Shulou(Shulou.com)06/01 Report--

This article mainly introduces "Linux ssh secret-free key login how to achieve", in the daily operation, I believe that many people have doubts about how to achieve Linux ssh secret-key login. The editor consulted all kinds of data and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "Linux ssh secret-free key login". Next, please follow the editor to study!

Demand

IP1:1.1.1.1 account kg

IP2:1.1.1.2 account kg

The steps to implement IP1 private key login to IP2 are as follows

Log in to 1.1and then run the ssh-keygen-t rsa command in cd ~ / .ssh, shell to generate the key file

Press enter all the time, and it will appear as above, and there will also be the path to your public and private key file, such as my: / home/lx-yf/.ssh/id_rsa.pub

3. View the generated key file in the corresponding directory / home/lx-yf/.ssh/, where id_rsa is the private key file and id_rsa.pub is the public key file

4. The local machine executes commands such as ssh-copy-id-I / home/lx-yf/.ssh/id_rsa.pub kg@1.1.1.2, which transfers the public key file to the remote machine and takes effect. During this period, you will be asked to type your password again, as shown in the following figure. Just type it.

5. The completion logo is shown in the following figure

6. Once again use the user who has done secret-free processing to log in to the remote machine, the password is no longer needed, and the secret-free login process is completed.

Local IP 1.1.1.1 ssh kg@1.1.1.2 can log in directly.

7. Looking at the authorized_keys file of the remote machine, you can see the corresponding change: the public key of the local machine has been added to the configuration file of the remote machine.

8. Matters needing attention

Password-free login is user-to-user. After switching to other users, you still need to enter a password.

Operations in which the public key is passed to the remote machine and takes effect can be implemented in other ways, such as modifying authorized_keys after scp

The .ssh directory of the remote machine requires 700 permissions and the authorized_keys file needs 600 permissions

The above is to manually implement the private key login between two IP, and then talk about the secret key login between multiple servers.

I want to copy the local ~ / .ssh/id_rsa.pub to another machine through ssh-copy-id, so as to log in without a password. After the copy, ssh is prompted to log in to the remote machine.

@ WARNING: UNPROTECTED PRIVATE KEY FILE! @ Permissions 0777 for'~ / .ssh/id_rsa' are too open.It is required that your private key files are NOT accessible by others.This private key will be ignored.Load key "~ / .ssh/id_rsa": bad permissionsuser@remoteip's password:

It is because the permission of id_rsa is too high, which used to be 777. The solution is as follows:

The underlying verification mechanism of cd ~ / .sshchmod 700id_rsaSSH secret-free login operation and secret-free login is as follows

If you do not have ssh installed, type: yum install ssh or apt-get install ssh at the command line, you can refer to the blog below

Http://www.cnblogs.com/alaska1131/articles/1659654.html

Create a key file on the client node

To see whether the client node has created a key file, let's take centosNameNode as an example. Open the command line and enter the following

Directive: ls ~ / .ssh to see if a key exists.

After typing ssh-keygen-rsa, the default Enter goes on all the time, and the password is empty. As shown in the following figure, the key is generated successfully

OK, at this point, the key file of the client node has been created, according to the above method, still in the centosDateNode1 node and

The centosDateNode2 node last created a key file.

5. Write the public key of each client node to centosNameNode

Write centosNameNode's own public key to its own ~ / .ssh / authorized_keys

Open the command line, enter

OK, then, is to modify sshd and the above-mentioned authorized_keys and directory ~ / .ssh permissions.

Permissions in centosNameNode and modification of sshd

Modify the permissions of the directory ~ / .ssh and ~ / .ssh/authorized_keys files, open the command line, and enter:

Verify yourself, ssh yourself.

Open the command line and enter:

Ip of ssh 192.168.10.66 # centsoNameNode

I found that I didn't ask for a password, but logged in automatically, indicating that my configuration was successful. In fact, the pseudo-distributed mode of Hadoop

The style is to log in to yourself remotely.

Indicate that the upload is successful, then log in to centosNameNode to see if you have received it, and enter the instruction:

Cd / home/roboson # switch directories

Ls # View the files in the directory

Then, enter the vi ~ / .ssh/authorized_keys instruction and find another pile of numbers in the file

Sometimes, such a mistake will be reported.

