Shulou(Shulou.com)06/02 Report--

This article mainly explains the detailed analysis of ssh password-free login configuration method, the content is clear, interested friends can learn, I believe it will be helpful after reading.

First of all, what we need to do is that the usera user of the serverA server logs in to the userb user of the serverB server without a password.

Let's log in to the serverA server using usera

[root@serverA ~] # su-usera [usera@serverA ~] $pwd/home/usera

Then generate a key pair on serverA

[usera@serverA ~] $ssh-keygen-t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/ home/usera/.ssh/id_rsa): Created directory'/ home/usera/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in / home/usera/.ssh/id_rsa.Your public key has been saved in / home/usera/.ssh/id_rsa.pub.The key fingerprint is:39:f2:fc:70: Ef:e9:bd:05:40:6e:64:b0:99:56:6e:01 usera@serverAThe key's randomart image is:+-- [RSA 2048]-+ | Eo* | | @. | | = * | | o o. | |. S. | | +. . | | +. . | | +. O. | | .o = o. | +-+ |

A key pair is generated in the / home/usera/.ssh directory

[usera@serverA] $ls-la .ssh total dosage 16drwx-2 usera usera 4096 August 24 09:22. Drwxrwx-12 usera usera 4096 August 24 09:22.-- rw- 1 usera usera 1675 August 24 09:22 id_rsa-rw-r--r-- 1 usera usera 399 August 24 09:22 id_rsa.pub

Then upload the public key to the serverB server and log in as userb user

[usera@portalweb1] $ssh-copy-id userb@10.124.84.20The authenticity of host '10.124.84.20 (10.124.84.20)' can't be established.RSA key fingerprint is f0:1c:05:40:d3:71:31:61:b6:ad:7c:c2:f0:85:3c:cf.Are you sure you want to continue connecting (yes/no)? YesWarning: Permanently added '10.124.84.20' (RSA) to the list of known hosts.userb@10.124.84.29's password: Now try logging into the machine, with "ssh 'userb@10.124.84.20'", and check in: .ssh / authorized_keys to make sure we haven't added extra keys that you weren't expecting.

At this time, the contents of usera's public key file will be appended to the .ssh / authorized_keys file of userb.

[usera@serverA ~] $cat .ssh / id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA

Check the ~ / .ssh/authorized_keys file under the serverB server userb user, the content is the same, I will not paste the picture here.

[userb@serverB ~] $cat .ssh / authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2dpxfvifkpswsbusPCUWReD/mfTWpDEErHLWAxnixGiXLvHuS9QNavepZoCvpbZWHade88KLPkr5XEv6M5RscHXxmxJ1IE5vBLrrS0NDJf8AjCLQpTDguyerpLybONRFFTqGXAc/ximMbyHeCtI0vnuJlvET0pprj7bqmMXr/2lNlhIfxkZCxgZZQHgqyBQqk/RQweuYAiuMvuiM8Ssk/rdG8hL/n0eXjh9JV8H17od4htNfKv5+zRfbKi5vfsetfFN49Q4xa7SB9o7z6sCvrHjCMW3gbzZGYUPsj0WKQDTW2uN0nH4UgQo7JfyILRVZtwIm7P6YgsI7vma/vRP0aw== usera@serverA

Also note that the permissions of the .ssh directory are 700, and the permissions of the files authorized_keys and private key under it are 600. Otherwise, you will not be able to log in without a password because of permission problems. We can see that known_hosts files will be generated after login.

[useb@serverB] $ls-la. SSH total 24drwxmuri. 2 useb useb 4096 Jul 27 16:13. Drwx -. 35 useb useb 4096 Aug 24 09:18.-rw- 1 useb useb 796 Aug 24 09:24 authorized_keys-rw- 1 useb useb 1675 Jul 27 16:09 id_rsa-rw-r--r-- 1 useb useb 397 Jul 27 16:09 id_rsa.pub-rw-r--r-- 1 useb useb 1183 Aug 11 13:57 known_hosts

After this, we can log in without a password.

[usera@serverA ~] $ssh userb@10.124.84.20

In addition, there are several ways to copy the public key to the server's ~ / .ssh/authorized_keys file:

1. Copy the public key to the server through scp, and then append it to the ~ / .ssh/authorized_keys file, which is troublesome. Scp-P 22 ~ /. Ssh/id_rsa.pub user@host:~/.

2. Through the ssh-copy-id program, which is the method I demonstrated, ssh-copyid user@host can

3. You can use cat ~ / .ssh/id_rsa.pub | ssh-p 22 user@host 'cat > > ~ / .ssh/authorized_keys', is also a common method, because the port number can be changed.

After reading the above content, is there a further understanding of the detailed analysis of the ssh password-free login configuration method? if you want to learn more, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.