I. Implementation Principle
Use a public/private key authentication method for ssh login. The following is a simple explanation of the "Public/Private Key" authentication method:
First, create a pair of public and private keys on the client (Public Key File :~ /. Ssh/id_rsa.pub; private key file :~ /. Ssh/id_rsa), and then put the public key on the server (~ /. Ssh/authorized_keys) and keep the private key. During ssh Login, the ssh program will send a private key to match the public key on the server. If the match is successful, you can log on.
Ii. experiment environment
A machine: TS-DEV/10.0.0.163
Machine B: CS-DEV/10.0.0.188
Iii. Build trust on Linux/Unix dual-host
3.1 generate A certificate on server
Run the ssh-keygen command under the root user of machine A and press enter to generate A certificate that establishes A security trust relationship.
# Ssh-keygen-t rsa
Note:When the program prompts you to enter passphrase, enter the carriage return, indicating no certificate password.
The above command generates the Private Key Certificate id_rsa and Public Key Certificate id_rsa.pub, which are stored in the. ssh subdirectory of the user's home directory.
3.2 view ~ /. Ssh key generation File
# Cd ~ /. Ssh
# Ll
3.3 A establishes A trust relationship with B
Copy the Public Key Certificate id_rsa.pub to the. ssh subdirectory of the root home directory of machine B, and change the file name to authorized_keys. Enter the root user password of machine B (no trust relationship has been established ). After the trust relationship between the client and the server is established, the client can copy data from the server without entering the password.
# Scp-r id_rsa.pub 10.0.0.188:/root/. ssh/authorized_keys
3.4 B establishes A trust relationship with
Perform the same operation on machine B to establish B's trust in.
# Ssh-keygen-t rsa
# Cd ~ /. Ssh/
# Ll
# Scp-r id_rsa.pub 10.0.0.163:/root/. ssh/authorized_keys
Iv. Test
On host:
# Scp-r 10201_database_linux_x86_64.cpio 10.0.0.188:/tmp/david/
On Machine B:
The dual-host trust relationship has been established!
Note:If you want both B and C to enable scp to transmit data in A without entering the password;
The public keys of B and C should be given to;
Operation Procedure: copy the data in id_rsa.pub of the two machines to the/root/. ssh/authorized_keys file of A. One line indicates one.