最近做jenkins CI/CD 要跨內部server發現登入ssh需要密碼,
真的滿麻煩,也不能在shellscript把密碼直接放入,
只好讓兩台server client -> server 免除認證,
步驟1. 至client server(這邊對我來說是jenkins這台server)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
//client 建立自己的ssh ras憑證 $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: c3:e9:25:65:00:c8:65:cb:e8:fe:4e:7e:ce:06:a4:9d root@kvm8.deyu.wang The key's randomart image is: +--[ RSA 2048]----+ | . o+.. | | o+ . . | | . o o | | . .. + | | .+ .S . | | .. E. + | | . ... | | + .o | | .++o | +-----------------+ // 將client的pub放到server,該user 家目錄下 $ scp ~/.ssh/id_rsa.pub serverUser@serverIP:~/ |
步驟2. 切換到 目標Server
|
1 2 3 4 5 6 7 8 9 10 11 |
// ssh 目標server,這時進去還需要需入密碼 $ ssh serverUser@serverIP // 把剛剛client傳過來的id_rsa.pub寫入authorized_keys $ cat ~/id_rsa.pub >> ~/.ssh/authorized_keys // 離開 $ exit // 測試ssh連線,如設定成功,就不需要密碼即可以進入 $ ssh serverUser@serverIP |
Reference
https://dywang.csie.cyut.edu.tw/dywang/security/node84.html