王筝的博客
ruby学习

今天在服务器上配置了自己电脑的public key,但是还是不能直接免密码登录,

原因是

ssh 对目录的权限有要求,代码中要设置下新生成的config文件权限才行。
~目录权限是750,~/.ssh 的是700, ~/.ssh/* 的是600,~/.ssh/config 是700

-rw-rw-r– 1 webuser webuser  396 Feb 19 04:20 authorized_keys

$chmod 600 .ssh/authorized_keys

-rw——- 1 webuser webuser  396 Feb 19 04:20 authorized_keys

 

https://help.github.com/articles/error-permission-denied-publickey/

$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/wz/.ssh/id_rsa):
/home/wz/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/wz/.ssh/id_rsa.
Your public key has been saved in /home/wz/.ssh/id_rsa.pub.
The key fingerprint is:
e9:e3:2a:7b:c4:e1:b2:d3:8c:ce:40:4a:07:fb:42:18 wz@wz-computer
The key’s randomart image is:
+–[ RSA 2048]—-+
|                 |
|                 |
|E.               |
|..o   .  .       |
|.+.. o .S        |
|ooo . +.         |
|…. B  o        |
|  .o= +. .       |
|   .+=…        |
+—————–+
$ ll ~/.ssh
total 20
drwx——  2 wz wz 4096  2月  2 13:26 ./
drwxr-xr-x 30 wz wz 4096  2月  2 13:26 ../
-rw——-  1 wz wz 1679  2月  2 13:48 id_rsa
-rw——-  1 wz wz  396  2月  2 13:48 id_rsa.pub
-rw——-  1 wz wz 2210  2月  2 13:44 known_hosts

$ ssh git@github.com
Agent admitted failure to sign using the key.
Permission denied (publickey).
$ ssh-add -l
2048 e9:e3:2a:7b:c4:e1:b2:d3:8c:ce:40:4a:07:fb:42:18 wz@wz-computer (RSA)

$ eval “$(ssh-agent -s)”
Agent pid 9424
$ ssh-add -l
The agent has no identities.
$ ssh-add -l -E md5
The agent has no identities.
$ ssh-add   (需要添加一下才能生效)
Identity added: /home/wz/.ssh/id_rsa (/home/wz/.ssh/id_rsa)
$ ssh-add -l
2048 e9:e3:2a:7b:c4:e1:b2:d3:8c:ce:40:4a:07:fb:42:18 /home/wz/.ssh/id_rsa (RSA)
$ ssh-add -l -E md5
2048 e9:e3:2a:7b:c4:e1:b2:d3:8c:ce:40:4a:07:fb:42:18 /home/wz/.ssh/id_rsa (RSA)

.

先在服务器上 ssh bitbucket.org
点yes链接一下,才能在服务器部署
或者在服务器上链接一下代码地址 git ls-remote git@bitbucket.org:xxx/xxx.git master,

原因是bitbucket不在服务器的knowhosts里

/workspace:$ ssh-copy-id root@10.103.xx.xx  -p 22022

/usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/local/bin/ssh-copy-id:

ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

ERROR: @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

ERROR: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

ERROR: IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

ERROR: Someone could be eavesdropping on you right now (man-in-the-middle attack)!

ERROR: It is also possible that a host key has just been changed.

ERROR: The fingerprint for the RSA key sent by the remote host is

ERROR: 83:33:90:ef:18:de:71:19:52:03:d2:c0:98:de:a5:b3.

ERROR: Please contact your system administrator.

ERROR: Add correct host key in /Users/angela/.ssh/known_hosts to get rid of this message.

ERROR: Offending RSA key in /Users/angela/.ssh/known_hosts:3

ERROR: RSA host key for [10.103.xx.xx]:22022 has changed and you have requested strict checking.

ERROR: Host key verification failed.

这种情况的产生原因是公钥变化而引起的无法登陆,在 known_hosts里删除对应的公钥信息就可以啦。

$ vim ~/.ssh/known_hosts

$vim /home/wangzheng/.ssh/config (其实就是~/.ssh/config)

新增以下几行,其中这个host是博客的部署的服务器,
如果记不清自己的博客服务器是什么, 可以 ping iwangzheng.com

Host blog
HostName 106.186.19.250
User root
Port 23033

blog相当于别名, 以后登录的时候会比较方便
接下来把自己本机的公钥放在博客服务器上
$ssh-copy-id -i ~/.ssh/id_rsa.pub blog
尝试登录博客服务器
$ssh blog 可以登录就ok啦
$vim /home/wangzheng/.bashrc (~/.bashrc)
在最后一行加入以下的内容
$alias fanqiang='ssh -v -D 127.0.0.1:1080 blog'
$source ~/.bashrc
$fanqiang 开始debug
下载SwitchyOptions.bak
点开新的浏览器,点击左上方的应用,
接下来在google的应用商店搜索"Switchy"
可以搜到扩展的应用程序"Proxy SwitchySharp"
点击加号新增扩展程序,
添加成功后页面右上方会弹出"已添加"的提示框,
在这个提示框上点击"登录Chrome"

chrome-extension://dpplabbmogkhghncfbfdeeokoefdjegm/options.html?firstTime=true

在新弹出的浏览器窗口点击"导入导出",再点击"从文件恢复",
上传刚才下载的文件覆盖默认的配置.
killall ssh
点击浏览器右上角的地球仪,选择自动切换模式
这时候直接输$fanqiang就可以自动翻墙啦

 

$ vim /home/wangzheng/.ssh/config
Host 10.103.xx.xx
  HostName 10.103.xx.xx
  User root 
  Port 22022
$ ssh 10.103.xx.xx
The authenticity of host '[10.103.xx.xx]:22022 ' can't be established. RSA key fingerprint is xxxxx:7e. Are you sure you want to continue connecting (yes/no)? yes 
Warning: Permanently added '[10.103.xx.xx]:22022' (RSA) to the list of known hosts. root@10.103.xx.xx's password: 

$ ssh-copy-id --help 
Usage: /usr/bin/ssh-copy-id [-i [identity_file]] [user@]machine 
$ ssh-copy-id 10.103.xx.xx
 root@10.103.xx.xx's password:
 Now try logging into the machine, with "ssh '10.103.xx.xx'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
$ ssh 10.103.xx.xx 
Last login: Mon Jun 16 10:51:35 2014 from 10.10.106.64 tty:[3] jobs:[0] cwd:[~] ip:[10.103.xx.xx]