SSH login without password verification implementation

Source: Internet
Author: User
1. preparations: Check whether the SSH service and rsync service are installed. (rsync is a remote data synchronization tool that allows you to quickly synchronize files between multiple hosts through LAN/WLAN) rpm-qa | grepopensshrpm-qa | greprsync my Centos5.6 Display: www.2cto.com if no...
1. preparations: Check whether the SSH service and rsync service are installed. (rsync is a remote data synchronization tool that allows you to quickly synchronize files between multiple hosts through LAN/WLAN) rpm-qa | grep openssh rpm-qa | displays in my Centos 5.6 in grep rsync:
Run the following command to install www.2cto.com: yum install ssh yum install rsync service sshd restart to start the service.
Www.2cto.com 1. the principle of SSH password-less authentication the Master acts as the client. to implement password-less public key authentication, when connecting to the server Salve, you need to generate a key pair on the Master, including a public key and a private key, then, copy the public key to all Salve instances. When the Master node is linked to Salve through SSH, Salve generates a random number and encrypts the random number with the public key of the Master node and sends it to the Master node. After the Master receives the number of encrypted data, it decrypts it with the private key and returns the number of decrypted data to Salve. after confirming that the number of decrypted data is correct, the Master is allowed to connect. This is a public key authentication process, during which you do not need to manually enter the password, the important process is to copy the public key generated on the Master to Salve.
2. in actual operation, 3.1 The Master node implements logon to Salve without a password. 1> log on as a root user, change the SSH configuration file vi/etc/ssh/sshd_config RSAAuthentication yes # enable RSA authentication PubkeyAuthentication yes # enable the public key/private key pair authentication method AuthorizedKeysFile. ssh/authorized_keys # restart the SSH service through the public key file path: service sshd restart
Www.2cto.com 2> log on to su-hadoop ssh-keygen-t rsa as a new hadoop user to generate a key file. all files are generated by default, after the key file is generated, the default storage location is/home/hadoop (your user name )/. ssh to view the generated File: ll. the two ssh key pairs add id_rsa.pub to the authorization key: cat id_rsa.pub> authorized_keys to modify authorized_keys permissions, password is still required for SSH) chmod 600 authorized_keys check whether the local machine can be SSH without password logon: ssh localhost OK, the above shows that the local machine logon is successful. The next step is to copy the Master's public key id_rsa.pub to Salve and add it to the authorized key. Scp ~ /. Ssh/id_rsa.pub hadoop@192.168.171.133 :~ /Because no authentication has been added for the first login, this time the user will still be prompted to enter the password to log on to the Salve node as hadoop (note that the ssh configuration should be modified as root according to previous comments, in the same way as above) confirm that the file exists if it does not exist. create a folder by using ssh. ssh, and change the permission to 700. This step is very important because the default. the permission for the ssh folder is 700. you cannot create the folder manually without modifying the permission. after modifying the permission, add the id_rsa.pub to the authorized key: mkdir. ssh chmod 700. ssh cat ~ /Id_rsa.pub> ~ /. Ssh/authorized_keys: change the authorized_keys permission to 600 chmod 600 ~ /. Ssh/authorized_keys enter the Master node and check whether you can log on to the Salve node: ssh 192.168.171.20. OK. log on to Salve with no password on the Master node 3.1.2 and generate a key pair on the Savle, and added to the Master authorization to achieve mutual login without a password. Ssh-keygen-t rsa cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys scp ~ /. Ssh/id_rsa.pub hadoop@192.168.171.131 :~ /Cat ~ /Id_rsa.pub> ~ /. Ssh/authorized_keys. Note: the configuration file of www.2cto.com 1> SSH must be modified, and the file needs to be restarted after modification. 2> The authentication file must be appended with cat ~ /. Ssh/id_rsa.pub> ~ /. Ssh/authorized_keys 3> The authorized_keys file permission must be changed to 600 4>. if the ssh File is manually created, the permission must be changed to 700.
 
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.