First, the realization principle
SSH login using a method known as "Public private key" authentication. The simple explanation for the "Public private Key" authentication method is:
First create a pair of public private keys on the client (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa), then put the public key on the server (~/.ssh/authorized_keys) and keep the private key. When SSH is logged in, the SSH program sends the private key to match the public key on the server. If the match succeeds, you can log in.
Second, the experimental environment
A machine: ts-dev/10.0.0.163
Machine B: cs-dev/10.0.0.188
Third, Linux/unix two machines to build trust
3.1 Generating a certificate on a machine
Under the A-machine root user executes the Ssh-keygen command, where it is required to enter, directly enter, generating a certificate to establish a secure trust relationship.
# ssh-keygen-t RSA
Note: when the program prompts for passphrase, enter the carriage return directly, indicating that no certificate password is required.
The above command generates the private key certificate Id_rsa and the public key certificate id_rsa.pub, which is stored in the. SSH subdirectory of the user's home directory.
3.2 View ~/.ssh generated key files
# CD ~/.ssh
# LL
3.3 A establishes a trust relationship with B
Copy the public key certificate id_rsa.pub to the. SSH subdirectory of machine B's root home directory and replace the file name with Authorized_keys, which requires the root user password for B machine (no trust relationship established). After the client-to-server trust relationship is established, the client can copy the data from the server without entering the password.
# scp-r Id_rsa.pub 10.0.0.188:/root/.ssh/authorized_keys
3.4 B establishes a trust relationship with a
Perform the same operation on machine B to establish a trust relationship with B.
# ssh-keygen-t RSA
# CD ~/.ssh/
# LL
# scp-r Id_rsa.pub 10.0.0.163:/root/.ssh/authorized_keys
Iv. Testing
On the A machine:
# scp-r 10201_database_linux_x86_64.cpio 10.0.0.188:/tmp/david/
On the B machine:
Note: If you want B,c to be able to enter the SCP without entering a password, transfer the data in A;
The public key of B and C are given to A;
Operation procedure: The data in the id_rsa.pub of the two machines is copied to the/root/.ssh/authorized_keys file of a, one line is indicated;
V. Remote execution of commands
command format:SSH remote user name @ remote host IP address ' remote command or script '
# SSH [email protected] ' hostname '
When the above command executes, the terminal outputs the host name of the peer host, not the host name of the currently logged-on host. Description hostname This command is actually running on the peer host.
The two-machine trust relationship has been established!
Linux Configuration dual-machine SSH Trust