Linux implements a password free login instance using the ssh public key

  • 2020-05-27 08:02:03
  • OfStack

ssh password-free logins use public and private keys. ssh-keygen can be used to generate public/private key pairs under linux. Let me take CentOS as an example.

There are machines A(192.168.1.155) and B(192.168.1.181). Now you want A to log in to B via ssh password-free.

First, take the login of root account as an example.

1. Generate public/private key pairs in A machine.


[root@A ~]# ssh-keygen -t rsa -P ''

-P is the password, -P "is the empty password, or you can use the -P parameter, so you have to enter 3, and then enter once with -P.

This command will generate a pair of keys id_rsa and id_rsa.pub under the /root/.ssh directory.

1 ssh rsa key as usual:

id_rsa private key id_rsa pub public key

The following commands generate different types of keys

ssh-keygen -t dsa ssh-keygen -t rsa ssh-keygen -t rsa1

2. Copy /root/.ssh/id_rsa.pub from A machine to /root/.ssh /authorized_keys file on B machine.


[root@A ~]# scp /root/.ssh/id_rsa.pub root@192.168.1.181:/root/.ssh/authorized_keys
root@192.168.1.181's password:
id_rsa.pub                  100% 223   0.2KB/s  00:00

Since there is no password free login, enter the root password of the B machine once.

3.authorized_keys has permissions of 600!!


[root@B ~]# chmod 600 /root/.ssh/authorized_keys

4. Log on A machine to B machine.


[root@A ~]# ssh -l root 192.168.1.181
The authenticity of host '192.168.1.181 (192.168.1.181)' can't be established.
RSA key fingerprint is 00:a6:a8:87:eb:c7:40:10:39:cc:a0:eb:50:d9:6a:5b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.181' (RSA) to the list of known hosts.
Last login: Thu Jul 3 09:53:18 2008 from root
[root@B ~]#

The first login asks you to enter yes.

Now the A machine can log on to the B machine without a password.

Summary: the logon machine can have a private key, and the logon machine should have a public key. This public/private key pair 1 is generated in the private key host machine. The above is the public/private key pair using rsa algorithm, of course, dsa can also be used (the corresponding files are id_dsa, id_dsa.pub).

If you want the A, B machines to log into each other without password, then the B machines can be configured in the same way as above.

The use of the SSH - KeyGen

Assume that A is the client machine and B is the target machine.

Objectives to be achieved:

No password is required to log on to the B machine.

The encryption method is rsa|dsa. dsa is the default

Practice:

1. Log on to the A machine

2. ssh-keygen-t [rsa|dsa], the key file and the private key file id_rsa, id_rsa. pub or id_dsa, id_dsa.pub will be generated

3. Copy the.pub file to the.ssh directory on the B machine, and cat id_dsa.pub > > ~/.ssh/authorized_keys

4. When you are done, you can log into the target account of B machine from A machine and no longer need the password.

ssh-keygen does password authentication so that ssh and scp do not have to use passwords on each other's machines.

The specific methods are as follows:


ssh-keygen -t rsa

Then press all enter, using the default values.

This generates a pair of keys, which are stored under ~/.ssh of the user directory.

Put the public key into the user directory of the other machine and copy it into ~/.ssh /authorized_keys.

Make sure that both.ssh and authorized_keys have write permissions only for the user. Otherwise the validation is invalid. (today is encountered this problem, find the problem for a long time), in fact, think carefully, this is to do so in order not to appear the system vulnerability.


Related articles: