How to configure SSH to login key without a password
- 2020-05-27 08:02:58
- OfStack
How to use
Specify ip directly, then -i specifies the key file, and then specify the user
ssh 1.1.1.1 -i Test1 -l userxxx
Do not specify the user is actually using the current native login username to log in the remote host, such as the local user is AAA, then:
ssh 1.1.1.1 -i Test1
Is equivalent to
ssh 1.1.1.1 -i Test1 -l AAA
Note here that the generated key is bound to the 1 pair of users, the user who generated key and the user of the remote host that stored the key public key. The principle of ssh is that the public key is given to others, and the secret key is kept by oneself. Other users of the remote host cannot see the public key received by the specified user, so the user is 1-to-1.
For example, if I generate key in azuo1228 under test-server, and then copy it to the remote host dest-server for use, then the user of the remote host can be logged in without password under the home directory of the remote host. This does not mean that other users of the remote host can log in without password.
Start operation
1. Generate key:
[azuo1228@test-server ~]$ ssh-keygen
I'm just going to hit enter
Generating public/private rsa key pair.
Enter file in which to save the key (/home/azuo1228/.ssh/id_rsa):
Created directory '/home/azuo1228/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/azuo1228/.ssh/id_rsa.
Your public key has been saved in /home/azuo1228/.ssh/id_rsa.pub.
The key fingerprint is:
d2:33:66:86:0a:b4:27:a9:86:92:24:ff:13:63:96:15 azuo1228@test-server
The key's randomart image is:
+--[ RSA 2048]----+
| |
| E |
| . . |
| . o .o |
|..= .oo S |
|++ +*. = o |
|=..o.o |
|o .. |
| .. |
+-----------------+
[azuo1228@test-server ~]$ cd .ssh/
[azuo1228@test-server .ssh]$ dir
id_rsa id_rsa.pub
View the production results
[azuo1228@test-server .ssh]$ ll
total 8
-rw------- 1 azuo1228 administrator 1675 Dec 21 18:11 id_rsa
-rw------- 1 azuo1228 administrator 403 Dec 21 18:11 id_rsa.pub
[azuo1228@test-server .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUf
mZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server
2. Copy to home of the remote host specified user
You can see that I'm going to enter the password again
[azuo1228@test-server .ssh]$ scp id_rsa.pub azuo1228@10.148.167.106:/home/azuo1228
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
azuo1228@10.148.167.106's password:
id_rsa.pub 100% 403 0.4KB/s 00:00
Test login here - password required, not free
[azuo1228@test-server .ssh]$ ssh azuo1228@10.148.167.106
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
azuo1228@10.148.167.106's password:
Last login: Wed Dec 21 18:07:21 2016 from shang1lu4gnl.ads.autodesk.com
Authorized uses only. All activity may be monitored and reported.
[azuo1228@dest-server ~]$
It doesn't exist.ssh needs to be created
[azuo1228@dest-server ~]$ mkdir .ssh
[azuo1228@dest-server ~]$ cd .ssh/
[azuo1228@dest-server .ssh]$ cat ../id_rsa.pub | tee -a authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxp1CLe+v3L9OjlJCoBBMtQP5p2zQSACJuCD8rPRT2KQmLFznJo9ehTJQp3UfbSzAo3muudiJ9hvyL8f8hN05voXzBSyrul3v39iiqyPJGFbZhtlIsvVuHNEOVaa+StP/WVcH3nT50Y2TsIx0ikXUOVaaawHKUV3wBHlyLLANMAG8yOy4NIzCj++TO4n+66uyrgVvUfmZ02ALGGL0gUIV97tlhdwVQLG+2mJwSU0E3fksMVlhKxQrpaOx1OtObF0Xo4CmuuXAowtm/uW50gHRVYMA7N/VNgbWaa4hbypCV5m6UqF6P8bHp1Kgz0qm/U0ro1jFzNv1+fin2ZdwV1Ytr azuo1228@test-server
[azuo1228@dest-server .ssh]$ ll
total 4
-rw-r--r-- 1 azuo1228 administrator 403 Dec 21 20:33 authorized_keys
You need permissions of 600
[azuo1228@dest-server .ssh]$ chmod 600 authorized_keys
[azuo1228@test-server .ssh]$ ssh azuo1228@10.148.167.106
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
Last login: Wed Dec 21 20:32:08 2016 from c72
Authorized uses only. All activity may be monitored and reported.
[azuo1228@dest-server ~]$
[azuo1228@dest-server ~]$
[azuo1228@dest-server ~]$ exit
logout
Connection to 10.148.167.106 closed.
If you log in again, you're already secure
ssh 1.1.1.1 -i Test1
0
When trying to log in the zhour user, you still need the password. It can be seen that the process of non-encryption is 1-to-1.
ssh 1.1.1.1 -i Test1
1
Copy the public key to another user zhour
ssh 1.1.1.1 -i Test1
2
You still need a password to log in
[azuo1228@test-server .ssh]$ ssh 10.148.167.106 -l zhour
Access and Authorization to this server is controlled by Active Directory. Please login with your admin account.
zhour@10.148.167.106's password:
Last login: Wed Dec 21 17:55:32 2016 from shang1lu4gnl.ads.autodesk.com
Authorized uses only. All activity may be monitored and reported.
Add the public key to zhour
ssh 1.1.1.1 -i Test1
4
So it won't be secret
ssh 1.1.1.1 -i Test1
5
Pay attention to
Two points to note are as follows:
After this, scp, which USES the ssh channel, will be free of confidentiality.
key is copied to the specified user home directory on the remote host. Finally, when the password is not entered, it is the specified user of the remote host, not the user of the local host
conclusion