First, the realization principle
SSH logon is done using a method known as "Public key" authentication. A simple explanation for the "public Key" authentication method is:
First create a pair of public private keys on the client (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa), and then put the public key on the server (~/.ssh/authorized_keys) and keep the private key. When SSH logs in, the SSH program sends the private key to match the public key on the server. If the match is successful, you can log in.
Second, the experimental environment
A machine: ts-dev/10.0.0.163
B Machine: cs-dev/10.0.0.188
Third, Linux/unix two-machine building trust
3.1 Generating certificates in a machine
Executes the Ssh-keygen command under a machine root and generates a certificate that establishes a security trust relationship where it is required to enter directly.
# ssh-keygen-t RSA
Note: Enter a carriage return directly when the program prompts for passphrase, indicating that there is no certificate password.
The above command generates the private key certificate Id_rsa and the public key certificate id_rsa.pub, which is stored in the. SSH subdirectory of the user's home directory.
3.2 View ~/.ssh to generate key files
# CD ~/.ssh
# LL
3.3 A to establish a trust relationship with B
Copy the public key certificate id_rsa.pub to the. SSH subdirectory of machine B's root directory and replace the file name with Authorized_keys, at which point you need to enter the root password for the B machine (no trust has been established). After establishing a client-side trust relationship, the client can copy data from the server side without having to re-enter the password.
# scp-r Id_rsa.pub 10.0.0.188:/root/.ssh/authorized_keys
3.4 B establishes a trust relationship with
Perform the same operation on the B-machine and establish a trust relationship between B and a.
# ssh-keygen-t RSA
# CD ~/.ssh/
# LL
# scp-r Id_rsa.pub 10.0.0.163:/root/.ssh/authorized_keys
Four, test
On the A machine:
# scp-r 10201_database_linux_x86_64.cpio 10.0.0.188:/tmp/david/
On the B machine:
Two-machine trust relationship has been established!
Note: If you want to allow b,c at the same time can not enter the SCP code, transmission of the data in A;
You have to give B, c the public key to A;
Procedure: Copy the data from the id_rsa.pub of the two machines to the/root/.ssh/authorized_keys file of a, one for each line.
-->