0. Description
When you use SSH to log in to a remote server, you need to use the input password, hoping that you can implement a key login and exempt from entering the password, so you can be ready to implement the batch automatic deployment host later.
The environment is as follows:
|
IP Address |
Operating system |
Server-side |
10.0.0.128/24 |
CentOS 6.5 x86 |
Client |
10.0.0.129/24 |
Ubuntu 16.04 x86 |
1. Client-generated key pair
To generate a key pair:
[Email protected]:~$ ssh-keygen -t rsa -b 2048generating public/private rsa key pair. enter file in which to save the key (/HOME/XPLEAF/.SSH/ID_RSA): created directory '/home/xpleaf/.ssh '. enter passphrase (empty for no passphrase): enter same passphrase again: your identification has been saved in /home/xpleaf/.ssh/id_rsa . Your public key has been saved in /home/xpleaf/.ssh/id_rsa.pub.the key fingerprint is:sha256:elssyxjlzucfsn5mu6nqnh9db/goyxsvwbwqdnssiye [email protected]the key ' s randomart image is:+---[rsa 2048]----+| o=oo | | e .o = | | o oo o | | + = .o +. | | = so = + | | b o+ = o | | o...=. * o | |   &NBSP, .... +=.. +o o | | .o++== |+----[SHA256]-----+
To view the generated key pair:
[email protected]:~$ ls sshid_rsa id_rsa.pub# Id_rsa is a private key, this is generally confidential; Id_rsa.pub is a public key, this can be public.
2. Upload the public key to the server side
To operate with the SCP command:
[Email protected]:~$ SCP. ssh/id_rsa.pub [Email protected]:/rootthe authenticity of host ' 10.0.0.128 (10.0.0.128) ' Can ' t b E established. RSA Key fingerprint is sha256:0tpm11wruaqxyvofeb1maikewxmjt2aklwb198vrln0.are your sure you want to continue connecting (ye s/no)? yeswarning:permanently added ' 10.0.0.128 ' (RSA) to the list of known hosts. [email protected] ' s password:id_rsa.pub 100% 393 0.4kb/s 00:00
3. Server-side operation
Add the public key from the client to the. Ssh/authorized_keys:
[email protected] ~]# cat id_rsa.pub >>. Ssh/authorized_keys[[email protected] ~]# chmod ssh/authorized_keys# The Authorized_keys permission needs to be 600
To modify the SSH configuration file/etc/ssh/sshd_config, locate the following line:
Pubkeyauthentication No
Modified to:
Pubkeyauthentication Yes
4. Testing
Log on to the server using the key on the client:
[Email protected]:~$ ssh-i ssh/id_rsa [email protected]last login:tue May 9 15:14:01 from 10.0.0.129[[email prote CTED] ~]#
5. Precautions
In the server side need to turn selinux off, or finally can not use the key for remote login;
When the client uses the SCP command, it also needs to install the SSH client on the server side, otherwise it can not upload the public key to the server side, or use Ssh-copy-id [email protected] To replace the SCP operation (so that the server side does not need to execute the Create. SSH directory, etc., which is equivalent to the command can help us complete the key upload and configuration work);
This article is from the "fragrant fluttering leaves" blog, please make sure to keep this source http://xpleaf.blog.51cto.com/9315560/1924771
SSH password-free login remote server on Linux