Shulou(Shulou.com)06/02 Report--

0. Description

Usually, when you log in to a remote server using ssh, you need to use the input password. It is hoped that you can log in through the key without entering the password, so that you can prepare for the automatic deployment of hosts in batches in the future.

The environment is as follows:

IP address operating system server side 10.0.0.128/24CentOS 6.5x86 client 10.0.0.129/24Ubuntu 16.04x86

1. Client generates key pair

Generate key pairs:

Xpleaf@leaf:~$ ssh-keygen-t rsa-b 2048Generating public/private rsa key pair.Enter file in which to save the key (/ home/xpleaf/.ssh/id_rsa): Created directory'/ home/xpleaf/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in / home/xpleaf/.ssh/id_rsa.Your public key has been saved in / home/xpleaf/.ssh/id_rsa.pub.The key fingerprint is:SHA256:eLssyXJLzUCfSN5mu6nqNH9dB/gOyXSvWBwQdNssIYE xpleaf@ LeafThe key's randomart p_w_picpath is:+--- [RSA 2048]-+ | o=oo | | E. o = | | o oo o | | + = .o +. | | = So = + | | Bo + = o | | o. * o | |.. + =.. + o | | .o + + = = | +-[SHA256]-+

View the generated key pair:

Xpleaf@leaf:~$ ls .sshid _ rsa id_rsa.pub# id_rsa is the private key, which generally needs to be kept secret; id_rsa.pub is the public key, which can be made public.

two。 Upload the public key to the server

Use the scp command to:

Xpleaf@leaf:~$ scp .ssh / id_rsa.pub root@10.0.0.128:/rootThe authenticity of host '10.0.0.128 (10.0.0.128)' can't be established.RSA key fingerprint is SHA256:0Tpm11wruaQXyvOfEB1maIkEwxmjT2AklWb198Vrln0.Are you sure you want to continue connecting (yes/no)? YesWarning: Permanently added '10.0.0.128' (RSA) to the list of known hosts.root@10.0.0.128's password: id_rsa.pub 100393 0.4KB/s 00:00

3. Server-side operation

Add the public key from the client to .ssh / authorized_keys:

[root@leaf ~] # cat id_rsa.pub > > .ssh / authorized_ Keys [root @ leaf ~] # chmod 600.ssh / authorized_keys# authorized_keys needs to be 600

Modify the ssh configuration file / etc/ssh/sshd_config and find the following line:

PubkeyAuthentication no

Modified to:

PubkeyAuthentication yes

4. test

Log in to the server using the key on the client:

Xpleaf@leaf:~$ ssh-I. ssh / id_rsa root@10.0.0.128Last login: Tue May 9 15:14:01 2017 from 10.0.0.129 [root@leaf ~] #

5. Matters needing attention

You need to turn off selinux on the server side, otherwise you can't log in remotely using the key.

When the client uses the scp command, the ssh client also needs to be installed on the server side, otherwise the public key cannot be uploaded to the server side, and ssh-copy-id root@10.0.0.128 can also be used instead of the scp operation (so there is no need to create a .ssh directory and other operations on the server side, which means that the command can help us upload and configure the key step by step)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.