sometimes we need to Linux Systems transfer files between each other, the normal login system is required to enter the password, but in the automated implementation of the need to manually enter the password is more troublesome, how to achieve no password, but also to ensure the security of the system? This uses a key login.
Environment Description:
Two units Linux(CentOS 6.7) System:
Balichos 192.168.171.50
BALICHVM 192.168.171.51
1), respectively in Balichos and BALICHVM are installed openssh-clients, you can use yuminstall openssh-clients.
2), modify the/etc/hosts files on Balichos and BALICHVM respectively , add balichos and BALICHVM The corresponding IP is as follows:
192.168.171.50 Balichos
192.168.171.51 BALICHVM
3), using Ssh-keygen to generate the public and private keys, this step is operated on Balichos and BALICHVM two hosts respectively.
[email protected]. The ssh]# ssh-keygen-t RSA #-t parameter is the type of the specified encryption Rsa
Generating public/private RSA key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): # The path where the key is stored
Enter passphrase (empty for No passphrase): # does not require password login without input, direct Enter
Enter same Passphrase again:
Your identification has been saved In/root/.ssh/id_rsa. # # Private key
Your public key has been saved in/root/.ssh/id_rsa.pub. # # Public Key
The key fingerprint is:
96:09:8b:c7:ec:6a:f5:40:52:2f:d3:e3:e8:05:ed:[email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| |
| . |
| .. + |
| . +eo*o |
| . O=oso |
| o+.+ |
| o.+ |
| ... . |
| .. |
+-----------------+
[email protected]. ssh]#
just the same operation on the BALICHVM .
4), the need to log on the system to add their own public key, with their own private key as a connection. The operation is as follows:
On the balichos :
[[Email protected]~]# cd. SSH]
[Email protected]]# cp id_rsa.pub Authorized_keys
[[email protected]] #scp authorized_keys [email protected]:/root/.ssh/
On the balichvm :
[[Email protected]~]# cd. SSH]
[Email protected]]# cp id_rsa.pub Authorized_keys
[[email protected]] #scp authorized_keys [email protected]:/root/.ssh/
5), respectively in Balichos and balichvm modified . SSH and authorized_keys(600 ) of Permissions
[[Email protected]]# chmod Authorized_keys # # Edit permissions on Balichos
[[Email protected]]# chmod Authorized_keys # # Edit permissions on BALICHVM
6), respectively, modify The/etc/ssh/sshd_config configuration file in Balichos and BALICHVM as follows:
Passwordauthentication No # # # Close Password login
The following three lines are the # comments by default, and the # number is deleted.
Rsaauthenticationyes # # Open RSA authentication
Pubkeyauthenticationyes
Authorizedkeysfile. Ssh/authorized_keys # # Specify the Certified public key file
7), restart the sshd service in balichos and BALICHVM respectively .
Servicesshd restart
8) test the connection in Balichos and BALICHVM respectively .
[Email protected] ~]#
[[email protected] ~]# SSH BALICHVM # login to BALICHVM
Last Login:tue Oct 21:14:47 frombalichos
[[email protected] ~]# ssh balichos # # Login to Balichos
Last login:wed Oct 05:53:07 FROMBALICHVM
[Email protected] ~]#
Issues to be aware of:
in the user root/.ssh directory, to keep the private key Id_rsa, if there is no such file, is unable to log on to the other side of the machine;
If you need to use such as Putty,xshell login system, you need to copy the private key Id_rsa , in the user authentication to specify the private key id_rsa file, if there are many pairs of passwords, the contents of the public key inside the Authorized_keys are appended instead of overwritten.
The basic idea is that the public key is stored on the machine that needs to be connected, and the private key resides on the connected client. The private key is used for decryption.
This article is from the "Balich" blog, make sure to keep this source http://balich.blog.51cto.com/6641781/1706981
SSH requires no password connection between Linux systems