Configure dual-host SSH trust in Linux 1. implementation principle using a method called & quot; public/private key & quot; authentication for ssh login. & Quot; public/private key & quot; a simple explanation of the authentication method is: First, create a pair of public/private keys on the client (public key File :~ /. Ssh/id_rsa.pub; private key File :~ /. Ssh/id_rsa), but... configure the dual-host SSH trust in Linux.
I. implementation principle using a "public/private key" authentication method for ssh login. A simple explanation of the "public/private key" authentication method is: First, create a pair of public/private keys on the client (public key File :~ /. Ssh/id_rsa.pub; private key File :~ /. Ssh/id_rsa), and then put the public key on the server (~ /. Ssh/authorized_keys) and keep the private key. During ssh login, the ssh program will send a private key to match the public key on the server. If the match is successful, you can log on. Www.2cto.com 2, experimental environment A machine: TS-DEV/10.0.0.163B machine: CS-DEV/10.0.0.188 3. Linux/Unix dual-host build trust 3.1 generate A certificate on machine A under the root user of machine A to execute the ssh-keygen command, where you need to enter, directly press enter, generate a certificate that establishes a security trust relationship. # Ssh-keygen-t rsa note: When the program prompts passphrase, enter the carriage return, indicating no certificate password.
The above command generates the private key certificate id_rsa and public key certificate id_rsa.pub, which are stored in the. ssh subdirectory of the user's home directory. 3.2 view ~ /. Ssh key generation file # cd ~ /. Ssh # ll3.3 A establishes A trust relationship with B. copy the public key certificate id_rsa.pub to the root directory of Machine B. in the ssh subdirectory, replace the file name with authorized_keys. in this case, enter the root user password of Machine B (no trust relationship has been established ). After the trust relationship between the client and the server is established, the client can copy data from the server without entering the password. # Scp-r id_rsa.pub 10.0.0.188:/root/. ssh/authorized_keys3.4 B. perform the same operation on Machine B to establish A trust relationship between B and. # Ssh-keygen-t rsa # cd ~ /. Ssh/# ll # scp-r id_rsa.pub 10.0.0.163:/root /. ssh/authorized_keys 4. test on server A: # scp-r 10201_database_linux_x86_64.cpio 10.0.0.188:/tmp/david/on server B: The dual-host trust relationship has been established! Note: If you want both B and C to enable scp to transmit data in A without entering the password;
The public keys of B and C should be given to;
Operation Procedure: copy the data in id_rsa.pub of the two machines to the/root/. ssh/authorized_keys file of A, with one line representing one;
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
