Linux How to configure dual-machine SSH trust and then password-free login

First, the realization principle

SSH logon is done using a method known as "Public key" authentication. A simple explanation for the "public Key" authentication method is:

First create a pair of public private keys on the client (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa), and then put the public key on the server (~/.ssh/authorized_keys) and keep the private key. When SSH logs in, the SSH program sends the private key to match the public key on the server. If the match is successful, you can log in.

Second, the experimental environment

A machine: ts-dev/10.0.0.163

B Machine: cs-dev/10.0.0.188

Third, Linux/unix two-machine building trust

3.1 Generating certificates in a machine

Executes the Ssh-keygen command under a machine root and generates a certificate that establishes a security trust relationship where it is required to enter directly.

# ssh-keygen-t RSA

Note: Enter a carriage return directly when the program prompts for passphrase, indicating that there is no certificate password.

The above command generates the private key certificate Id_rsa and the public key certificate id_rsa.pub, which is stored in the. SSH subdirectory of the user's home directory.

3.2 View ~/.ssh to generate key files

# CD ~/.ssh

# LL

3.3 A to establish a trust relationship with B

Copy the public key certificate id_rsa.pub to the. SSH subdirectory of machine B's root directory and replace the file name with Authorized_keys, at which point you need to enter the root password for the B machine (no trust has been established). After establishing a client-side trust relationship, the client can copy data from the server side without having to re-enter the password.

# scp-r Id_rsa.pub 10.0.0.188:/root/.ssh/authorized_keys

3.4 B establishes a trust relationship with

Perform the same operation on the B-machine and establish a trust relationship between B and a.

# ssh-keygen-t RSA

# CD ~/.ssh/

# LL

# scp-r Id_rsa.pub 10.0.0.163:/root/.ssh/authorized_keys

If you want to allow b,c at the same time can not enter the SCP code, transmission of data in A;

You have to give B, c the public key to A;

Operation Step: The data in the id_rsa.pub of the two machines are copied to the/root/.ssh/authorized_keys file of a, and one line is represented;

A:scp-r id_rsa.pub 10.0.0.163:/root/.ssh/authorized_keys

B:scp-r id_rsa.pub 10.0.0.188:/root/.ssh/authorized_keys

Test ssh root@10.0.0.188 ' hostname '///ssh root@10.0.0.163 ' hostname '

If the connection response is slow, modify the following two parameters

/etc/ssh/sshd_config

Gssapiauthentication No

Usedns No

Then restart the service sshd restart