First, the basic idea of public key authentication:
The encryption and decryption of information using different keys, the key is called private key and public key, where public key is stored on the server to log on, and private key for a specific client hold.
When the client makes a request to establish a secure connection to the server, first sends its own public key, if the public key is allowed by the server, the server sends a public key encrypted random data to the client, this data only through the private Key decryption, the client sends the decrypted information back to the server, the server verifies that the client is trustworthy, and thus establishes a secure information channel.
In this way, the client does not need to send its own identity flag "private key" to achieve the purpose of verification, and private key can not be inferred from the public key backwards. This avoids the potential for password leaks caused by network eavesdropping. The client needs to be careful to save its own private key to avoid being stolen by others, and once that happens, the server will need to replace the trusted public key list.
Two, no password login implementation mode (Server1 PublicKey connection server2 password-free login)
1. Create a public key with Ssh-keygen (SERVER1)
[Email protected] ~]# Ssh-keygen
Generating public/private RSA key pair.
Enter file in which to save the key(/ROOT/.SSH/ID_RSA):
Created directory '/root/.ssh '.
Enter Passphrase (empty for no passphrase): (here the password determines the private key password used when the terminal is connected)
Enter same passphrase again:
Your identification has been saved In/root/.ssh/id_rsa.
Your public key has been saved in/root/.ssh/id_rsa.pub.
The key fingerprint is:
7b:aa:08:a0:99:fc:d9:cc:d8:2e:4b:1a:c0:6b:da:[email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| |
| |
| |
|. |
|o. S |
|++. . |
|+=o ... |
|o+=ob. o |
|.. E==* ... |
+-----------------+
2. Supplementary explanation:
Ssh-keygen: Generate secret Key, where:
-T Specify algorithm
-f Specifies the path to generate the secret key
-N Specify password
To view the build certificate:
[[Email protected]]$ ll/root/.ssh/
Total 16
-RW-------1 yida yida 1675 Mar 11:42 Id_rsa
-rw-r--r--1 Yida yida 399 Mar 11:42 id_rsa.pub
3. Copy Server1 PublicKey to Server2 Authorized_keys
[email protected]. ssh]$ ssh-copy-id-i id_rsa.pub [email protected]
The authenticity of host ' 10.207.0.179 (10.207.0.179) ' can ' t be established.
RSA key fingerprint is 94:5f:47:a8:ae:0b:b0:31:0f:ce:6b:86:08:51:98:a7.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' 10.207.0.179 ' (RSA) to the list of known hosts.
Address 10.207.0.179 maps to localhost, it does not map back to the address-possible break-in attempt!
Password:
Now try logging to the machine, with "ssh" [email protected] ' ", and check in:
. Ssh/authorized_keys
To make sure we haven ' t added extra keys so you weren ' t expecting.
[Email protected]_d10075798. ssh]$
4.server2 View Public key file
[Email protected]]$ ll
Total 16
-RW-------1 root root 408 Mar 15:43 Authorized_keys
Linux SSH publickey access