linux remote login ssh password free configuration method

1. The scene

The company has just launched several Linux, and now it wants to remotely log in ssh from host to host without password.

Principle 2.
Quite simply, use ssh-keygen to generate private and public keys on host A, copy the generated public key to the remote machine host B, and then use the ssh command to log in to another machine host B without a password.

Step 4.

The host A:

1. Generate the public key and private key files id_rsa and id_rsa. pub (press enter 3 times)
[root@bogon ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
67:da:0d:79:e0:d6:2b:cd:7d:22:af:51:7e:9c:75:fe root@bogon
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| . |
| . + |
| S B o . o|
| * * = o+|
| . o B +.=|
| . + +.|
| ... E|
+-----------------+

2. The ssh-cop-id command copies the specified public key file to the remote computer

[root@bogon ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.1.250.166
The authenticity of host '10.1.250.166 (10.1.250.166)' can't be established.
RSA key fingerprint is c8:9d:6d:92:55:77:3d:3e:af:f5:cb:18:80:5a:47:93.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.1.250.166' (RSA) to the list of known hosts.
reverse mapping checking getaddrinfo for bogon [10.1.250.166] failed - POSSIBLE BREAK-IN ATTEMPT!
root@10.1.250.166's password: < Login password for host B >
Now try logging into the machine, with "ssh 'root@10.1.250.166'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

3. Then, ssh logs in to host B to verify whether a password is required

[root@localhost ~]# ssh 10.1.250.166
reverse mapping checking getaddrinfo for bogon [10.1.250.166] failed - POSSIBLE BREAK-IN ATTEMPT!
Last login: Wed Oct 21 10:05:39 2015 from 10.1.250.141
[root@bogon ~]#

4. After successfully logging in, we need to do the above three steps on the host B, so that we can log in ssh without password. (if there are more than one host, each host will do the same operation to facilitate future management).

5. Authority issues
It is recommended to use other users to log in ssh and adjust the permissions of directory files
Set the authorized_keys permissions

chmod 644 authorized_keys

Set.ssh directory permissions

chmod 700 -R .ssh

6. Make sure that.ssh and authorized_keys are both written only by the user. Otherwise the validation is invalid.

This is from the big knife blog