Linux SSH without password login

One: SSH schematic diagram is:

1, is to allow two Linux machines between the use of SSH does not require a user name and password. Digital signature RSA or DSA is used to complete this operation.

2. Model Analysis

Suppose a (192.168.20.59) is a client machine, B (192.168.20.60) is the target machine;

To achieve the purpose:
A machine SSH login B machine does not need to enter a password;
Encryption mode RSA|DSA can be selected, the default DSA

Second, the specific operation process

The operation process of one-way landing (can satisfy the above purpose):
1. Log In a machine
2, Ssh-keygen-t [RSA|DSA], will generate a key file and a private key file id_rsa,id_rsa.pub or id_dsa,id_dsa.pub
3. Copy the. pub file to the. SSH directory of the B machine, and cat id_dsa.pub >> ~/.ssh/authorized_keys
4, finished, from a machine login B machine's target account, no longer need password; (direct running #ssh 192.168.20.60 )

Two-way landing operation process:

1, Ssh-keygen do password authentication can make in to the other side of the machine ssh, SCP does not use the password. The method is as follows:
2, two nodes perform the operation:#ssh-keygen-t RSA
Then all returns, with default values.

3, this generates a pair of keys, stored in the user directory ~/.ssh.
test the public key into the user directory of the other machine and copy it to ~/.ssh/authorized_keys (Operation command:#cat id_dsa.pub >> ~/.ssh/authorized_keys ).

4, set file and directory permissions: /home/hadoop home directory with Hadoop users, if it is more than one Linux, it is best to build a user name on each platform

Set Authorized_keys Permissions
$ chmod Authorized_keys
Set the. SSH directory permissions
$ chmod 700-r. SSH

5, to ensure that. ssh and Authorized_keys only the user has write permission. Otherwise, validation is not valid. (Today is the problem, looking for a long time the problem), in fact, think carefully, this is done so as not to appear system vulnerabilities.

When I visit 20.59 from 20.60, I notice the following error:

Java code

2. The authenticity of host ' 192.168.20.59 (192.168.20.59) ' can ' t be established.
4. RSA Key fingerprint is 6a:37:c0:e1:09:a4:29:8d:68:D0:CA: £º94:be:18.
6. Is you sure want to continue connecting (yes/no)? Yes
8. warning:permanently added ' 192.168.20.59 ' (RSA) to the list of known hosts.
10. Root@192.168. 20.59 ' s password:
12. Permission denied, please try again.
14. Root@192.168. 20.59 ' s password:
16. Permission denied, please try again.
18. Root@192.168. 20.59 ' s password:
20. Permission denied (Publickey,gssapi-with-mic,password). <textarea class="java" style="Display:none;"  Name="code" >the authenticity of host ' 192.168.20.59 (192.168.20.59) ' can ' t be established.
22. RSA Key fingerprint is 6a:37:c0:e1:09:a4:29:8d:68:D0:CA: £º94:be:18.
24. Is you sure want to continue connecting (yes/no)? Yes
26. warning:permanently added ' 192.168.20.59 ' (RSA) to the list of known hosts.
28. Root@192.168. 20.59 ' s password:
30. Permission denied, please try again.
32. Root@192.168. 20.59 ' s password:
34. Permission denied, please try again.
36. Root@192.168. 20.59 ' s password:
38. Permission denied (Publickey,gssapi-with-mic,password).
40. </textarea>

Iii. Summary of matters needing attention

1, File and directory permissions must not be set to chmod 777. This privilege is too large, unsafe, and digital signatures are not supported. I'm starting to figure out how to do it.

2, the generated RSA/DSA signature of the public key is for the other machine to use. This public key content is also copied to the Authorized_keys

( Note that if you have more than three Linux machines, such as hostname h1,h2,h3, the user name on each platform is Hadoop, the

/home/hadoop/.ssh/id_dsa.pub with SCP copy to a directory in a machine, write to/home/hadoop/.ssh/authorized_keys, make it a large file containing all the public keys, Then copy this file to the/home/hadoop/.ssh/authorized_keys under each Linux, and then modify the permissions to 600.

3. Access between Linux direct SSH machine IP

4, a machine generates its own RSA or DSA digital signature, the public key to the target machine, and then the target machine to set the relevant permissions (public and Authorized_keys permissions), the target machine can be generated digitally signed by the machine without password access

---------------------

Linux build trust, added to Authorized_keys, is unsuccessful; permissions issuesJune 14, 2013 digdeeply Skip to comments

Establishing trust relationships between Linux hosts
Establish a trust relationship between host A and Host B so that host a can login to host B without password ssh.

1. A host performs ssh-keygen-t Rsa-b 1024 (can also use SSH-KEYGEN-T dsa-b 1024)
2. Build. SSH directory under home directory
3. Enter the ~/.SSH directory
4. Performing a cat id_rsa.pub will show the results copied (you can also use Cat id_dsa.pub, which is generally available)
5. ~/.ssh (if not, perform Ssh-keygen generation) on Host B to enter the home directory
6. Paste the copied results into the host. The last line of the Authorized_keys file in the SSH directory
7. OK, the trust relationship was established, the implementation of SSH on host a [email protected] First execution, will prompt a confirmation, choose Yes to enter, the result does not have to input the password, login success!

There are three points to note where, if you have done the above method, or not, then compare the following three comparison:

1. The Authorized_keys file must be 600 permissions (that is,-RW ——-) or 644
2. The. SSH directory must be 700 permissions (i.e. drwx--)
3. The/home/work directory must be 755 permissions or Drwxr-xr-x

The article (3) is too pit, because the/home/user directory is 777, not 755, how can not, the trust relationship is not built, and finally the permissions of the/home/user directory changed from 777 to 755 ... >_<, what a big hole.

Linux SSH without password login