
3
#   IdentityFile ~/.ssh/identity
uncoment this line > IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa

Note *I did this after copying the key and some of the other answers before this one. But I am pretty sure this is all you have to do but if not I would append the rsa key to authorized_keys and also run the

ssh-copy-id to username@localhost

小开

I encountered the same problem when running unit tests on Docker container(golang:1.13-alpine).

After sshd -Dd and ssh -vv root@localhost debugging, I found the reason:

User root not allowed because account is locked

So, we should unlock the account by passwd -u or set a password.

小开

I fixed my problem setting the AllowUsers on sshd_config file.

Running the server with debuging:

$sshd -Dd

I found it was not allowed the my user

$sudo vi /etc/ssh/sshd_config

Add a row with after #Authentication:

AllowUsers myUser

小开

One thing to doublecheck if you have a known good configuration for ssh is that your /etc/hosts.allow includes a reference to localhost, since the source IP for a localhost connection would be coming from 127.0.0.1 rather than your network IP. I was stumped on this for some time, but after adding the following to /etc/hosts.allow my configuration immediately worked.

ALL: 127.0.0.1/32

I figured I would add this since none of the other answers mentioned it and this was the top hit from my search for the same error.

小开

RHEL8

In my case after successful keys configuration it still did not work. I found following error in /var/log/secure:

pam_access(sshd:account): access denied for user `username' from `::1'

So I had to edit:

/etc/security/access.conf

And add there '::1' to allowed hosts by adding a line:

+:<username>:LOCAL ::1

It immediately started to work, even without restart of sshd service.


提交答案