First, the realization principle
SSH logon is done using a method known as "Public key" authentication. A simple explanation for the "public Key" authentication method is:
First create a pair of public private keys on the client (public key file: ~/.ssh/id_rsa.pub; private key file: ~/.ssh/id_rsa), and then put the public key on the server (~/.ssh/authorized_keys) and keep the private key. When SSH logs in, the SSH program sends the private key to match the public key on the server. If the match is successful, you can log in.
Second, the experimental environment
A machine: ts-dev/10.0.0.163
B Machine: cs-dev/10.0.0.188
Third, Linux/unix two-machine building trust
3.1 Generating certificates in a machine
Executes the Ssh-keygen command under a machine root and generates a certificate that establishes a security trust relationship where it is required to enter directly.
# ssh-keygen-t RSA
Note: Enter a carriage return directly when the program prompts for passphrase, indicating that there is no certificate password.
The above command generates the private key certificate Id_rsa and the public key certificate id_rsa.pub, which is stored in the. SSH subdirectory of the user's home directory.
3.2 View ~/.ssh to generate key files
# CD ~/.ssh
# LL
3.3 A to establish a trust relationship with B
Copy the public key certificate id_rsa.pub to the. SSH subdirectory of machine B's root directory and replace the file name with Authorized_keys, at which point you need to enter the root password for the B machine (no trust has been established). After establishing a client-side trust relationship, the client can copy data from the server side without having to re-enter the password.
# scp-r Id_rsa.pub 10.0.0.188:/root/.ssh/authorized_keys
3.4 B establishes a trust relationship with
Perform the same operation on the B-machine and establish a trust relationship between B and a.
# ssh-keygen-t RSA
# CD ~/.ssh/
# LL
# scp-r Id_rsa.pub 10.0.0.163:/root/.ssh/authorized_keys
If you want to allow b,c at the same time can not enter the SCP code, transmission of data in A;
You have to give B, c the public key to A;
Operation Step: The data in the id_rsa.pub of the two machines are copied to the/root/.ssh/authorized_keys file of a, and one line is represented;
A:scp-r id_rsa.pub 10.0.0.163:/root/.ssh/authorized_keys
B:scp-r id_rsa.pub 10.0.0.188:/root/.ssh/authorized_keys
Test ssh root@10.0.0.188 ' hostname '///ssh root@10.0.0.163 ' hostname '
If the connection response is slow, modify the following two parameters
/etc/ssh/sshd_config
Gssapiauthentication No
Usedns No
Then restart the service sshd restart