Shulou(Shulou.com)06/01 Report--

This article mainly explains the "Linux remote login and password-less login method", the content of the article is simple and clear, easy to learn and understand, the following please follow the editor's ideas slowly in depth, together to study and learn "Linux remote login and password-free login method"!

I. remote login method

SSH is a secure channel protocol that is mainly used for remote login. In RHEL 5 systems, the OpenSSH server is provided by openssh, openssh-server and other software packages (installed by default), and sshd is added as a standard system service. The method of use is as follows:

The code is as follows:

$ssh host

$ssh username@host

$ssh-p 222 username@host

-p: specify the access port; if this parameter is omitted, the default port 22 of the SSH service is accessed by default

If this is the first time to log in to the other host, the system will prompt:

The code is as follows:

The authenticity of host 'host (192.168.0.21)' can't be established.

RSA key fingerprint is 98:2e:d7:e0:de:9f:ac:67:28:c2:42:2d:37:16:58:4d.

Are you sure you want to continue connecting (yes/no)?

This means that the authenticity of the host host cannot be confirmed, only its public key fingerprint is known. Do you want to continue to connect?

After entering yes, a prompt appears indicating that the host host has been approved.

The code is as follows:

Warning: Permanently added 'host, 192.168.0.21' (RSA) to the list of known hosts.

Then ask for a password:

The code is as follows:

$Password: (enter password)

At this point, if the secret is correct, you can log in.

Second, login method without password

In a trusted environment, if you have to enter a password every time you log in remotely, it feels like a waste of time, especially when the password is very complex and there are many servers to maintain.

So there is a normal need: you can log in remotely without entering a password.

The implementation steps are as follows:

1. Generate a pair of secret key files (public key and private key) locally

The code is as follows:

$ssh-keygen

# the above command is equivalent to ssh-keygen-t rsa

#-t: specifies the type of key, which defaults to the rsa type of SSH-2

After running the above command, the system will appear a series of prompts, you can enter all the way. In particular, one of the questions is whether to set a password (passphrase) for the private key. If you are worried about the security of the private key, you can set one. After running, two new files are generated in the ~ / .ssh/ directory: id_rsa.pub and id_rsa. The former is a public key and the latter is a private key.

2. Transfer the public key to the remote host host

The code is as follows:

$ssh-copy-id user@host

After the above two steps, you can log in remotely without a password (the remote host saves the user's public key in the ~ / .ssh/authorized_keys file).

3. Frequently asked questions:

1. After the key is generated and uploaded to the remote host, it is still impossible to log in without a password?

Open the / etc/ssh/sshd_config file of the remote host and uncomment the following lines.

The code is as follows:

# RSAAuthentication=yes

# PubkeyAuthentication=yes

# AuthorizedKeysFile=.ssh/authorized_keys

Then, restart the ssh service for the remote host.

The code is as follows:

# ubuntu system

$service ssh restart

# debian system

$/ etc/init.d/ssh restart

2. When executing the ssh-copy-id command, the SSH service port of the remote server is not 22, as follows:

The code is as follows:

$ssh-copy-id nameB@machineB

Ssh: connect to host machineB port 22: Connection refused

Then use the following command:

The code is as follows:

$ssh-copy-id "- p 22000 nameB@machineB"

IV. Supplementary content:

The code is as follows:

$ssh-copy-id-I ~ / .ssh/id_rsa.pub root@192.168.0.2

$ssh-copy-id-u eucalyptus-I / home/ eucalyptus/.ssh/id_rsa.pub eucalyptus@remote_host

#-u: set login without password for eucalyptus users

#-I: when there is no value passed or the ~ / .ssh/identity.pub file is not accessible (does not exist), ssh-copy-id will display the following error

/ usr/bin/ssh-copy-id: ERROR: No identities found

SSH provides two ways of login authentication:

1. Password authentication: verify with the login name and password of the local system user in the server.

2. Key pair verification: matching key information is required to pass the verification. Typically, a pair of secret key files (public and private keys) are created in the client, and then the public key files are placed in a specified location on the server.

Note: when both password authentication and private key authentication are enabled, the server will give priority to key authentication.

5. Configuration file of SSH service:

The configuration file of sshd service defaults to / etc/ssh/sshd_config. Adjusting the relevant configuration items correctly can further improve the security of sshd remote login.

The contents of the configuration file can be divided into the following three parts:

The code is as follows:

# options for SSH server listening

# listening port

Port 22

# using SSH V2 protocol

Protocol 2

# the address of monitoring is all addresses

ListenAdderss 0.0.0.0

# / / prohibit reverse parsing of DNS

UseDNS no

# user login control options

# whether to allow root users to log in

PermitRootLogin no

# whether to allow users with an empty password to log in

PermitEmptyPasswords no

# login authentication time (2 minutes)

LoginGraceTime 2m

# maximum number of retries

MaxAuthTries 6

# only user users are allowed to log in, as opposed to the DenyUsers option

AllowUsers user

# login verification method

# enable password authentication

PasswordAuthentication yes

# enable key authentication

PubkeyAuthentication yes

# specify public key database file

AuthorsizedKeysFile .ssh / authorized_keys

View SSH service status command: / etc/init.d/sshd status

Restart the SSH service command: / etc/init.d/sshd restart

View the version number of the ssh software command: $ssh-V

OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 # indicates that the system is using OpenSSH

Ssh: SSH Secure Shell 3.2.9.1 (non-commercial version) on i686-pc-linux-gnu # indicates that the system is using SSH2

When the public key of the remote host is accepted, it is saved in the file $HOME/.ssh/known_hosts. The next time you connect to this host, the system will recognize that its public key has been saved locally, skip the warning section and prompt for the password directly.

Each SSH user has its own known_hosts file, and the system also has a file, usually / etc/ssh/ssh_known_hosts, that holds the public keys of remote hosts that can be trusted by all users.

Thank you for your reading, the above is the content of "Linux remote login and password-free login method". After the study of this article, I believe you have a deeper understanding of the method of Linux remote login and password-less login, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.