Linux implements a password free login instance using the ssh public key
- 2020-05-27 08:02:03
ssh password-free logins use public and private keys. ssh-keygen can be used to generate public/private key pairs under linux. Let me take CentOS as an example.
There are machines A(192.168.1.155) and B(192.168.1.181). Now you want A to log in to B via ssh password-free.
First, take the login of root account as an example.
1. Generate public/private key pairs in A machine.
[root@A ~]# ssh-keygen -t rsa -P ''
-P is the password, -P "is the empty password, or you can use the -P parameter, so you have to enter 3, and then enter once with -P.
This command will generate a pair of keys id_rsa and id_rsa.pub under the /root/.ssh directory.
1 ssh rsa key as usual:id_rsa private key id_rsa pub public key
The following commands generate different types of keysssh-keygen -t dsa ssh-keygen -t rsa ssh-keygen -t rsa1
2. Copy /root/.ssh/id_rsa.pub from A machine to /root/.ssh /authorized_keys file on B machine.
[root@A ~]# scp /root/.ssh/id_rsa.pub email@example.com:/root/.ssh/authorized_keys firstname.lastname@example.org's password: id_rsa.pub 100% 223 0.2KB/s 00:00
Since there is no password free login, enter the root password of the B machine once.
3.authorized_keys has permissions of 600!!
[root@B ~]# chmod 600 /root/.ssh/authorized_keys
4. Log on A machine to B machine.
[root@A ~]# ssh -l root 192.168.1.181 The authenticity of host '192.168.1.181 (192.168.1.181)' can't be established. RSA key fingerprint is 00:a6:a8:87:eb:c7:40:10:39:cc:a0:eb:50:d9:6a:5b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.181' (RSA) to the list of known hosts. Last login: Thu Jul 3 09:53:18 2008 from root [root@B ~]#
The first login asks you to enter yes.
Now the A machine can log on to the B machine without a password.
Summary: the logon machine can have a private key, and the logon machine should have a public key. This public/private key pair 1 is generated in the private key host machine. The above is the public/private key pair using rsa algorithm, of course, dsa can also be used (the corresponding files are id_dsa, id_dsa.pub).
If you want the A, B machines to log into each other without password, then the B machines can be configured in the same way as above.
The use of the SSH - KeyGen
Assume that A is the client machine and B is the target machine.
Objectives to be achieved:
No password is required to log on to the B machine.
The encryption method is rsa|dsa. dsa is the default
1. Log on to the A machine
2. ssh-keygen-t [rsa|dsa], the key file and the private key file id_rsa, id_rsa. pub or id_dsa, id_dsa.pub will be generated
3. Copy the.pub file to the.ssh directory on the B machine, and cat id_dsa.pub
4. When you are done, you can log into the target account of B machine from A machine and no longer need the password.
ssh-keygen does password authentication so that ssh and scp do not have to use passwords on each other's machines.
The specific methods are as follows:
ssh-keygen -t rsa
Then press all enter, using the default values.
This generates a pair of keys, which are stored under ~/.ssh of the user directory.
Put the public key into the user directory of the other machine and copy it into ~/.ssh /authorized_keys.
Make sure that both.ssh and authorized_keys have write permissions only for the user. Otherwise the validation is invalid. (today is encountered this problem, find the problem for a long time), in fact, think carefully, this is to do so in order not to appear the system vulnerability.