Linux uses SSH public key for password-free login to Linux

Source: Internet
Author: User

SSH login with no password to use the public and private keys. Linux can be used to generate a public/private key pair with Ssh-keygen, below I take CentOS as an example.

There is machine A (192.168.1.155), B (192.168.1.181). Now want to a through SSH password-free login to B.
First, take the root account login as an example.


1. Generate a public/private key pair under the a machine.

[[email protected] ~]# ssh-keygen-t rsa-p '


-P for the password,-p ' means the empty password, you can not use the-p parameter, so that three cars to enter, with-P on a return.
The command will generate a pair of keys Id_rsa and id_rsa.pub under the/root/.ssh directory.

The RSA key for SSH is generally used:
Id_rsa private Key
Id_rsa.pub Public Key
The following command produces different types of keys
Ssh-keygen-t DSA
SSH-KEYGEN-T RSA
Ssh-keygen-t RSA1

2. Copy the/root/.ssh/id_rsa.pub under the a machine into the/root/.ssh/authorized_keys file of the B machine, first create a good/root/.ssh directory on the B machine and copy it with SCP.

[Email protected] ~]# scp/root/.ssh/id_rsa.pub[email protected]:/root/.ssh/authorized_keys
[email protected] ' s password:
Id_rsa.pub 100% 223 0.2kb/s 00:00


Since there is no password-free login, enter the root password of machine B once.

If the Authorized_keys file is already on the B machine and there is content in it, copy the id_rsa.pub you just generated to the B machine and then use cat id_rsa.pub >>/root/.ssh/authorized_ The keys is appended to the end of the file.

In addition, you can use the following method to directly copy the newly generated id_rsa.pub to the corresponding user.

Ssh-copy-id [email protected]

You can do it. will automatically pass the public key to the owner of the server. [email protected] to log in with Root.
If the server is not port 22, specify the port:

Ssh-copy-id "-p port [email protected]"


3.Authorized_keys's authority if!!!

[Email protected] ~]# chmod 600/root/.ssh/authorized_keys


4.A Machine login B machine.

[Email protected] ~]# ssh-l root 192.168.1.181
The authenticity of host ' 192.168.1.181 (192.168.1.181) ' can ' t be established.
RSA key fingerprint is 00:a6:a8:87:eb:c7:40:10:39:cc:a0:eb:50:d9:6a:5b.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' 192.168.1.181 ' (RSA) to the list of known hosts.
Last Login:thu Jul 3 09:53:18 from root
[Email protected] ~]#


The first time you log in is when you want to enter Yes.

Now a machine can be no password login B machine.

Summary: Log on the machine can have a private key, the machine to be logged on to have the public key of the machine. This public/private key pair is typically generated on the private key host. Above is the RSA algorithm's public/private key pair, of course, you can also use DSA (the corresponding file is id_dsa,id_dsa.pub)

Want to let A, B machine without password mutual login, that machine is configured in the same manner as above.

The use of Ssh-keygen

Suppose A is a customer machine and B is the target machine;

To achieve the purpose:
A machine SSH login B machine does not need to enter a password;
Encryption mode RSA|DSA can be selected, the default DSA

Practice:
1. Log In a machine
2, Ssh-keygen-t [RSA|DSA], will generate a key file and a private key file id_rsa,id_rsa.pub or id_dsa,id_dsa.pub
3. Copy the. pub file to the. SSH directory of the B machine, and cat id_dsa.pub >> ~/.ssh/authorized_keys
4, finished, from a machine login B machine's target account, no longer need password;

Ssh-keygen do password verification to enable SSH to the other machine, the SCP does not use the password.
Here's how:
SSH-KEYGEN-T RSA
Then all returns, with default values.

This generates a pair of keys that are stored under the ~/.ssh of the user directory.
Test the public key into the user directory of the other machine and copy it into the ~/.ssh/authorized_keys.

Be sure that both SSH and Authorized_keys have write permissions for the user. Otherwise, validation is not valid. (Today is the problem, looking for a long time the problem), in fact, think carefully, this is done so as not to appear system vulnerabilities.

Linux uses SSH public key for password-free login to Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.