CentOS SSH no password login configuration

Configuration SSH without login authentication, is very convenient in many situations, especially when managing large cluster service, avoids the tedious password authentication, in the higher level of security on the server, often more complex password Settings, configuration SSH, not only can use the key to ensure the security of the communication between nodes, but also reduce the frequent input password login time consuming, greatly improving the efficiency of management.

Introduction of the principle

For the sake of understanding, assume that you need to be able to connect to hadoop107 via a password-free login on the hadoop148 machine.

First, generate a key pair on hadoop148, including a public key and a private key, and copy the public key to hadoop107.

Then, when hadoop148 connects hadoop107 machine through SSH, hadoop107 machine will generate a random number and encrypt the random number with the public key of hadoop148 and send it to hadoop148.

Finally, after receiving the encrypted number, hadoop148 is decrypted with the private key, and the decrypted number is transmitted back to hadoop107. After confirming that the decrypted number is correct, hadoop148 is allowed to connect without entering the password

configuration

Specific steps

1. Log in hadoop148, execute the command ssh-keygen-t rsa and return to the car on route 1, check the password-free key pair just generated: cd.ssh and then execute ll

2. Append id_rsa.pub to the authorized key. Execute the command cat ~/.ssh/id_rsa.pub > > ~/.ssh/authorized_keys

3. Modify permission: execute chmod 600 ~/.ssh /authorized_keys

Q&A

Problem phenomena:

The hadoop148 machine has already produced rsa keys

public key has been added to the serverB machine /root/.ssh /authorized_keys

But the ssh root@hadoop107 machine still needs to enter the password, which means no password authentication failed,

Analysis and treatment:

Step 1: view permissions

Access with ssh-v debug, the log is as follows, but you can't see the reason for the failure from the log, only that there is no reply on the opposite side when using publickey authentication;

Check the /var/log/secure log again

Discovering that the HOME directory for all users should have 700 permissions would cause a lot of problems for the same reason

Finally, chmod 700 root is executed and resolved

The authority issues are summarized as follows:

1). The permissions of the ssh directory must be 700

2) the permission of user directory must be 700. For example, if I operate with root user, the permission of /root must be 700

3).ssh/authorized_keys file permissions must be 600

Step 2: look at the security context

If changing permissions doesn't solve the problem, try the following:

First, ls-laZ was used to check 1.ssh directory, and it was not ssh_home_t. Then, restorecon command was used to restore context of. The command is: restorecon-r-vv /root/.ssh

Step 3: analysis/var log/audit/audit log log

Modify directory user permissions

chown -R root.root /root

Thank you for reading, I hope to help you, thank you for your support of this site!