Shulou(Shulou.com)06/01 Report--

Method 1:

Using ssky-keygen and ssh-copy-id in the following example, you can log in to the remote Linux host through a simple three-step setup without entering a password.

Ssh-keygen creates public keys and keys.

Ssh-copy-id copies the public key of the local host to the authorized_keys file of the remote host.

Ssh-copy-id also sets appropriate permissions for the remote host's user home directory (home) and ~ / .ssh, and ~ / .ssh/authorized_keys.

| rsa | dsa is available for encryption. Default is dsa. |

Step 1: create a public key and key on the local host with ssh-key-gen

Ssh-keygen-t rsa

Step 2: copy the public key to the remote host with ssh-copy-id

Ssh-copy-id-I / .ssh/id_rsa.pub root@192.168.103.117

[note: ssh-copy-id appends the key to .ssh / authorized_key on the remote host.]

Step 3: log in to the remote host directly

Ssh 192.168.103.117

[note: SSH will not ask for a password.]

4. Set file and directory permissions:

Set authorized_keys permissions

$chmod 600 authorized_keys

Set .ssh directory permissions

$chmod 700-R. ssh

Note: if the public and private keys are generated through other tools, you only need to upload the public key to the server, ~ / .ssh/authorized_keys, and change the appropriate permissions for directories and files.

Chmod 700R .ssh

Chmod 600-R authorized_keys

Summarize points for attention

1. Never set the permissions of files and directories to chmod 777. This permission is too large to be secure, and digital signatures are not supported. I started trying to save trouble, so I did it.

2. The public key of the generated rsa/dsa signature is for the other machine to use. The contents of this public key will also be copied to authorized_keys

3. Access between linux and direct ssh machine ip

4. A machine generates its own RSA or DSA digital signature, gives the public key to the target machine, and then the target machine receives it and sets the relevant permissions (public key and authorized_keys permissions). The target machine can be accessed without a password by the machine generating the digital signature.

Implement password-free login

Through the above, you can log in without a password, but you can log in with a key. Here is how to log in to the system without a password using ssh.

Vim / etc/ssh/sshd_config

Change this line, remove the # and change no to yes

PermitEmptyPasswords yes

Vim / etc/shadow

Delete the password in the middle

Bob::17130:0:99999:7:::

Finally restart the sshd service

Service sshd restart

Finally, log in using the bob user without prompting for a password, so log in directly.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.