SSH key authentication for Linux

1. Understanding of SSH Protocol

SSH is the abbreviation for secure Shell, which is developed by the IETF Network Working Group, and SSH is a security protocol based on the application layer. SSH is currently a more reliable protocol that provides security for Telnet sessions and other network services. The use of SSH protocol can effectively prevent the information leakage in the remote management process. SSH was originally a program on a UNIX system, and later expanded quickly to other operating platforms. SSH can compensate for vulnerabilities in the network when it is used correctly. The SSH client is available on a variety of platforms. Almost all UNIX platforms-including HP-UX, Linux, AIX, Solaris, Digital UNIX, Irix, and other platforms-can run SSH.

2. Manage remote servers via SSH

Through the SSH protocol, the user can access and use the remote Linux server through the terminal, SSH port is 22. However, you must enter a password each time you connect. If you manage several to more than 10 clusters, that can be dealt with. If the cluster increases by hundreds of, thousands of units. It is not convenient to use SSH to manage them. So is there a simpler way to SSH? Yes, in a Linux cluster, a management machine manages other remote Linux servers via SSH, a method known as SSH key authentication Management Server. Principles such as:

3, the server Deployment and Division

Management machine: 172.16.1.61 M01

Server for NFS: 172.16.1.31 nfs01

Web server: 172.16.1.8 web01

4, first check whether the management machine and SSH on the computer is installed and enabled

Management Machine M01:

Server for NFS Nfs01:

Web server WEB01:

4. First create a key pair on the M01 server: public and private keys

[Email protected] ~]# ssh-keygen-t DSA

As shown in: Prompt for confirmation, all prompts press ENTER.

To see if the key was created successfully, after the key is generated, it is saved under/root/.ssh/, which is a hidden directory.

Where: ID_DSA is the private key, Id_dsa.pub is the public key

By the see we have created the key successfully

5. Copy the public key to all managed machines

Copy the public key to the NFS01 server, using the command Ssh-copy-id. Because I changed the SSH port of Nfs01, Port 22 changed to port 52113. So add "-P 52113". Copying to WEB01 is the same.

" - p 52113 [email protected] "

If prompted, first copy to enter the password to confirm Yes and Oldboy account.

See if the nfs01 above is copied successfully, the copied files are hidden in the Oldboy home directory. SSH under

6. Testing

A. Remote execution of commands on NFS01 on M01

52113 [email protected]172.16. 1.31 " /sbin/ifconfig eth0 "

B. copy files from M01 to Nfs01

See if you copied the past on the NFS01

7. Summary

A.ssh The key is created, the public key is sent to each managed server.

B. Except for the first time the public key is sent, a password is required, and the password is no longer required by other remote operations.

In addition: Each connection to a new server to manually confirm and enter the password, it is not common trouble. Is there a way to manually confirm and enter the password? Yes, that's the expect program.

About expect please see my next blog post.

SSH key authentication for Linux