Shulou(Shulou.com)06/02 Report--

This article introduces the use of ssh-keygen and how to configure authorized_keys two linux machines to authenticate each other, the content is very detailed, interested friends can refer to, hope to be helpful to you.

I. Overview

1. Just so that you don't need a user name and password to use ssh between two linux machines. A digital signature RSA or DSA is used to accomplish this operation

2. Model analysis.

Suppose A (192.168.20.59) is the client machine and B (192.168.20.60) is the target machine.

The purpose to be achieved:

Machine A ssh login to machine B does not need to enter a password

| rsa | dsa is available for encryption. Default is dsa. |

Second, the specific operation process

The operation process of one-way landing (to meet the above purpose):

1. Log in to machine A

2. Ssh-keygen-t [rsa | dsa], which will generate a key file and a public key file id_rsa,id_rsa.pub or id_dsa,id_dsa.pub

3. Copy the .pub file to the .ssh directory on machine B, and cat id_dsa.pub > > ~ / .ssh/authorized_keys

4. When you log in to the target account of machine B from machine A, you no longer need a password. (run # ssh 192.168.20.60 directly)

The operation process of two-way landing:

1. Ssh-keygen does password verification so that ssh to each other's machine, scp does not need to use a password. The specific methods are as follows:

2. Both nodes perform operations: # ssh-keygen-t rsa

Then all enter and use the default value.

3. In this way, a pair of keys are generated and stored under ~ /. Ssh in the user directory.

Test the public key to the user directory of the other machine, and copy it to ~ / .ssh/authorized_keys (operation command: # cat id_dsa.pub > > ~ / .ssh/authorized_keys).

4. Set file and directory permissions:

Set authorized_keys permissions

$chmod 600 authorized_keys

Set .ssh directory permissions

$chmod 700-R. ssh

5. Make sure that only users have write permissions for .ssh and authorized_keys. Otherwise, the validation is invalid. (today is encountered this problem, looking for a long time where the problem lies), in fact, think carefully, this is to avoid system loopholes.

When I visit 20.59 from 20.60, I will prompt the following error:

The authenticity of host '192.168.20.59 (192.168.20.59)' can't be established. RSA key fingerprint is 6a:37:c0:e1:09:a4:29:8d:68:d0:ca:21:20:94:be:18. Are you sure you want to continue connecting (yes/no)? Yes Warning: Permanently added '192.168.20.59' (RSA) to the list of known hosts. Root@192.168.20.59's password: Permission denied, please try again. Root@192.168.20.59's password: Permission denied, please try again. Root@192.168.20.59's password: Permission denied (publickey,gssapi-with-mic,password).

III. Summary of matters needing attention

1. Never set the permissions of files and directories to chmod 777. This permission is too large to be secure, and digital signatures are not supported. I started trying to save trouble, so I did it.

2. The public key of the generated rsa/dsa signature is for the other machine to use. The contents of this public key will also be copied to authorized_keys

3. Access between linux and direct ssh machine ip

4. A machine generates its own RSA or DSA digital signature, gives the public key to the target machine, and then the target machine receives it and sets the relevant permissions (public key and authorized_keys permissions). The target machine can be accessed without a password by the machine generating the digital signature.

Add:

How jenkins master and slave communicate:

Copy the public key of master to the ~ / .ssh/authorized_keys of slave, and save the private key of slave to a ppk file on master.

Jenkins will automatically complete other configuration tasks, such as copy slave agent's binary, starting and stopping slave.

About the use of ssh-keygen and how to configure authorized_keys two linux machines mutual authentication to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.