Shulou(Shulou.com)06/01 Report--

Editor to share with you how to use the public key / private key pair to set secret-free Linux login mode, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's learn about it!

Using a set of public / private key pairs allows you to log in to a remote Linux system without a password or run commands using ssh, which can be convenient, but the setup process is a bit complicated. Here are the methods and scripts to help you.

It's not difficult to set up an account on a Linux system that allows you to log in or run commands remotely without a password, but you still need to master some tedious details for it to work. In this article, we will complete the whole process and then give a script that can help with the trivial details.

Once set up, secret-free access is especially useful if you want to run ssh commands in your script, especially if you want to configure commands that run automatically.

It is important to note that you do not need to use the same user account on both systems. In fact, you can use the public key for multiple accounts on the system or for different accounts on multiple systems.

The setting method is as follows.

On which system does it boot?

First, you need to start with the system on which you want to issue the command. That's the system you use to create ssh keys. You also need to be able to access accounts on remote systems and run these commands on them.

To make the character clear, we call the first system in the scene "boss" because it will issue commands to run on another system.

Therefore, the command prompt is as follows:

Boss$

If you have not set up a public / private key pair for your account on the boss system, create a key pair using the command shown below. Note that you can choose between various encryption algorithms. (RSA or DSA is generally used. Note that to access the system without entering a password, you need to enter no password in the two prompts in the dialog box below.

If you already have a public / private key pair associated with this account, skip this step.

Boss$ ssh-keygen-t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/ home/myself/.ssh/id_rsa): Enter passphrase (empty for no passphrase): > .ssh / authorized_keys

Next, you need to make sure that your authorized_keys file permissions are 600. If not, execute the command chmod 600. ssh / authorized_keys.

Target$ ls-l authorized_keys-rw- 1 myself myself 569 Jan 19 12:10 authorized_keys

Also check that the permissions of the .ssh directory on the target system are set to 700. If necessary, execute the chmod 700.ssh command to modify permissions.

Target$ ls-ld .sshdrwx-2 myacct myacct 4096 Jan 14 15:54 .ssh

At this point, you should be able to run commands remotely from the boss system to the target system. This should work unless the target user account on the target system has the same old public key as the user and host you are trying to connect to. If so, you should delete early (and conflicting) entries.

Use script

Using scripts can make some tasks easier. However, one of the annoying problems you will encounter in the following example script is that you have to enter the target user's password multiple times before configuring secret-free access. One option is to divide the script into two parts-commands that need to be run on boss systems and commands that need to be run on target systems.

This is the "one step" version of the script:

#! / bin/bash# NOTE: This script requires that you have the password for the remote acct# in order to set up password-free access using your public key LOC= `hostname` # the local system from which you want to run commands from # wo a password # get target system and accountecho-n "target system >" read REMecho-n "target user >" read user # create a key pair if no public key existsif [!-f ~ / .ssh/id_rsa.pub] Then ssh-keygen-t rsafi # ensure a .ssh directory exists in the remote accountecho checking for .ssh directory on remote systemssh $user@$REM "if [!-d / home/$user/.ssh]; then mkdir / home/$user/.ssh Fi "# share the public key (using local hostname) echo copying the public keyscp ~ / .ssh/id_rsa.pub $user@$REM:/home/$user/$user-$LOC.pub # put the public key into the proper locationecho adding key to authorized_keysssh $user@$REM" cat / home/$user/$user-$LOC.pub > > / home/$user/.ssh/authorized_keys "# set permissions on authorized_keys and .ssh (might be OK already) echo setting permissionsssh $user@$REM" chmod 600 ~ / .ssh/authorized_keys " Ssh $user@$REM "chmod 700 ~ / .ssh" # try it out-should NOT ask for a passwordecho testing-if no password is requested You are all setssh $user@$REM / bin/hostname

The script has been configured to tell you what it is doing every time you have to enter a password. The interaction looks like this:

$. / rem_login_setuptarget system > fruitflytarget user > lolachecking for .ssh directory on remote systemlola@fruitfly's password:copying the public keylola@fruitfly's password:id_rsa.pub 100% 567 219.1KB/s 00:00adding key to authorized_keyslola@fruitfly's password:setting permissionslola@fruitfly's password:testing-- if no password is requested, you are all setfruitfly

After the above scenario, you can log in to your lola account like this:

$ssh lola@fruitfly [lola@fruitfly ~] $

Once secret-free login is set, you can log in from the boss system to the target system without typing a password and run any ssh command. Running in this secret-free manner doesn't mean your account is not secure. However, depending on the nature of the target system, protecting your password on the boss system may become more important.

The above is all the contents of the article "how to use public key / private key pair to set secret-free Linux login mode". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.