First, SSH No password remote login principle
Second, SSH Implementing a password-free remote login
Implement host a without password Telnet Host B
Host a IP address: 10.8.9.154
Host B IP Address: 10.8.9.155
1, host a operation as follows:
[email protected]. ssh]# pwd #一般SSH生成公钥和私密会在. SSH directory, if no this directory can be manually created
/root/.ssh
[email protected]. ssh]# ls #一般. SSH directory There will be a file known_host s, this file primarily records which hosts the local SSH telnet to
Known_hosts
[[email protected]. ssh]# ssh-keygen-t rsa-p ' #执行ssh-keygen generate public and private keys,-p for passwords, ' for empty passwords, also Can not use the –P parameter, this will press three times the return, with-P enter a return
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA): #按一次回车键即可
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
9C:F5:83:54:FD:DA:6B:1A:9B:E3:D8:CF:CA:C9:B3:B4 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| .. |
| . . |
| O. |
| . + O. |
| S. o O |
| .. .|
| O. |
| *obo |
| .. Eoo |
+-----------------+
[[email protected]. ssh]# ls # id_rsa (private key) id_rsa.pub (public key)
Id_rsa id_rsa.pub known_hosts
[email protected]. ssh]# scp/root/.ssh/id_rsa.pub [email protected]:/root/.ssh/authorized_keys #把主机A/root/ The. Ssh/id_rsa.pub public key is copied to the host B/root/.ssh/authorized_keys file (to confirm that Host B has created a good/root/.ssh directory), because there is no password-free login, so enter the root password of the B host once
[email protected] ' s password: #输入主机B的密码
Id_rsa.pub 100% 0.4kb/s 00:00
Note: Host B directory/root/.ssh/authorized_keys file needs to have read and write permissions, or it will prompt for remote failure
[email protected]. ssh]# ls-l Authorized_keys
-rw-r--r--1 root root 11:47 June 5 Authorized_keys
Now host a can implement SSH without password Telnet Host B (if you need to enter Yes for the first time)
[email protected]. ssh]# ssh [email protected] ' chmod 600/root/.ssh/authorized_keys; ls-l/root/.ssh/authorized_ke Ys ' #执行SSH远程主机B修改authorized_keys文件权限
-RW-------. 1 root root 400 January 6 02:02/root/.ssh/authorized_keys
Special questions:
Issue: If you perform an SCP or SSH command remote connection is particularly slow to display the input password prompt also prompts the error message
[email protected]. ssh]# scp/root/.ssh/id_rsa.pub [email Protected]:/root/.ssh/authorized_keys #执行scp命令远程复制会出现连接缓慢并且还有警告
The authenticity of host ' 10.8.9.155 (10.8.9.155) ' can ' t be established.
RSA key fingerprint is b6:a2:4d:65:af:cf:19:97:99:ff:1e:99:5f:ec:1b:7a.
Is you sure want to continue connecting (yes/no)? Yes #第一次登录, so you need to enter Yes
warning:permanently added ' 10.8.9.155 ' (RSA) to the list of known hosts.
Workaround: Modify the SSH configuration file/etc/ssh/ssh_config, manually add Gssapiauthentication No
[email protected]. ssh]#vim/etc/ssh/ssh_config
Gssapiauthentication No
[email protected]. ssh]# scp/root/.ssh/id_rsa.pub [email Protected]:/root/.ssh/authorized_keys
[email protected] ' s password:
Linux SSH implementation without password Telnet