I. Implementation Principle
Use a public/private key authentication method for SSH login. The following is a simple explanation of the "Public/Private Key" authentication method:
First, create a pair of public and private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa), and then put the public key on the server (~ /. Ssh/authorized_keys) and keep the private key. During SSH Login, the SSH program will send a private key to match the public key on the server. If the match is successful, you can log on.
Ii. experiment environment
Host a: 10.0.0.163
Machine B: 10.0.0.188
Iii. Linux/Unix dual-host mutual trust
Generate a certificate on server
Run the ssh-keygen command under the root user of machine A and press enter to generate a certificate that establishes a security trust relationship.
# Ssh-keygen-T RSA
[Note] When the program prompts passphrase, enter the press enter directly, indicating no certificate password.
The above command generates the Private Key Certificate id_rsa and Public Key Certificate id_rsa.pub, which are stored in the. Ssh subdirectory of the user's home directory.
View ~ /. Key file generated by SSH
# Cd ~ /. SSH
# Ll
-RW ------- 1 samli 1675 Feb 17 id_rsa
-RW-r -- 1 samli 395 Feb 17 id_rsa.pub
-RW-r -- 1 samli 790 Feb 17 known_hosts
# SCP-r id_rsa.pub 10.0.0.163:/root/. Ssh/authorized_keys
Iv. Test
Host:
Log on to host a: # SSH [email protected]
Copy a file: # SCP-P 50022-r 10201_database_linux_x86_64.cpio 10.0.0.188:/tmp/David/
[Note] to allow both machines B and C to trust host a at the same time, copy the public keys of machines B and C to the/root /. in the ssh/authorized_keys file, a line indicates a piece of information.
5. Remote Command Execution
We can execute some commands on the remote host. The command format is as follows:
SSH remote username @ Remote Host IP address 'remote command or script'
Example: # SSH [email protected] 'hostname'
After the preceding command is executed, the terminal outputs the Host Name of the Peer host, instead of the Host Name of the currently logged on host. It indicates that the hostname command is actually run on the peer host.
This article is from the "O & M work notes" blog, please be sure to keep this source http://yyyummy.blog.51cto.com/8842100/1551325
Dual-host mutual trust Configuration