It's a bit annoying to use passwords every time you log in to a remote host, and here's a way to use SSH keys for password-free logins.
SSH key generation
ssh-keygen: This command is used to generate the key.
The following command options are commonly used:
- - t: Used to specify the key type, RSA or DSA, generally using RSA;
- - B: Specify the key length;
- - e: reads OpenSSH's private key or public key file;
- - C: Add comments;
- - F: Specifies the file name used to hold the key;
- -I: reads the unencrypted SSH-V2-compatible private key/public key file, and then displays the OpenSSH-compatible private key/public key on the standard output device;
- - L: Displays the fingerprint data of the public key file;
- - N: Provide a Xinmi language;
- - P: Provide (old) passphrase;
- - Q: Silent mode.
Demo:
ssh-keygen -t rsa -P abcdefg -f demo -C ‘just a demo key‘
The above statement, meaning: Create a secret word for ABCDEFG, annotated as just a demokey, named demo keys, there will be two files generated,demo(private key) and Demo.pub(Public key). to make a password-free login, you need to set the passphrase to null.
To deploy a public key file to a remote host
The command is as follows:
# 本地执行:# 将公钥文件上传至服务器tmp目录下scp ~/.ssh/demo.pub [email protected]:/tmp# 服务器执行:# 将公钥内容追加至authorized_keys文件中,并修改其权限为600mkdir -p ~/.sshcat /tmp/demo.pub >> ~/.ssh/authorized_keyschmod 600 ~/.ssh/authorized_keys
At this point, you can implement password-free login, command: SSH [email protected]
Local Configuration (optional)
vi ~/.ssh/config# 请求配置ServerAliveInterval 30 # 该选项表示客户端每隔30秒会向服务器发送一个请求,不执行任何操作,确保主机不会因为闲置断开连接# 主机配置,Host表示别名,HostName输入IP,User即登录用户名,IdentityFile则是上传至服务器的公钥所对应的私钥路径。Host demo-root HostName 10.211.55.5 User root IdentityFile ~/.ssh/demo
If configured above, the alias login can be implemented, eliminating the hassle of memory server IP.
Command: SSH demo-root
SSH Password-free login settings under Linux