Shulou(Shulou.com)06/02 Report--

Suppose there are two Linux servers An and B, and we want to be able to log in to the other server through SSH password-free from one server.

The information for the two servers is as follows:

Hostname IP address password-free login username server1192.168.12.11guest1server2192.168.12.12guest2

Environment settings (root permissions)

1. Turn off the firewall and SELinux

Redhat uses SELinux to enhance security by shutting it down by:

a. Permanently valid

Modify the SELINUX=enforcing in the / etc/selinux/config file to SELINUX=disabled, and then restart.

b. Take effect temporarily

Setenforce 0

The way to turn off the firewall is:

a. Permanently valid

Enable: chkconfig iptables on

Turn off: chkconfig iptables off

b. Take effect temporarily

Enable: service iptables start

Turn off: service iptables stop

You need to set up the two servers separately to turn off the firewall and SELinux.

two。 Set hostname

Edit the / etc/sysconfig/network file, use the command: vim / etc/sysconfig/network, set the format: HOSTNAME= [hostname].

Set the hostname of server A to server1.

Set the hostname of server B to server2.

3. Configure hosts

Edit the / etc/hosts file, use the command: vim / etc/hosts, and add the following configuration to the hosts file of the two servers:

192.168.12.11 server1192.168.12.12 server2

4. Configure sshd

Edit the / etc/ssh/sshd_config file for both servers, using the command: vim / etc/ssh/sshd_config.

Remove the "#" comment from the following three lines:

RSAAuthentication yesPubkeyAuthentication yesAuthorizedKeysFile .ssh / authorized_keys

Restart the sshd service, using the command: / sbin/service sshd restart.

Secret key setting

1. Create a password-free login account

Use the command:

Useradd guest1 / / create a new user passwd guest1 / / set a new user login password

Similarly, create a guest2 account in server2.

two。 Generate secret key

From the root user to the account where you want to log in without a password, use the command: su guest1.

Execute the command: ssh-keygen-t rsa

Enter directly without specifying a password. After the command is executed, two files will be generated in the guest1 user's home directory (/ home/guest1/.ssh):

Id_rsa: private key id_rsa.pub: public key

Follow the same steps to generate the key file for the guest2 account in server2.

3. Import the public key into the authentication file

Use the command:

Cat / home/guest1/.ssh/id_rsa.pub > > / home/guest1/.ssh/authorized_keysssh guest2@server2 cat / home/guest2/.ssh/id_rsa.pub > > authorized_keys

Use the command cat authorized_keys to view the authorized_keys file as follows:

4. Set file access permissions

Use the command:

Chmod 700 / home/guest1/.sshchmod 600 / home/guest1/.ssh/authorized_keys

After performing the above settings, server1 can log in to the machine without a password, using the command: ssh guest1@server1.

Note: when the host name information is missing in the known_hosts file, the following information will be prompted. Enter yes to write the host name to the known_hosts file and log in successfully.

At this point, the SSH password-free login of the host server1 is complete, and then configure server2.

5. Copy the authentication file to another host

Execute the following command to copy the generated authorized_keys and known_hosts files from server1 to server2.

# scp [local files to be transferred] [remote host user name] @ remote host ip or hostname: [destination location of files to be transferred] scp / home/guest1/.ssh/authorized_keys guest2@server2:/home/guest2/.ssh/authorized_keysscp / home/guest1/.ssh/known_hosts guest2@server2:/home/guest2/.ssh/known_hosts

After the replication is complete, use the following command to set file access permissions.

Chmod 700 / home/guest2/.sshchmod 600 / home/guest2/.ssh/authorized_keys

Then, execute the ssh guest1@server1 command to log in to server1's guest1 account without a password using server2's guest2 account.

At this point, the SSH password-free login of the two servers is all set up. If there is an error, please check the above steps carefully.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.