Shulou(Shulou.com)06/01 Report--

Today, I would like to share with you the relevant knowledge points about how to log in securely without a password in SSH. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article.

Today we generate a private key-public key pair by using the ssh-kengen command to log in to SSH without a password. There are two algorithms, RSA and DSA.

RSA is an asymmetric encryption algorithm that can be used to encrypt and sign.

DSA (Digital Signature Algorithm) can only be used for digital signature algorithms.

The following operations are applicable to OS:Centos 7 and Ubuntu 17. Other systems are untested and can be used in theory.

Server:

10.10.204.63

10.10.204.64

1. How to generate ssh Public key

Log in to the 10.10.204.63 server to generate a public-private key pair:

[root@10-10-20463] # ssh-keygen-b 4096-t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/ root/.ssh/id_rsa): Created directory'/ root/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again:Your identification has been saved in / root/.ssh/id_rsa.Your public key has been saved in / root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:qLcoj2nSzq6G9ZpFQZ/OFqFT+oBDf3ousHkt82F1/xM Root@10-10204-63.10.10.204.63The key's randomart image is:+--- [RSA 4096]-+ |. . O | |. + = o | | o B = | |. X o | |. O B S. | |. = *. . . E | | .oo.B *. . | | oo+*.O o.. | | o*O+o o.. | +-[SHA256]-+ enter three times to generate ssh key.

Notes:

-b specifies the key length. For RSA keys, the minimum requirement is 768 bits, the default is 2048 bits, and the maximum length is 4096 bytes.

-t specifies the type of key to create. You can use: "rsa1" (SSH-1) "rsa" (SSH-2) "dsa" (SSH-2).

two。 View the generated file

[root@10-10-20-63 ~] # ll .ssh / total 8murr RW-1 root root 3243 Nov 25 15:58 id_rsa-rw-r--r-- 1 root root 758 Nov 25 15:58 id_rsa.pub description: id_rsa private key id_rsa.pub public key

3. Upload the public key to 10.10.204.64

[root@10-10-204-63] # ssh-copy-id-I ~ / .ssh/id_rsa.pub root@10.10.204.64/usr/bin/ssh-copy-id: INFO: Source of key (s) to be installed: "/ root/.ssh/id_rsa.pub" The authenticity of host '10.10.204.64 (10.10.204.64)' can't be established.ECDSA key fingerprint is SHA256:/YI/L4RT1QH7lkfxMCAkKnvniQslyUl15mOUKUo8K3k.ECDSA key fingerprint is MD5 6d:b6:f3:93:8e:48:53:24:9d:5d:c2:2a:5f:28:f4:d2.Are you sure you want to continue connecting (yes/no)? Yes [enter yes enter] / usr/bin/ssh-copy-id: INFO: attempting to log in with the new key (s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key (s) remain to be installed-- if you are prompted now it is to install the new keysroot@10.10.204.64's password: [enter server password enter] Number of key (s) added: 1Now try logging into the machine With: "ssh 'root@10.10.204.64'" and check to make sure that only the key (s) you wanted were added.

Uploaded successfully.

4. Modify SSH configuration file

Log in to 10.28.204.64 to modify, and do the following:

$vim / etc/ssh/sshd_config removes the following comments: RSAAuthentication yesPubkeyAuthentication yes

5. Restart the SSH service

$systemctl restart sshd

6. Test password-free login 10.10.204.64

[root@10-10-204-63] # ssh 'root@10.10.204.64'Last failed login: Sat Nov 25 16:09:48 CST 2017 from 83.234.149.66 on ssh:nottyThere was 1 failed login attempt since the last successful login.Last login: Sat Nov 25 15:57:33 2017 from 36.7.69.84 [root@10-10-204-64] #

Successfully logged in without entering a password.

After the login is successful, it is recommended that the ssh public key be generated on the 10.10.204.64 server and uploaded to the 10.10.204.63 server, so that we can log in to each other without password SSH. The same is true of multiple servers.

7. View public key

[root@10-10-204-64] # ll / root/.ssh/total 8 root root 758 Nov 25 16:08 authorized_keys-rw-r--r--. 1 root root 175 Aug 9 09:19 known_hosts

Authorized_keys is the name of the public key just uploaded.

8. If the public key is lost, you can use the private key to generate the public key again, as follows:

[root@10-10-204-63] # ssh-keygen-y-f ~ /. Ssh/id_rsa > ~. Ssh/id_rsa.pub is all the contents of the article "how to log in securely without a password in SSH". Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.