Agent admitted failure to sign using the key

Solution:

Execute the command under the current user:

Ssh-add

Then, using the same method, add the public key of centosDateNode2.

6. Add the files integrated in centosNameNode to the remaining two nodes

Log in to centosNameNode, then open the command line and enter instructions:

Cd ~ / .ssh scp authorized_keys 192.168.10.67:/home/roboson/.ssh/authorized_keys # passes the integrated ahthorized_keys to centosDateNode1

The above is relatively trivial, in fact, it is better to use the ssh-copy-id instruction when aggregating the public key.

Ssh-copy-id-I. ~ / ssh/id_rsa.pub target machine user name @ target IP

The sh-copy-id command copies the public key of the local host to the authorized_keys file of the remote host

The ssh-copy-id command also sets appropriate permissions for the remote host's user home directory (home) and ~ / .ssh, and ~ / .ssh/authorized_keys.

The ssh-copy-id command installs the local ssh public key file to the corresponding account of the remote host.

Functions achieved:

Ssh-copy-id-populate your public key into the authorized_keys file on a remote machine.

Usage mode:

Ssh-copy-id [- I [identity_file]] [user@] machine

Description:

Ssh-copy-id is a practical ssh script to log in to a remote server (assuming a login password

Therefore, password authentication should be activated until you have cleaned up the use of multiple identities.

It can also change the permissions of the remote user name, ~ / .ssh and ~ / .ssh/authorized_keys

Remove group write permissions (otherwise, if the sshd on the remote machine is in its configuration

If the file is in strict mode, this will prevent you from logging in. ).

If the "- I" option is already given, then the authentication file (default is ~ / .ssh)

/ id_rsa.pub) is used, regardless of whether there is any key in your ssh-agent.

In addition, the command "ssh-add-L" provides any output that it uses over the

Authentication file. If the parameter "- I" option is given, or ssh-add does not produce output

It then uses the contents of the authentication file. Once it has one or more fingerprints, it makes

Use ssh to populate these fingerprints into the remote machine ~ / .ssh/authorized_keys file.

= =

The solution of adding password in parameters when logging in ssh

Sometimes the machine set a firewall must enter the password can be the following way, when using ssh to log on to the remote server, after the implementation of ssh user@ip, to enter the login password, sometimes the login password can not be remembered, so there is a lot of trouble brought by Ian, is there a way to directly add the password in the parameters of ssh? Looking at the help of ssh, we find that the ssh command does not set a password in the parameters.

Usage: ssh [- 1246AaCfGgKkMNnqsTtVvXxYy] [- b bind_address] [- c cipher_spec] [- D [bind_address:] port] [- E log_file] [- e escape_char] [- F configfile] [- I pkcs11] [- I identity_file] [- L address] [- l login_name] [- m mac_spec] [- O ctl_cmd] [- o Option] [- p port] [- Q query_option] [- R address] [- S ctl_path] [- W host:port] [- w local_tun [: remote_tun]] [user@] hostname [command]

So google, find sshpass.

Sshpass: for non-interactive ssh password authentication, it allows you to specify a plaintext password with the-p parameter, and then log in directly to the remote server. It allows passwords to be read from command line, files, and environment variables.

First install sshpass on the machine

For debian/ubuntu systems, the installation is simple:

Sudo apt-get install sshpass

For other linux, you can compile the source installation of sshpass:

Wget http://sourceforge.net/projects/sshpass/files/sshpass/1.05/sshpass-1.05.tar.gz tar xvzf sshpass-1.05.tar.gz. / configure make sudo make install

After installation, use the sshpass command to get the following:

Usage: sshpass [- f |-d |-p |-e] [- hV] command parameters-f filename Take password to use from file-d number Use number as file descriptor for getting password-p password Provide password as argument (security unwise)-e Password is passed as env-var "SSHPASS" With no parameters-password will be taken from stdin-h Show help (this screen)-V Print version informationAt most one of-f,-d -p or-e should be used

So the collection of sshpass and ssh commands can add a password when ssh logs in, so that the command to log on to a computer is written as a shell script, which is very convenient later.

#! / bin/bashsshpass-p "XXX" ssh user@IP here, the study on "how to implement Linux ssh key-free login" is over. I hope I can solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.