SSH password-free login remote server on Linux

0. Description

When you use SSH to log in to a remote server, you need to use the input password, hoping that you can implement a key login and exempt from entering the password, so you can be ready to implement the batch automatic deployment host later.

The environment is as follows:

	IP Address	Operating system
Server-side	10.0.0.128/24	CentOS 6.5 x86
Client	10.0.0.129/24	Ubuntu 16.04 x86

1. Client-generated key pair

To generate a key pair:

[Email protected]:~$ ssh-keygen -t rsa -b 2048generating public/private  rsa key pair. enter file in which to save the key  (/HOME/XPLEAF/.SSH/ID_RSA):  created directory  '/home/xpleaf/.ssh '. enter passphrase  (empty for no passphrase):  enter same passphrase  again: your identification has been saved in /home/xpleaf/.ssh/id_rsa . Your public key has been saved in /home/xpleaf/.ssh/id_rsa.pub.the key  fingerprint is:sha256:elssyxjlzucfsn5mu6nqnh9db/goyxsvwbwqdnssiye [email protected]the  key ' s randomart image is:+---[rsa 2048]----+|          o=oo    | |         e .o =   | |       o    oo o  | |      + = .o +.   | |       = so = +   | |        b o+ = o  | |     o...=. * o   | |   &NBSP, .... +=.. +o o    | |    .o++==        |+----[SHA256]-----+

To view the generated key pair:

[email protected]:~$ ls sshid_rsa id_rsa.pub# Id_rsa is a private key, this is generally confidential; Id_rsa.pub is a public key, this can be public.

2. Upload the public key to the server side

To operate with the SCP command:

[Email protected]:~$ SCP. ssh/id_rsa.pub [Email protected]:/rootthe authenticity of host ' 10.0.0.128 (10.0.0.128) ' Can ' t b E established. RSA Key fingerprint is sha256:0tpm11wruaqxyvofeb1maikewxmjt2aklwb198vrln0.are your sure you want to continue connecting (ye s/no)? yeswarning:permanently added ' 10.0.0.128 ' (RSA) to the list of known hosts. [email protected] ' s password:id_rsa.pub 100% 393 0.4kb/s 00:00

3. Server-side operation

Add the public key from the client to the. Ssh/authorized_keys:

[email protected] ~]# cat id_rsa.pub >>. Ssh/authorized_keys[[email protected] ~]# chmod ssh/authorized_keys# The Authorized_keys permission needs to be 600

To modify the SSH configuration file/etc/ssh/sshd_config, locate the following line:

Pubkeyauthentication No

Modified to:

Pubkeyauthentication Yes

4. Testing

Log on to the server using the key on the client:

[Email protected]:~$ ssh-i ssh/id_rsa [email protected]last login:tue May 9 15:14:01 from 10.0.0.129[[email prote CTED] ~]#

5. Precautions

• In the server side need to turn selinux off, or finally can not use the key for remote login;

• When the client uses the SCP command, it also needs to install the SSH client on the server side, otherwise it can not upload the public key to the server side, or use Ssh-copy-id [email protected] To replace the SCP operation (so that the server side does not need to execute the Create. SSH directory, etc., which is equivalent to the command can help us complete the key upload and configuration work);

This article is from the "fragrant fluttering leaves" blog, please make sure to keep this source http://xpleaf.blog.51cto.com/9315560/1924771

SSH password-free login remote server on Linux