The following steps take the root user as an example. The owner of the script execution takes the same steps as the actual application.
1.Log On As root from A and B respectively and run ssh-keygen to create A directory in/root. ssh and generate the dsa key pair. Press ENTER twice when passphase is prompted. This will generate/root/. ssh/id_dsa and/root/. ssh/id_dsa.pub.
Ssh-keygen-t dsa output: Generating public/private dsa key pair.
Enter file in which to save the key (/home/sj/. ssh/id_dsa ):
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/home/sj/. ssh/id_dsa.
Your public key has been saved in/home/sj/. ssh/id_dsa.pub.
The key fingerprint is:
1b: 8c: 3d: 6d: eb: e3: 10: c3: b7: c0: 68: a3: 5f: 7e: b3: 51 sj@192.168.0.1
2.Test it first. log on from A as root and enter # ssh B. A prompt of root password will be prompted.
3.Add the public key of a to the. ssh/authorized_keys file of B. If the authorized_keys file does not exist, copy the Public Key directly. For example:
Run scp/root/. ssh/id_dsa.pub:/root/. ssh/authorized_keys. The file name must be correct.
4.Run # ssh B from A now without the password.
Basic Principles:
If you want to SSH from user A as user user1 to user B as user user2, if you want to use RSA key pair authentication and do not need A password, then the ssh background program on user B will take out ~ User2 /. the RSA public key related to A in ssh/authorized_keys is used to challenge the ssh client program running as user1 on. copy pub to B as authorized_keys. Then A maintains the Private Key identity, And the sshd on B takes out the public key of A to challenge. Therefore, to succeed, you can add A lot of lines to authorized_keys to allow the public keys of other servers to be added.
Examples of common applications:
1. use user rootSSH on user A to user B as normal user rather than root. For security purposes, sometimes you do not need to act as root. You only need to act as normal user without A password to complete relevant work.
Log on to A as the root user. A # scp/root /. ssh/identity. pub href = "mailto: user @ B:/home/user /. ssh/authorized_keys "> user @ B:/home/user /. ssh/authorized_keys
2. tar A batch of files from A to B. A # tar cvf-/etc | (ssh B tar xvf -)
3. run cronjob on A, modify A file, and upload it to B0 1 *** cat/etc/shadow | awk-F: '{print $1 ": "$2} '| (ssh B' cat>/home/passwd ')
FAQs:
1. This SSH method requires the direct root login (PermitRootLoginyes) allowed in sshd_config on B ).
2. I have server A and other server B, C, D. I want to switch from ASSH to these servers but not automatically. It is better to enter RSA passphase, but it is too troublesome. What should I do?
A. Enter passphase when running ssh-keygen on server.
B. log on to A and run A # ssh-agent bash.
C. Run ssh-add and passphase to enter the memory.
D. Run ssh B or SSH C or SSH D again, and the password is no longer required. You only need to enter the password pair once.
E. Enter ssh-agent-K before exiting the shell.