Shulou(Shulou.com)06/01 Report--

Question:

Suppose we now have two machines, Server A and Server B, and we want Server A to be able to access them without entering a password.

Methods and principles:

We use ssh-keygen to generate private and public keys on ServerA. After copying the generated public key to the remote machine ServerB, we can use ssh command to log in to another machine ServerB without password.

In linux systems,ssh is the default tool for remote login, because the protocol of the tool uses RSA/DSA encryption algorithm [default is DSR algorithm], and the tool is very safe for remote management of linux systems.

Experimental procedure:

1. Log in to ServerA

2.ssh-keygen -t rsa, will generate public and private key files id_rsa and id_rsa.pub [If you keep entering, the last two files should be under/home/$USER/.ssh]

3. Copy the.pub file to the.ssh directory of ServerB machine and save it as authorized_keys

You can use:

The ssh-cop-id command copies the specified public key file to the remote computer

[oracle@Test232 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub oracle@192.168.55.232

28

oracle@192.168.55.232's password:

Now try logging into the machine, with "ssh 'oracle@192.168.55.232'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[oracle@Test232 ~]$ ssh oracle@192.168.55.232

oracle@192.168.55.232's password:

Last login: Thu Nov 24 16:05:32 2011 from 192.168.55.229

[oracle@Test232 ~]$

4. Success, log in to the target account of machine B from machine A, no longer need password

5. Set file and directory permissions [This step can be omitted, but for security reasons, it is also necessary to add ~]

Set authorized_keys permissions

chmod 644 authorized_keys

Set.ssh directory permissions

chmod 700 -R .ssh

6. Make sure that both.ssh and authorized_keys are written only by the user. Otherwise validation is invalid. (Today is encountered this problem, looking for a long time where the problem lies), in fact, think carefully, this is done in order not to appear system loopholes.

Error:

The authenticity of host '192.168.20.59 (192.168.20.59)' can't be established.

RSA key fingerprint is 6a:37:c0:e1:09:a4:29:8d:68:d0:ca:21:20:94:be:18.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.20.59' (RSA) to the list of known hosts.

root@192.168.20.59's password:

Permission denied, please try again.

root@192.168.20.59's password:

Permission denied, please try again.

root@192.168.20.59's password:

Permission denied (publickey,gssapi-with-mic,password).

If you say that the above permissions are not problematic, then hurry to look at your configuration file, because some people will like to change this stuff, resulting in you will not succeed anyway:

Open the/etc/ssh/ssh_config file and find the following section:

# IdentityFile ~/.ssh/identity

IdentityFile ~/.ssh/id_rsa

See if your private key name is this ~/.ssh/id_rsa

Haha, I still have to read the configuration file well ~

If there is a console console that has already opened up password-free remote login to each application host, now you need to open up another console. Here is the script I wrote to practice this function:

###################################

#!/ bin/bash

#Author:zhuying

scriptdir=/home/oracle/zy/changecps

for ip in `grep -v ^# "$scriptdir"/cps.ip`

do

scp /home/oracle/zy/changecps/169keys oracle@$ip:~/

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.