如何通过SSH协议，无需认证的使用SCP工具进行免认证的数据传输任务？

　　问题

　　如何通过SSH协议，无需认证的使用SCP工具进行免认证的数据传输任务？

　　关键词：ssh 免认证 scp 数据传输

　　测试环境：local（192.168.0.1）-> remote（192.168.0.2）

　　解决方案

　　如下给出一共六步的配置操作，适用于Linux系统环境。

　　step1 - 进入SSH协议存放root用户identity.pub和authorized_keys的文件目录

　　# cd /root/.ssh

　　# ls -al

　　总数 18

　　drwxr-xr-x 2 root other 512 2月 24 14:35 .

　　drwxr-xr-x 23 root other 1536 2月 16 17:14 ..

　　-rw-r--r-- 1 root other 678 2002 2月 24 authorized_keys

　　-rw------- 1 root other 3655 2月 24 14:08 known_hosts

　　-rw------- 1 root other 512 2月 24 14:35 random_seed

　　step2 - 使用SSH命令工具ssh-keygen生成公私钥

　　# /usr/local/bin/ssh-keygen

　　Generating 1024-bit dsa key pair

　　6 Oo.oOoo.oOo.

　　Key generated.

　　1024-bit dsa, root@local, Tue Feb 24 2004 06:36:32

　　Passphrase :

　　Again :

　　Key is stored with NULL passphrase.

　　(You can ignore the following warning if you are generating hostkeys.)

　　This is not recommended.

　　Don't do this unless you know what you're doing.

　　If file system protections fail (someone can access the keyfile),

　　or if the super-user is malicious, your key can be used without

　　the deciphering effort.

　　Private key saved to /root/.ssh2/id_dsa_1024_e

　　Public key saved to /root/.ssh2/id_dsa_1024_e.pub

　　# ls -al

　　总数 18

　　drwxr-xr-x 2 root other 512 2月 24 14:35 .

　　drwxr-xr-x 23 root other 1536 2月 16 17:14 ..

　　-rw-r--r-- 1 root other 678 2002 2月 24 authorized_keys

　　-rw------- 1 root other 3655 2月 24 14:08 known_hosts

　　-rw------- 1 root other 512 2月 24 14:35 random_seed

　　step3 - 使用SSH命令工具ssh-keygen1生成本机登录其他机器所需的authorized_key，默认存储于/root/.ssh/identity.pub文件

　　# /usr/local/bin/ssh-keygen1

　　Initializing random number generator...

　　Generating p: ..................++ (distance 268)

　　Generating q: ................................................................................++ (distance 1312)

　　Computing the keys...

　　Testing the keys...

　　Key generation complete.

　　Enter file in which to save the key (/root/.ssh/identity):

　　Enter passphrase:

　　Enter the same passphrase again:

　　Your identification has been saved in /root/.ssh/identity.

　　Your public key is:

　　1024 33 137759100819686934520696481763778829517032347151848709

　　931347613191606803521634302106373663429062391373471487290158025

　　105706619724046969007187994783371342003069780832585343903142348

　　95784990163707656346620364648020005147382681862785569947494342

　　0765419444885608631362197508294196811654926997336929202808042681631 root@local

　　Your public key has been saved in /root/.ssh/identity.pub

　　# ls -al

　　总数 22

　　drwxr-xr-x 2 root other 512 2月 24 14:38 .

　　drwxr-xr-x 23 root other 1536 2月 16 17:14 ..

　　-rw-r--r-- 1 root other 678 2002 2月 24 authorized_keys

　　-rw------- 1 root other 533 2月 24 14:38 identity

　　-rw-r--r-- 1 root other 337 2月 24 14:38 identity.pub

　　-rw------- 1 root other 3655 2月 24 14:08 known_hosts

　　-rw------- 1 root other 512 2月 24 14:38 random_seed

　　# cat /root/.ssh/identity.pub

　　1024 33 137759100819686934520696481763778829517032347151848709

　　931347613191606803521634302106373663429062391373471487290158025

　　105706619724046969007187994783371342003069780832585343903142348

　　95784990163707656346620364648020005147382681862785569947494342

　　0765419444885608631362197508294196811654926997336929202808042681631 root@local

　　step4 - 将identity.pub文件中的authorized_key内容原样拷贝到需要免SSH认证的对方机器上，位置为对方机器ssh协议存放root用户identity.pub和authorized_keys的文件目录，要修改的文件为/root/.ssh/authorized_keys

　　# ssh 192.168.0.2

　　warning: Executing /usr/local/bin/ssh1 for ssh1 compatibility.

　　root@192.168.0.2's password:

　　Warning: Remote host denied X11 forwarding, perhaps xauth program could not be run on the server side.

　　Last login: Tue Feb 24 14:28:00 2004 from 192.168.8.252

　　You have new mail.

　　[root@remote root]#

　　[root@remote root]# cd /root/.ssh

　　[root@remote .ssh]# cat /root/.ssh/authorized_keys

　　1024 37 1510957817385891963372652439207842737027918140859621507

　　380729138329114441416521776984491500781874021566354104804727884

　　519240069872528441273975697342453100667500263238390614807313900

　　317593282635376291882684337383945048992455560162257982416115871

　　07142667649373550013275351594257842948752831502084375880349649893 root@remote

　　1024 33 137759100819686934520696481763778829517032347151848709

　　931347613191606803521634302106373663429062391373471487290158025

　　105706619724046969007187994783371342003069780832585343903142348

　　95784990163707656346620364648020005147382681862785569947494342

　　0765419444885608631362197508294196811654926997336929202808042681631 root@local

　　[root@remote .ssh]# exit

　　#

　　注意：在上述修改中，在remote(192.168.0.2)的/root/.ssh/authorized_keys添加了local(192.168.0.1)的/root/.ssh/identity.pub文件内容

　　step5 - 验证免SSH认证功能（using ssh from 192.168.0.1 to 192.168.0.2）

　　# ssh 192.168.0.2

　　warning: Executing /usr/local/bin/ssh1 for ssh1 compatibility.

　　root@192.168.0.2's password:

　　Warning: Remote host denied X11 forwarding, perhaps xauth program could not be run on the server side.

　　Last login: Tue Feb 24 14:28:00 2004 from 192.168.8.252

　　You have new mail.

　　[root@remote root]#

　　step6 - 典型应用场景：免认证的SCP数据传输测试（基于SSH免认证，通过SCP文件传输）

　　local（192.168.0.1）->remote（192.168.0.2）

　　---

　　L2 Tech Support

　　SWsoft China