Of Stack

The realization of ssh non secret communication in linux

  • 2020-12-16 06:18:36
  • OfStack

What is a ssh

Administrators can be remotely logged through the network connected to the scattered around the multiple host for management operations.

The administrator can perform the following operations on the remote host:

Remote login Remote command execution Remote file transfer

The sad thing is: these operations are not safe!

Use a plain text password and send it in clear text

Information may be intercepted and passwords may be retrieved Unauthorized persons use intercepted passwords to log into the system and cause damage to the system

You may need to enter a login password every time you log in to another host with ssh, even if you need to copy something with scp, for routine operations.

In order to switch the host more conveniently and quickly, ssh secret free communication is a better choice.

Generate the key with ES22en-ES23en, which is stored locally by default /root/.ssh /id_rsa

Then it is distributed to the target host by ssh-ES31en-ES32en. Login user @hostname or IP address

Note:

1. It is better to use the hostname and write the hostname and the corresponding IP address in the /etc/hosts file;

2. Non-secret communication requires mutual authentication of both parties, so the same operation should be done once on the machine at the target host; 


[root@www ~]# ssh-keygen -t rsa -P '' 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)?

[root@www ~]#ssh-copy-id -i .ssh/id_rsa.pub root@172.16.75.1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_rsa.pub"
The authenticity of host '172.16.75.1 (172.16.75.1)' can't be established.
ECDSA key fingerprint is SHA256:YXhbTS9MfK2IQC4gtOW4RL8voHvFqC1cAAMJXuF3Wec.
ECDSA key fingerprint is MD5:2c:c0:94:e8:3a:e4:74:88:c0:d8:e0:01:20:81:1d:8e.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@172.16.75.1's password: 
Number of key(s) added: 1
Now try logging into the machine, with:  "ssh 'root@172.16.75.1'"
and check to make sure that only the key(s) you wanted were added.
Related articles: